Interruption is death for a writer. At least it is for me. I need to get into a flow state, where I’m locked in and banging words out. With my travel schedule and the number of calls I make even when not traveling, finding enough space to get into flow has been challenging. Very challenging. And it gets frustrating. Very frustrating.

There is always some shiny object to pay attention to. A press release here. A tweet fight there. Working the agenda for a trip two weeks from now. Or something else that would qualify as ‘work’, but not work.

Then achiever’s anxiety kicks in. The blog posts that get pushed back day after day, and the conflicts with projects needing to get started. I have things to do, but they don’t seem to get done. Not the writing stuff anyway. It’s a focus thing. More accurately a lack of focus thing. Most of the time I indulge my need to read NFL stories or do some ‘research’. Or even just to think big thoughts for a little while.

But at some point I need to write. That is a big part of the business, and stuff needs to get done. So I am searching for new ways to do that. I shut down email. That helps a bit. I don’t answer the phone and don’t check Twitter. That helps too. Maybe I will try a new writing app that basically shuts down all the other apps. Maybe that will help ease the crush of the overwhelming to-do list.

Of course my logical mind knows you just start writing. That I need to stop with the excuses and just write. I know the first draft is going to be crap, especially if it’s not flowing. I know that the inbound emails can wait a few hours. I know my Twitter timeline will be there after the post is live on the site. Yet my logical mind loses, as I just stare at the screen for a few more minutes. Then check email and Twitter. Again.

Oy. Then I go into my pipeline tracker and start running numbers for the impact of not writing on my wallet. That helps. Until it doesn’t. We have had a good year, so the monkey brain wonders whether it’s not really a bad idea to just sandbag some of the projects and get 2015 off to a roaring start. But I still need to write.

Then at some point, I just write. The excuses fall away. The words start to flow, and even make some sense. I get laser focused on the research that needs to get done, and it gets done. The blog fills up with stuff, and balance is restored to my universe. And I resign myself to just carrying around my iPad when I really need to write, because it’s harder to multi-task on that platform.

I’ll get there. It’ll just take a little focus.


Photo credit: “Focus” originally uploaded by Michael Dales

The fine folks at the RSA Conference posted the talk Jennifer Minella and I did on mindfulness at the conference this year. You can check it out on YouTube. Take an hour and check it out. Your emails, alerts and Twitter timeline will be there when you get back.

Securosis Firestarter

Have you checked out our new video podcast? Rich, Adrian, and Mike get into a Google Hangout and.. hang out. We talk a bit about security as well. We try to keep these to 15 minutes or less, and usually fail.

Heavy Research

We are back at work on a variety of blog series, so here is a list of the research currently underway. Remember you can get our Heavy Feed via RSS, with our content in all its unabridged glory. And you can get all our research papers too.

Network Security Gateway Evolution

Monitoring the Hybrid Cloud: Evolving to the CloudSOC

Building an Enterprise Application Security Program

Security and Privacy on the Encrypted Network

Newly Published Papers

Incite 4 U

  1. Master of the Obvious: Cloud Edition: On my way to the re:Invent conference I read the subhead of a FUD-tastic eWeek article: IT Losing the Battle for Security in the Cloud, which is “More than two-thirds of respondents to a Ponemon Institute survey say it’s more difficult to protect sensitive data in the cloud using conventional security practices.” Um. This is news? The cloud is different! So if you want to secure it you need to do so differently. The survey really shows that most folks have no idea what they are talking about, expected in the early adoption phase of any technology. It is not actually necessarily harder to protect resources in the cloud. I just laugh and then cry a bit, as I realize the amount of education required for folks to understand how to do things in the cloud. I guess that is opportunity for guys like us, so I won’t cry too long… – MR
  2. Here we go again: There are a half dozen tokenization working groups proposing standards by my count. Each has vagueness baked into its published specification – many intentionally, I suspect. There are issues the internal steering groups can’t agree upon, issues they want to let the market settle before they commit, and still other issues they simply did not think about. Eduard Kovaks at SecurityWeek offers a good overview on current tokenization issues for the payment space – including re-usable tokens (or not), where original PAN data may be stored, and whether “cryptographically reversible” tokens (not actual tokens – really encrypted data) should be accepted. A technology as simple and easy to understand as tokenization is entering another phase of debate, largely because many firms see having their fiefdoms threatened by change to the insecure payment status quo – so they propose something that doesn’t actually satisfy the goal: not to surrender a consumer credit card to a merchant. – AL
  3. FinServ productizes threat intel: The financial services industry has been at the forefront of information security for years. I guess when an industry is such a large target they didn’t really have a choice. The FinServ folks have also been aggressive about sharing information because they know attackers use the same methods against multiple banks. Now the FS-ISAC (FinServ’s main security information sharing group) has built a technology platform to facilitate information sharing called Soltra Edge. It is (yet another) offering for threat intel… because there weren’t any in the market already, apparently. Will it work and gain traction? Who knows? I do know that being in the software business is quite a bit different than running an information sharing group, but more structured sharing of information is generally a good thing. – MR
  4. Just call, baby: During each of the last two Christmas seasons I have noticed small charges on my credit cards. When I called the bank they explained they were seeing those charges across a wide number of cards (a rare admission!) and re-issued the card – assuming it was compromised. And it’s getting close to that time of year again, when you use your credit card so many times you can’t really remember what you spent. Bill Brenner has a very good list of tips for Online Holiday Spending to make sure someone does not sneak charges onto your account. It is the list same I would have created last week – these are good basic tips to follow. But after this Sunday I have another tip: call the merchant! On the phone. I know that seems so… 1995… but it works. Two sites I was using had issues getting credit card payments to process from the web, so I emailed, and they called me back! On Sunday. Both firms had people working to help with orders. Each took my order and processed the payment, and it actually happened faster than I could have done it online. And one of those firms accepts user credentials without SSL, so the phone was much safer. – AL