Phoenix can be a wild place for weather. We don’t get much rain, but when we do it often arrives with fearsome vengeance. When I first moved down here I thought “monsoon season” was just a local colloquialism to make Phoenicians think they were all tough or something. I mean, surely the weather here couldn’t rival what I was used to in Colorado, where occasional 100mph gusts are called ‘invigorating’ rather than ‘tornadoes’ – tornadoes go in circles.

The last 7 years have educated me.

The winds out here aren’t as consistently powerful as those in Colorado. No catabolic winds screaming down the mountains. The storms are tamer and less frequent.

Therein lies the problem.

Storms in the desert, especially during monsoon season, are as arbitrary as my cat. The bitchy one, not the nice one. The weather sits here calmly humming away at a nice 107F with a mild breeze, and then come evening storms roll in. No, not one big storm that hits the metro area, but these tiny little thunderstorms that slam a few square miles like a dainty little hammer.

Except when it’s the big one.

Friday night it looked a little stormy out but I didn’t think much about it. With a 5-month-old messing with our sleep I take full advantage of any opportunity for rest I can snag. I went to bed around 9pm.

At 5:40am our four-year-old woke us up.

“Daddy, a tree fell on my little house”.

Having worked many a night shift in the firehouse, I normally wake up pretty cognizant of my surroundings, but this one threw me.

“Garrr…. huh?”

That’s when my wife, who went to sleep an hour after me, informed me that a tree might have fallen in our yard.

This is what I saw.

For perspective, that is the biggest tree in our yard – the one that shades everything. An hour after the landscapers started clearing it out.

Storms in Phoenix are intense for very short periods of time, and are arbitrary and dispersed enough that the landscape doesn’t necessarily adjust. The ground doesn’t absorb water, many native plants and trees don’t have deep roots, and microbursts destroy as randomly as our four-year-old.

I called our landscapers early and they cleared it. We’ll get a replacement in, but will have to spend a couple years wearing pants in the yard so we don’t scare the neighbors. Which sucks. The wind didn’t merely uproot the tree – it literally snapped it clean off two of the three roots that held tight in the hard-packed dirt.

I was depressed, but life goes on. Another storm hit on Sunday, missing our yard but flooding my in-laws’ neighborhood so bad they couldn’t drive down the street. It was less than a localized inch of rain, but a mere half-inch or less, landing on hard-pack, funneled into a few culverts, is a serious volume of water. Flash flooding FTW.

Our kid’s playhouse survived surprisingly well. If I ever move to Oklahoma I’m totally building my house out of pink injection-molded plastic. That stuff will survive the heat death of the universe.

On to the Summary:

Webcasts, Podcasts, Outside Writing, and Conferences

Favorite Securosis Posts

Other Securosis Posts

Favorite Outside Posts

Research Reports and Presentations

Top News and Posts

Blog Comment of the Week

This week’s best comment goes to John, in response to Continuous Security Monitoring: The Attack Use Case.

Sometimes I forget about the Securosis blog, and then when I rediscover it, there’s a great series of posts like this one.

There are two things that jump out at me here. The first post started by knocking the ‘get ahead of the threat’ strategy, but at the conclusion of this post we’re back to what I would characterize as ‘get ahead of the threat’ actions, like fixing vulnerable hosts and addressing insecure configurations. Are these kind of attack surface shrinking activities part of the “protective controls that have been proven over and over again to be ineffective,” or are they something else?

The second thing that caught my attention was the collection of data sources, which is a nice, concise list. One of the challenges I see many organizations facing is that there isn’t an effective ‘CSM aggregation point’ for these data sources, let alone the others that may be available to specific organizations. Maybe this is coming in the next post, but guidance around not only how to automate the data aggregation, but also how to avoid the problem of ‘aggregation as success’ would be great to see.