As I wrote a few weeks ago, everyone has their strengths. I know that managing the details is not one of mine. In fact I can’t stand it, which is very clear as we prepare for our oldest daughter’s Bat Mitzvah this weekend. It’s a right of passage signaling the beginning of adulthood. I actually view it as the beginning of the transformation to adulthood, which is a good way to look at it because many folks never complete that transition – at least judging from the way they behave.

Coming back to the topic at hand, the sheer number of details to manage between the Friday night dinner, refreshments after the Friday service, the luncheon after the Saturday ceremony, the big party we’re throwing Saturday night, and the brunch on Sunday, are crazy. The Boss has mostly done nothing besides manage all those details for the past 6 months, and was immersed in the process for the year before that. I am thankful she shielded me from having to do much, besides lug some things from place to place and write a few (okay – a lot) of checks. We have many great friends who have helped out, and without them we would have been sunk.

So many things have to be decided that you don’t even think about. Take lighting, for instance. Who cares about the lights? No one, unless the place is either too dark or too light. The proximity of the tables to the speakers? Yup, that needs to be managed because some folks have sensitive ears and can’t be too close to the dance floor. Who knew? The color of the tablecloths is important – it needs to match the seat covers and napkins. The one detail I did get involved in was the liquor. You can bet I was going to have a say in what kind of booze we had for the party. That’s a detail I can get my arms around. And I did. There will be Guinness. And it will be good.

When we first went through the plans and the budget I was resistant. It’s hard to fathom spending the GNP of a small nation in one night. But as we get closer, I’m glad we are making a huge event. It’s very very rare that we get together with most of the people we care about to celebrate such a happy occasion. I can (and will) make more money, but I don’t know how many more opportunities I’ll have to share such happiness with my parents and in-laws.

So I will enjoy this weekend. I’m not going to think about what it costs or how many webcasts I had to do to pay for it. I will be thankful that we are in a position where we can throw a big party to celebrate the fact that XX1 is growing up. I am going to appreciate all the work she put in to get ready to lead the services on Friday and Saturday. She has probably put in another 10-15 hours a week in preparation, on top of her schoolwork and rigorous dance schedule. She hasn’t slept much the past few weeks.

It’s important that I savor the experience. I have been bad at that in the past. I will talk to all the people who traveled great distances to celebrate with us, and who I don’t get to see often. I’m going to smile. A lot. And lastly, I will follow Alan Shimel’s advice to not get so drunk I need to watch the video to remember what happened at the party. That’s probably the best piece of advice anyone could have given me.

You don’t get many chances to see your baby girl in the spotlight. You might as well remember it.

–Mike

Photo credit: “Whiteboard of the now: The To-Do list” originally uploaded by Jenica

Heavy Research

We are back at work on a variety of blog series, so here is a list of the research currently underway. Remember you can get our Heavy Feed via RSS, where you can get all our content in its unabridged glory. And you can get all our research papers too.

Security Awareness Training Evolution

Executive Guide to Network Security Management

Defending Against Application Denial of Service

Newly Published Papers

Incite 4 U

  1. Stories make the point: Any effective communicator is a storyteller. People understand stories. Folks can find applicability to whatever situation they are in through a carefully crafted fable or analogy. When trying to create urgency for something as obscure as a malware attack (It does what? Why do I care about that?), it helps to have a way to relate it to non-security folks. The Analogies Project is a new initiative aiming to assemble a library of analogies about security that anyone can use to make specific points. I haven’t read them all, but a few were pretty good. Those of us in the business for a long time, and who communicate for a living, have a ton of stories from our travels through over years. But for those of you who don’t, there is bound to be an analogy that will resonate with the person you are trying to persuade. Check it out. – MR
  2. Who are you? Adrian and I have both been talking about different aspects of identity management in the cloud lately. Why should you care? Because if you don’t adopt some sort of federated identity option your life will be a screaming poopstorm of pain until the end of time. No, I’m not exaggerating. I can barely manage a dozen employee accounts on a handful of cloud services without cloud IAM – I cannot imagine managing it by hand in a larger organization. Ericka Chickowski has a decent overview over at Dark Reading. The key is to get something simple that connects into your directory server and gives you a pretty portal to manage it all, and supports a poop-ton of cloud services (can you tell I have a toddler and a pre-schooler?) You don’t need to get too fancy – just find a workhorse that keeps you from having to program your own SAML. – RM
  3. VM PMs pay attention: It’s tough to be a product manager in a technology company. Sales wants you to add features to close deals. Then they need you to actually explain what your product does to a customer. And engineering doesn’t believe you when you bring requirements back from the field. You are responsible for the success of your product, but not empowered to change it. That’s a whole lot of fun. But every so often a user of the technology gives you exactly what you need to clearly and crisply explain a new feature that could be helpful. Mubix explains why he (as a penetration tester) needs the ability to add information to a client’s VM report, thereby providing context and urgency for a specific vulnerability. By the way, this capability would be useful to auditors as well. Of course there are RBAC requirements (to make sure the pen tester can only edit certain fields), but overall this is the kind of feature request that makes a product manager’s job easy. Okay – perhaps not easy, but less miserable. – MR
  4. Numbered Windows: We all know that Microsoft Windows has a bit of a malware problem, and that different versions are affected differently. But more often than not the only numbers we see are how many viruses are out there, or how many infect computers. I find those mostly useless for making an informed risk decision. You might be able to compare infection rates of XP and more recent versions, if you can find them, and use that to prod management into upgrading. Microsoft itself releases some good information in its ongoing Security Intelligence Report. I like this report better than most threat reports because the team tends to be less focused on hype, and more on providing actionable intelligence (not perfect, but better). This time they added a new metric called the “encounter rate”. This is the number of times a given version of Windows saw malware, and you can compare it to the infection rate. Very useful, even if it is partially designed to promote their own anti-malware tools. – RM
  5. What’s 38 million identities between friends? Brian Krebs strikes again, showing that the Adobe breach was a lot worse (from an identity theft standpoint, anyway) than previously reported or acknowledged by Adobe. It turns out they lost over 38 million credentials, and Photoshop source code may also have been stolen. As an even better indicator of the challenges of truly understanding what data has been lost, Brian figured this out by finding the stuff on an external site. He likely knew what was missing before Adobe. Any way you slice it, Adobe suffered a massive data breach. Which will have very little impact on their business. Welcome to the new age. Breached companies are no longer radioactive… – MR
Share: