As mentioned last week, I’ve been mired in the twins’ baseball/softball playoffs the past 2 weeks. That ended Saturday, with the Rothman clan going 1-1 in championship games. XX2’s team lost a close game and took the runner-up trophy. The Boy’s team eked out a win after dominating the league most of the year to take home the victory. It’s funny, you’d think there would be angst and disappointment coming from the girl, and happiness emanating from the boy. But that wasn’t exactly the case.

Decorating a book shelf near you for the next 20 years...Both reacted pretty similarly: they loved their trophies and were a little disappointed the season was over, so they won’t be playing any more. I get that they are only 7, and the very American need to win hasn’t yet taken root. And I hope it never does. Both teams made it to the championship game, so they got extra trophies. The Boy’s championship trophy had maybe 3 inches on the runner-up trophy. But they were both very proud to get the extra hardware, and so were we.

It’s funny – both games went down to the wire. Both were somewhat impacted by poor officiating. And both games had parents or coaches (or both) in an uproar about mistakes made by 14-15 year-old kids making about $15 per game to umpire. The kids couldn’t care less. Sure they had a little trouble understanding why they were called out or why a run was allowed to score when it didn’t make sense. But they got over it within seconds. Some parents were still stewing two innings later.

Part of me feels like I’m getting soft, and that focusing on just doing well, as opposed to winning and beating the competition, will hurt my kids later on. Plenty of kids are being trained by their folks to step on the throat. Maybe those kids will win the game of life, whatever that means. I just know how unsatisfied my quest for victory left me. And it wasn’t like my parents pushed me to win at all costs. I was born with that drive and have had to spend years slowly retraining myself to focus less on winning and more on doing what I love, which will likely always be a work in progress.

So far it seems my kids are happy to focus on the trophy and not the win. Maybe that will change and then I’ll have a decision to make. Do I discourage that behavior? I’m not sure, but I doubt I would actively interfere with their desire to win. I had to learn the lesson myself the hard way, and I suspect my kids will likewise need to figure it out themselves. I am not bashful about sharing my experiences, so when they ask I’ll provide my opinion. But ultimately they’ve got to figure out whether the trophy will be enough.

Photo credits: “Trophies” originally uploaded by TexKap

Incite 4 U

  1. Are devices or (lack of) performance killing AV? I’ll preface this entire discussion with the disclaimer that the rumors of AV’s demise are wildly premature. But we in the know all understand that AV isn’t the way to deal with today’s threats. Which is why I chuckled when I read about how Google’s Chromebook may finally kill AV. Ha! Unless some smart Google engineer has figured out how to stop corporate inertia in their 20% unstructured time, or to remove AV from all the compliance mandates, I don’t see Chromebooks killing off AV. To be clear the Chromebook is more a mobile device than a conventional computer. And if they allow plug-ins or other persistent software to run (and I don’t know how they could avoid it), malicious code will still threaten to them. But like iOS devices and even Android (to a point), it’s tough to do this in a weaponized, self-propagating fashion. So it gets back to a point we have been making for quite a while. The issues arising from the increasing mobility and consumerization of the workforce are more system and device management issues than security issues. – MR
  2. Lasso the SaaSo: Many organizations want to move various operations to SaaS providers, but balk both at the complexity of managing users and at giving up control of their data. We see two types of solutions appear. Some help manage user credentials and integrate accounts with internal directories, and others are inline proxies to encrypt/tokenize data or limit functionality. Hoff talks a bit about VMware’s move into this area. I suspect the money is on the user management side, and have very mixed feelings on the data protection/encryption products. Sure, you can encrypt customer info and store the token or encrypted value in, but the more data you block from processing the less useful it is. And these things are inline proxies which reduce mobility. Back to the VPN, everyone! Seems like the sort of thing people will buy and discard. – RM
  3. Compliance Rolling: I got a kick out of Dejan Kosutic’s Management’s view of information security – he captures the essence of the issue. It’s just that his clean prose presents a politically correct version that misses the semi-hostile management displeasure for anything security. Kinda like your defeated resolve when finding you have an incurable disease. In management discussions, I find “Is it really necessary?” really means something more like “Are you sure legal said there was no loophole?” I translate “Does it fit into our company strategy?” to “If we can’t get rid of it, then let’s market it as an advantage.” And I hear “How can we decrease costs?” as “Where can we cut corners and still be compliant?” He’s right that management does not want to invest in security, and Dejan has the right discussion points, but the language is never this civil. It’s more like wrestling with a hostile adversary. – AL
  4. There is no answer (singular): I sat in on my friend Ron Woerner’s leadership presentation at Secure360 last week, and it was great. Ron is a professor of information security at Bellevue University and the evolution of his teaching skills is remarkable. I was pretty content to just sit and listen, but at one point I had to make a point about tailoring your tactics to whoever you are trying to lead, influence, or teach. LonerVamp hit on the same issue in the educational context. One of the things I’ve screwed up when managing teams was to assume everyone was like me and wanted to be managed like I do (not much at all). But there is no one size fits all leadership or management approach. You need to adapt your approach to the person. So no matter what the latest book says, it always comes back to the people. Forget that and you’ll be working by yourself (like some folks I know). Or you can choose to work alone – like other folks I know. – MR
  5. Fight the Power: With the public face of Anonymous leaving the group (Isn’t a public face of an anonymous group an oxymoron?) and the Sony hacks in the news, I thought this Are You Anonymous quiz was perfectly timed. I have to admit I only got 4 questions right – apparently I need to pay closer attention to what’s going on. But what struck me about this condensed history of Anonymous events is that the responses are more outrageous than the attacks. Love ‘em or hate ‘em (or both!), Anonymous is having an impact on our culture. The generation gap over digital rights is growing. We used to think computers were the end of social interaction – then we got social media. We talk a lot here about the total loss of privacy on the Internet and reality distortion fields created by media marketing, but there’s a real argument that Anonymous is spotlighting the legitimate need for protecting user rights online. It’s civil disobedience through hacking, and it’s working. – AL
  6. Because I can’t help myself: There are many interesting technology problems in the world. Virtualization, quantum computing, private space travel, keeping hackers out of the PlayStation Network, and tracking endangered squirrels. That’s right, you heard me – the Air Force has a contract out to develop a system to track Mojave ground squirrels. Having run a Halloween party called “Evilsquirrel” since the mid-1990’s, and as the owner of Evilsquirrel Enterprises (a real company with a bank account and everything), I’m not sure I can promote the continued tolerance for these evil little invaders who cause far more power outages on an annual basis than any SCADA hackers. I suspect they have been buying off politicians or something. You were warned here first. (No, this has nothing to do with security, but I’m really busy and behind on my reading.) – RM
  7. Duke Nukem first, ask questions later: Imagine, if you will, losing your laptop bag while you are on the road. You find out where your machine is through some cool technology (Prey) and some good samaritans show up and get your machine back. Tall tale? Not so much, this really happened and it shows the power of community and that there are still some good people left in the world. OK, there are a lot of good people around, but not many would risk a physical confrontation on behalf of someone they don’t even know. That said, even with tracking technology, don’t assume Batman will come to your (laptop’s) rescue. Make sure you can wipe the device remotely. Make sure a brute force attack (to gain login access) results in wiping the machine. Make sure the disk is encrypted and have clear triggers for when you need to disclose the device loss. Most security folks would have instantly wiped the machine because we understand that it sucks to lose a $2-3K device you love but that pales in comparison to the value of the data. So the right answer is to nuke first and ask questions later. – MR