It is 6:44pm as I write this.

Adrian just left after we recorded our first extended Firestarter/Happy Hour.

The idea was that he would drive down, we would dial Mike in from Atlanta, talk about RSA stuff, Adrian would leave, and I would finish off work.

It was a pretty sweet plan. Right up until some semi rolled over at a major intersection near my house, shutting down both a highway and an arterial surface street. Adrian’s ride was delayed, but the beer wasn’t. My wife was also delayed because she handles daycare pickups (I do dropoffs), but the beer wasn’t.

You see where this is headed?

I had some wonderful pre-RSA things to talk about today. Mostly how I’m finding that in my hands-on research I am pushing beyond the capabilities of some products I am working with. I am asking for API calls that don’t exist and features that aren’t exposed.

And yet. So far I have been mostly able to work around these issues. Oh, your API can’t identify XYZ in AWS? No worries, I can code that up pretty quickly.

To be honest, this is really new territory for me as an analyst and as a developer. In my dev days I mostly stuck to one platform and one database, and learned the lines pretty quickly. As analysts we mostly talk to users and vendors to understand how things work – we don’t really have the resources to get hands-on with products, and even if we did, that wouldn’t reflect operational realities (which is why most magazine/whatever writeups are garbage).

But now with cloud and DevOps I can dig in and explore tools and technologies to an unprecedented degree. I am learning that some of what I’m trying is pushing the limits, and I get to figure out alternative ways of solving the random problem I picked. I won’t lie – this is a blast. Sure, it’s frustrating to hit a technical issue beyond my capabilities, but it is incredibly satisfying when I learn a significant percentage of them aren’t due to personal failures, but instead limitations of what I am working with.

As an analyst that is awesome. There is no better validation that I am on the right track than breaking things, at a fundamental level. And to be honest this is the kind of intellectual curiosity I think defines a security professional. My advantage is that I figured out how to make a living out of writing about stuff, and producing crappy code that could never withstand a production environment. No accountability? Sign me up, baby!

At this pint I should probably mention that I am 5 craft brews in, so… er…. I am not responsible for this Summary. That is all.

On to the Summary:

Webcasts, Podcasts, Outside Writing, and Conferences

Favorite Securosis Posts

Other Securosis Posts

Favorite Outside Posts

Research Reports and Presentations

Top News and Posts