Rich here.

There once was a boy from Securosis.

Who had an enormous… to do list.

With papers to write…

And much coding in sight…

It’s time to bag out and just post this.

Okay, not my best work, but the day got away from me after spending all week out in the DC area teaching cloud security for Black Hat. Thanks to a plane change I didn’t have WiFi on the way home, and lost an unexpected day of work.

Next week will likely be our last Firestarter, Summary, and Incite for the year. We will still have some posts after that, then kick back into high gear come January. 2014 was our most insane year yet, with some of the best work of our careers (okay, mine, but I think Mike and Adrian are also pretty pleased.) 2015 is already looking to give ‘14 a run for the money.

And when you run your own small business, “run for the money” is a most excellent problem to have.

Unless it involves cops. That gets awkward.

On to the Summary:

Webcasts, Podcasts, Outside Writing, and Conferences

Another quiet week. We promise to return to our media whoring soon.

Favorite Securosis Posts

  • Mike Rothman: Summary: 88 Seconds. Rich + tears. I’d need to see that to believe it. But I get it. Very emotional to share such huge parts of your own childhood with your children.
  • Rich: 3 Envelopes.

Other Securosis Posts

Favorite Outside Posts

  • Mike Rothman: Sagan’s Baloney Detection Kit. As an analyst, I make a living deciphering other folks’ baloney. Carl Sagan wrote a lot about balancing skepticism with openness, and this post on is a great summary. Though I will say sometimes I choose to believe in stuff that can’t be proven. So your baloney may be my belief system, and we shouldn’t judge either way.
  • Rich: Analyzing Ponemon Cost of Data Breach. Jay Jacobs is a true data analyst. The kind of person who deeply understands numbers and models. He basically rips the Ponemon cost of a breach number to shreds. Ponemon can do good work, but that number has always been clearly flawed, and Jay clearly illustrates why. Using numbers.

Research Reports and Presentations

Top News and Posts

Due to all the lost time this week I’m a bit low on stories, but here are some of the bigger ones.

Blog Comment of the Week

This week’s best comment goes to Ke, in response to My $500 Cloud Security Screwup.

This is happening to me… Somehow the credential file was committed in git, which is strange because it is in the .gitignore file. I saw the email from AWS and deleted the key in 30 minutes and I found my account restricted at that time. One day after, however, I found a $1k bill in my account. It is also odd that I did not receive the alert email even though I enabled an alert. I am a student and I cannot afford this money 🙁