Summary: BoulderBy Rich
Well, I did it. I survived over 6 months of weekly travel (the reason I haven’t been writing much). Even the one where the client was worried I was going to collapse due to flu in the conference room, and the two trips that started with me vomiting at home the morning I had to head to the airport.
But for every challenge, there is a reward, and I am enjoying mine right now. No, not the financial benefits (actually those don’t suck either), but I ‘won’ a month without travel back in my home town of Boulder.
I am sure I have written about Boulder before. I moved here when I was 18 and stayed for 15+ years, until I met my wife and moved to Phoenix (to be closer to family because kids). Phoenix isn’t bad, but Boulder is home (I grew up in Jersey but the skiing and rock climbing there are marginal).
My goal for this month is to NOT TRAVEL, spend time with the family, and work at a relaxed pace. So far, so good. Heavy travel is hard on kids, especially young kids, and they are really enjoying knowing that when I walk out the door for ‘work’ and hop on my bicycle, I will be back at the end of the day.
Boulder has changed since I left in 2006, but I suspect I have changed more. Three kids will do that to you. But after I ignore the massive real estate prices, proliferation of snooty restaurants, and increase in number of sports cars (still outnumbered by Subarus), it’s hard to complain about my home town doing so well. One unexpected change is the massive proliferation of startups and the resulting tech communities.
I lived and worked here during the dot com boom, and while Boulder did okay, what I see now is a whole new level. I can’t walk into a coffee shop or lunch spot without overhearing discussions on the merits of various Jenkins plugins or improving metrics for online marketing campaigns. The offices that stood vacant after the loss of Access Graphics are now full of… well… people 10-15 years younger than me.
For an outdoor athlete with a penchant for entrepreneurship, it’s hard to find someplace better to take a month-long ‘vacation’. As I hit local meetups (including speaking at the AWS meetup on the 22nd) I am loving engaging with a supportive tech community. Which isn’t a comment on the security community, but a recognition that sometimes it is extremely valuable to engage with a group of innovation-embracing technical professionals who aren’t getting their (personal) asses kicked by criminal and government hackers by the minute.
I have always thought security professionals need to spend time outside our community. One of the ways I staved off burnout in emergency services was to have friends who weren’t cops and paramedics – I learned to compartmentalize that part of my life.
If you can, check out a local DevOps or AWS meetup. It’s fun, motivating, and they have better swag.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Mortman quoted in The 7 skills Ops pros need to succeed with DevOps.
Favorite Securosis Posts
- Adrian Lane: Incite 7/9/2014: One dollar…. One of Mike’s best all year.
- Rich: Increasing the Cost of Compromise. This is the strategy of Apple and Microsoft at the OS level, and it is paying off (despite common perception). Economics always wins. Well, except in politics.
Other Securosis Posts
- Trends in Data Centric Security: Tools.
- Open Source Development and Application Security Survey Analysis [New Paper].
- Leveraging Threat Intelligence in Incident Response/Management.
- Trends In Data Centric Security: Use Cases.
- Incite 7/2/2014 – Relativity.
- Updating the Endpoint Security Buyer’s Guide: Mobile Endpoint Security Management.
- Firestarter: G Who Shall Not Be Named.
Favorite Outside Posts
- Adrian Lane: Threat Modeling for Marketing Campaigns. Educational walkthrough of how Etsy examined fraud and what to do about it. Smart people over there…
- Rich: Ideas to Keep in Mind When Designing User Interfaces. I really enjoy user interface and experience design. Mostly because I enjoy using well-designed systems. This isn’t security specific, but is absolutely worth a read… especially for product managers.
Research Reports and Presentations
- Analysis of the 2014 Open Source Development and Application Security Survey.
- Defending Against Network-based Distributed Denial of Service Attacks.
- Reducing Attack Surface with Application Control.
- Leveraging Threat Intelligence in Security Monitoring.
- The Future of Security: The Trends and Technologies Transforming Security.
- Security Analytics with Big Data.
- Security Management 2.5: Replacing Your SIEM Yet?
- Defending Data on iOS 7.
- Eliminate Surprises with Security Assurance and Testing.
- What CISOs Need to Know about Cloud Computing.
Top News and Posts
- Specially Crafted Packet DoS Attacks, Here We Go Again.
- Vulnerabilities (fixed) in AngularJS.
- DHS Releases Hundreds of Documents on Wrong Aurora Project. As my daughter would say, “Seriously?!?”.
- Microsoft Settles With No-IP Over Malware Takedown.
- Hackers (from you know where) crack and track shipping information. A great example of a target that doesn’t realize its value.
- Researchers Disarm Microsoft’s EMET.
- Mysterious cyberattack compromises more than a thousand power plant systems. Noticing a trend here?