Incite 12/18/2013: Flow
As I sit down to write the last Incite of the year I cannot help but be retrospective. How will I remember 2013? It has been a year of ups and downs. Pretty much like every year. I set out to prove some hypotheses I had at the beginning of the year, and I did. I let some opportunities pass by and I didn’t execute on others. Pretty much like every year. I had low lows and very high highs. Pretty much like every year. I have gotten introspective over the second half of this year. And that’s been reflected in my weekly missives. It’s been a period of learning and evaluation for me. Of coming to grips with who I really am, what I like to do, and what I want to be in the next stage of my life. Of course there are no real answers to such existential questions, but it’s about learning to live in a way that is modest, sustainable, and kind. As I look back, the most important thing I have learned this year is to flow. I spent so many years fighting against myself, pushing to be in a place I wasn’t ready for, and to meet unrealistic expectations for achievement. It has been a process but I have let go of those expectations and made a concerted effort to Live Right Now. And that’s a great thing. The mental lever that flipped was actually a pretty simple analogy. It’s about being in the river. Sometimes the current is slow and you just float along. You are still moving, but at an easy pace. Those are the times to look around, enjoy the scenery, and catch your breath. Because inevitably somewhere further down river you’ll hit rapids. Things accelerate and you have no choice but to keep focused on what’s right in front of you. You have to hold on, avoid the rocks, and navigate safely through. Then you look up and things calm down. You have an opportunity at that point to maybe wash up on the shore and take a rest. Or go in a different direction. But trying to slow things down in the rapids doesn’t work very well. And trying to speed things up in a slow current doesn’t work any better. Appreciate the pace and flow with it. Simple, right? It’s like being in quicksand. You can’t fight against it or you’ll sink. It’s totally unnatural, but you have to just relax and trust that your natural buoyancy will keep you afloat in the denser sand. Resist and struggle and you’ll sink. Accept the situation, don’t react abruptly or unthinkingly, and you have a chance. Yup, a lot like life. So in 2013 I have learned about the importance of flowing with my life. Appreciate the slow times and prepare for the rapids. Like everything else, easy to say but challenging to do consistently. But life seems to give us plenty of opportunities to practice. At least mine does. Onward to 2014. From the Securosis clan to yours, have a happy holiday, and the Incite will return on January 8. –Mike Photo credit: “Flow” originally uploaded by Yogendra Joshi Heavy Research We are back at work on a variety of blog series, so here is a list of the research currently underway. Remember you can get our Heavy Feed via RSS, where you can get all our content in its unabridged glory. And you can get all our research papers too. What CISOs Need to Know about Cloud Computing Adapting Security for Cloud Computing How the Cloud is Different for Security Introduction Defending Against Application Denial of Service Building Protections In Abusing Application Logic Attacking the Application Stack Newly Published Papers Security Awareness Training Evolution Firewall Management Essentials Continuous Security Monitoring API Gateways Threat Intelligence for Ecosystem Risk Management Dealing with Database Denial of Service Identity and Access Management for Cloud Services The 2014 Endpoint Security Buyer’s Guide The CISO’s Guide to Advanced Attackers Incite 4 U The two sides of predictions: It’s entertaining when Martin McKeay gets all fired up about something. Here he rails against the year end prediction machine and advises folks to just say ‘no’ to their marketing teams when asked to provide these predictions. Like that’s an option. Tech pubs need fodder to post (to drive page views) and marketing folks need press hits to keep their VPs and CEOs happy. Accept it. But here’s the deal: security practitioners need to make predictions continuously. They predict whether their controls are sufficient given the attacks they expect. Whether the skills of their people will hold up under fire. Whether that new application will end up providing easy access for adversaries into the inner sanctum of the data center. It’s true that press friendly predictions have little accountability, but the predictions of practitioners have real ramifications, pretty much every day. So I agree with Martin that those year-end predictions are useless. But prediction is a key aspect of every business function, including security… – MR The Most Wonderful Time of the Year: This time of year it’s really easy for me to skim security news and articles. All I need to do is skip anything with the words ‘Prediction’ or ‘Top Tips’ in the title, and I can cull 95% of the holiday reading poop-hose. But for whatever reason I was slumming on Network World and saw Top Tips for Keeping Your Data Safe on The Cloud, an article directed at the mass market rather than not corporate users. Rather than mock, in my merry mood, I’ll go one better: I can summarize this advice into one simple actionable item. If you have sensitive data that you don’t want viewed when your cloud provider is hacked, encrypt it before you send it there. Simple. Effective. And now it’s time for me to make sure I have followed my own advice: Happy Holidays! – AL Sync and you could be sunk: Cool research on the Tripwire