Rich here.

Last weekend I ran a local half-marathon. It wasn’t my first, but I managed to cut 11 minutes off my time and set PRs (Personal Record for you couch potatoes) for both the half and a 10K. I didn’t really expect either result, especially since I was out of running for nearly a month due to a random foot injury (although I kept biking).

My times have been improving so much lately that I no longer have a good sense of my race paces. Especially b cause I have only run one 10K in the past 3 years that didn’t involve pushing about 100 lbs of kids in a jog stroller.

This isn’t bragging – I’m still pretty slow compared to ‘real’ runners. I haven’t even run a marathon yet. These improvements are all personal – not to compare myself to others.

I have a weird relationship with running (and swimming/biking). I am most definitely not a natural endurance athlete. I even have the 23andMe genetic testing results to prove it! I’ve been a sprinter my entire life. For you football fans, I could pop off a 4.5 40 in high school (but weighed 135, limiting my career). In lifting, martial arts, and other sports I always had a killer power to weight ratio but lacked endurance for the later rounds.

While I have never been a good distance runner running has always been a part of my life. Mostly to improve my conditioning for other sports, or because it was required for NROTC or other jobs. I have always had running shoes in the closet, have always gone through a pair a year, and have been in the occasional race pretty much forever. I even would keep the occasional running log or subscription to Runners World, but I always considered a marathon beyond my capabilities, and lived with mediocre times and improvements. (I swear I read Runners World for the articles, not the pictures of sports models in tight clothes).

Heck, I have even had a couple triathlon coaches over the years, and made honest attempts to improve. And I’ve raced. Every year, multiple tris, rides, and runs a year.

But then work, life, or travel would interfere. I’d stick to a plan for a bit, get a little better, and even got up to completing a half-marathon without being totally embarrassed. Eventually, always, something would break the habit.

That’s the difference now. I am not getting faster because I’m getting younger. I’m getting faster because I stick to the plan, or change the plan, and just grind it out no matter what. Injured, tired, distracted, whatever… I still work out.

This is the longest continuous (running) training block I have ever managed to sustain. It’s constant, incremental improvement. Sure, I train smart. I mix in the right workouts. Take the right rest days and adjust to move around injuries. But I. Keep. Moving. Forward. And break every PR I’ve ever set, and am now faster than I was in my 20’s for any distance over a mile.

Maybe it’s age. Maybe, despite the Legos and superhero figures on my desk I am achieving s modicum of maturity. Because I use the same philosophy in my work. Learning to program again? Make sure I code nearly every day, even if I’m wiped or don’t have the time. Writing a big paper that isn’t exciting? Write every day; grind it out. Keeping up my security knowledge? Research something new every day; even the boring stuff.

Now my life isn’t full of pain and things I hate. Quite the contrary – I may be happier than I’ve ever been. But part of that is learning to relish the grind. To know that the work pays off, even those times it isn’t as fun. Be it running, writing, or security, it always pays off. And, for some of those big races, it means pushing through real pain knowing the endorphins at the end are totally worth it.

That, and the post-race beers. Hell, even Michelob Ultra isn’t too bad after 13 miles. Runner’s high and all.

Now I need to go run a race with Mike. He’s absolutely insane for taking up running at his age (dude is ancient). Maybe we can go do the Beer Mile together. That’s the one even Lance bailed on after one lap.

On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences

I’m giving a webcast on managing SaaS security later this month for SkyHigh Networks.
Rich quoted at TechTarget on hardware security.

Favorite Securosis Posts

Mike: Firestarter: Full Toddler – The disclosure battles heat up (again) and we wonder when someone is going to change Google’s diaper…

Other Securosis Posts

Incite 1/21/2015: Making the Habit.
New Paper: Security Best Practices for Amazon Web Services.
Summary: No Surprises.
Incite 1/14/2015: Facing the Fear.
Your Risk Isn’t My Risk (Apple Thunderbolt Edition).
Friday Summary: Favorite Films of 2014 (Redux).
Incite 1/7/2014: Savoring the Moment.

Favorite Outside Posts

Mike Rothman: Question checklist for reviewing your new marketing materials…. There is so much crappy marketing out there, especially in the security industry. Every marketeer should make sure to go through Godin’s list before sending anything out to the market.
Pepper: The flood through the crack in the Great Firewall. The Iconfactory effectively DDoSed by China.
Rich: Will Sharing Cyberthreat Information Help Defend the United States? Good analysis. We can’t legislate ourselves out of the cybersecurity mess, but if all we do is bitch on Twitter, we sure won’t get anywhere. Richard is one of the few trying to really engage on the issue and help navigate the complexity.
Dave Lewis: 3 Problems With UK PM Cameron’s Crypto Proposal. Nope, it isn’t just in the US.
Rich #2: A Spy in the Machine. This is one reason consumer privacy and security, without back doors for governments is so important.

Research Reports and Presentations

Security Best Practices for Amazon Web Services.
Securing Enterprise Applications.
Secure Agile Development.
Trends in Data Centric Security White Paper.
Leveraging Threat Intelligence in Incident Response/Management.
Pragmatic WAF Management: Giving Web Apps a Fighting Chance.
The Security Pro’s Guide to Cloud File Storage and Collaboration.
The 2015 Endpoint and Mobile Security Buyer’s Guide.
Analysis of the 2014 Open Source Development and Application Security Survey.
Defending Against Network-based Distributed Denial of Service Attacks.

Top News and Posts

Apple agrees to subject products to Chinese government security audits – report
Hacker Who Leaked over a Dozen of New Madonna Tracks Got Busted
Cough up your social media password or go to jail
Oracle Releases Massive Security Update.
Twitter just launched its phone-based password killer.
Adobe Patches One Zero Day in Flash, Will Patch a Second Flaw Next Week.