Once, years ago, I made the mistake of saying the Boss didn’t work. I got that statement shoved deep into my gullet because she works harder than I do. She just works in the house. My job is relatively easy – I can work from anywhere, with clients I enjoy, doing stuff that enjoy doing. Often it doesn’t feel like work at all.

Compare that to the Boss, who has primary responsibility for the kids. That involves making sure they: get their homework done, are learning properly, have the support they need, and participate in their activities. But that’s the comparatively easy stuff and it’s not easy at all. She spends a lot more of her time managing the drama, which is ramping up for XX1 significantly as she and friends enter the tween stage. She also take very seriously her role of making sure the kids are well behaved, polite, and productive. And it shows. I’m biased, but my kids rarely do cringe-worthy stuff in public. I do have a minor hand in this stuff but she drives the ship.

And why am I writing this now? No, I didn’t say anything stupid again to end up in the dog house. I just see how she’s handling her crunch time, which is getting the kids ready for camp, while making sure they see their friends before they head off for the summer, and working around a trip up North to see my Dad. Compared to crunch time the school year is a walk in the park.

For those of you who don’t understand the misery of preparing for sleepaway camp, the camp sends a list of a zillion things you have to get. Clothes, towels, sheets, sporting equipment, creature comforts… the list is endless, and everything needs to have your kid’s name in it – if you want it to come back, anyway. Our situation is complicated because we have to ship the stuff to PA. Not only does she need to get everything, but everything needs to fit into two duffel bags. Over the years the intensity of crunch time has increased significantly.

Four years ago she only had to deal with XX1 – that was relatively easy. Then XX1 and XX2 went to camp, but it was still manageable. But last year we had all three kids in camp, and decided to take a trip to Barcelona a month before they were due to leave, and went to Orlando for the girls to dance. It was nuts. This year she is way ahead of the game. We are two weeks out and pretty much everything is bought, labeled, and arranged. It’s really just a matter of packing the bags now. The whole operation ran like a well-oiled machine this year. Bravo!

I am the first to criticize when stuff doesn’t work well, and usually the last to give credit when things work efficiently. I have already moved on to the next thing. We don’t have a 360-degree review process and we don’t pay bonuses at the end of the year in Chez Rothman. Working in our house is a thankless job. So it’s time to give credit where it’s due. But more importantly, she can now enjoy the next two weeks before the kids head off – without spending all her time buying, packing, and other stressful stuff.

And I should also bank some karma points with the Boss to use the next time I do something stupid. Which should be in 3, 2, 1…


Photo credit: “IT Task List” originally uploaded by Paul Gorbould

Heavy Research

We are back at work on a variety of blog series, so here is a list of the research currently underway. Remember you can get our Heavy Feed via RSS, where you can get all our content in its unabridged glory. And you can get all our research papers too.

Quick Wins with Website Protection Services

Network-based Malware Detection 2.0

Security Analytics with Big Data

Newly Published Papers

Incite 4 U

  1. Your professionalism offends me… Our man in Ireland, Brian Honan, brings up a third rail of sorts regarding some kind of accreditation for security folks. He rightly points out that there is no snake oil defense. But it’s not clear whether he wants folks to go to charm school or to learn decent customer skills so the bad apples don’t reflect badly on our industry. Really? Shack responds with a resounding no, but more because he’s worried about losing the individuality of the characters who do security. I don’t think we need yet another group to teach folks to wear long sleeves if they have tattoos. Believe me, if folks are worried about getting a professional security person, I’m sure one of the big accounting firms would be happy to charge them $300/hour for a n00b to show up in a suit. And some of the best customers are the ones who have bought snake oil in the past. Presumably they learned something and know what questions to ask. – MR
  2. BYOD in the real world: For the most part, the organizations I talk with these days are generally in favor of BYOD, with programs to allow at least some use of personally owned computing devices. Primarily they support mobile phones, but they expanding more quickly than most people predicted to laptops and tablets. Network World has a nice, clear article with some examples of BYOD programs in real, large organizations. These are refreshingly practical, with a focus on basic management and a minimal footprint on the devices. We’re talking ActiveSync and passcode enforcement, not those crazy virtual/work/personal swapping modes some vendors promote. I had another discussion with some enterprise managers about BYOD today and they all agreed that despite the hype, no one knows of any material examples of security compromises on mobile devices resulting in data loss. In other words, it’s safe enough, organizations have the tools they need to manage the risk, and users really like it. Go figure. – RM
  3. If the tool fits… Jim Bird’s post on 7 Agile Best Practices that You Don’t Need to Follow hit they key point that, depending upon the organization, you will find that some Agile techniques just don’t work. It’s not that they never work, but they may or may not work for your company. This usually has to do with the skills of the product manager or the scrum leader, but even your processes and engineers can determine or prevent success. For example, I found that “pair programming” cut productivity in half because the younger engineer deferred to the older one and ended up watching instead of coding. Sometimes it’s subtle variations in Agile process, sometimes it’s geographic separation of team members, and sometimes it’s cultural. Think of Agile techniques just as tools in your toolbox: you need to find out what works for you, and that varies between organizations and situations. – AL
  4. Bot intelligence is good: Microsoft is getting into the pseudo-real-time bot intelligence game with their new C-TIP offering. They will send interested parties information on compromised devices they find through their bot hunting research. As we have been saying for a while, a market for threat data developing, and it can be useful for companies that want to know what is pwned on their networks. Though I will pick a bone with that PC World reporter, who for some reason thinks it matters that Microsoft is using their cloud service to distribute the intel. Who cares? If they sent it by pony express, would that warrant a headline? But I guess ‘Cloud’ gets clicks, whether or not it’s relevant. – MR
  5. Nothing to see here: There are ‘official’ responses, and then there is reality. Officially, most companies won’t adopt cloud and big data projects because they can’t meet security, governance, and compliance challenges. Like the recent Voltage survey suggests, if you ask IT professionals they will tell you: “security concerns have kept them from starting or finishing cloud or big data projects.” But why are all these firms using Salesforce? Go ahead and ask non-senior IT people and they describe in great detail – off the record, of course – how they use big data, and how projects are evolving to the next stage! Ask marketing directly whether they use big data analytics on sensitive customer data and they say ‘no’ – after all, they don’t violate their own company policies! Officially. Wink. But ask them over beer and you get a different story. And management teams are happy because they are making better decisions on customer buying trends. Check executive expense reports and you’ll see that bill for Amazon AWS. Sure, security is a big concern for CISOs when it comes to big data and cloud. But there is a lot of “Rogue IT” despite policy. It is better to get your job done well now, and (if necessary) ask for forgiveness over breaking a few policies later. After you have spent your bonus check, that is. – AL
  6. Burnout: I haven’t had time to participate in the security burnout project, but I have great respect for it. As someone who was formerly a career paramedic, with 20 years (oh my) of active work in emergency services, burnout is something I have both witnessed and had to deal with myself. I have also received training on it, coming from a profession with (so I was told) one of the highest professional suicide rates. Mike posted on the burnout secchat I missed, and was somewhat pessimisticK0nsp1racy posted a critical response that is good, although I think it missed Mike’s point. My personal opinion is that there is echo chamber burnout – which happens when people get too wrapped up with Twitter, the ‘scene’, and other social aspects. I don’t have as much sympathy for that, and consider it manageable. But there is also true job and career burnout, which can be especially serious if tied to depression. It happens, it sucks, and as Mike said it can’t always be fixed by changing your view. The key I learned as a paramedic is that your peer support, and your ability to leave the job at the station, are key to managing burnout. And if it starts moving into depression, get help. Yeah, I’m a little bundle of joy today. – RM