Rich here.

A funny thing happened this week.

As I wrote on Tuesday, someone hacked my Amazon Web Services account when I accidentally left my keys in code I pushed up to GitHub. The first line of my code was,

This is a bit embarrassing to write.

I take my role as a public figure in security pretty seriously. I am thankful every day that I get to do what I do (okay, maybe not the day I was in Kiev in December trying to find a menu I could understand). As an introvert it’s weird to be out there writing and speaking in public on security every day and have people actually read and listen. And to get paid for it.

It is entirely too easy to let this go to one’s head, and I’m pretty sure any of you reading this can start counting off some of the names. In my mind I need to keep earning it every day. That means actually knowing what I’m talking about, taking security seriously, and setting an example. I expect to be hacked in the course of what I do, but I strive to avoid dumb mistakes.

You know, practice what I preach.

Well, I made a series of mistakes – I suppose I am human (or at least humanoid) after all. And I got popped. I always assume something like that will get out, so I might as well break the news myself, and spill the gory details so maybe someone can avoid screwing up like I did.

I expected some criticism, but the exact opposite happened. The overwhelming support from the community was astounding. Nobody called me an idiot, and people recognized that I’m just a dude, trying my best, and making mistakes.

Contrast this to the recent communications from Target, Snapchat, or any other company that gets breached or screws up. They try their best to cover things up, release as little information as possible, and hope people forget.

It never works. Anyone with a modicum of crisis communications training knows that silence and obfuscation sow distrust and uncertainty. This isn’t rocket science.

Coming clean was scary and initially painful, but if I expect people to trust me, I need to be open about those sorts of things. In the end, I was riding high all day on the incredible support from the community. From my community.

The real lesson? I am totally going to screw some other things up on purpose and talk about it now. I mean, it has to work again next time, right?

On to the Summary:

Webcasts, Podcasts, Outside Writing, and Conferences

Favorite Securosis Posts

Other Securosis Posts

Favorite Outside Posts

Research Reports and Presentations

Top News and Posts

Blog Comment of the Week

This week’s best comment goes to Jay, in response to Security Management 2.5: Evaluating the Incumbent.

More good stuff here and sound analysis. I think we’ve done a good job identifying where the SIEM market is or should be going. Hope you intend to provide some sort of perspective on switching costs or at least the potential payback associated with a migration to any replacement technology that incorporates all these features/requirements.