Ah, the holidays. That wonderful time of year when I struggle to attempt to explain to my children why the Christmas decorations are up before Thanksgiving. They are very adamant that Thanksgiving is first, and there really shouldn’t be Xmas decorations yet. Because I agree, and struggle to keep “Burn their houses down!” in my head rather than out loud when I drive past certain neighbors, I really can’t explain.
Which is somewhat, well, odd, because I am a bit of a Jewish atheist. I mean really, of all the people on this planet, I am fairly low on the list of ones who should be obsessing about putting up colored lights and fake trees.
But the thing is, we American Jews friggin’ love Christmas. Oh, not the religious pieces, those are quite confusing to us, but the general holiday spirit. And by “holiday spirit” I mean TV episodes, reruns of Christmas Vacation, the decorations and music, the endless catalogs that make Sky Mall look like one of those corporate 15-year anniversary gift brochures (you know, filled with demeaning lucite blocks and trashy fake jewelry to reward your many years of slavish dedication to the corporate overlords).
But back to the decorations.
My wife’s parents’ have neighbors who spent two days putting up their decorations. Actually, I need to correct myself: they spent two days watching the people they paid put up the decorations.
Not two hours. Two. Full. Days.
I will be the first to admit I have experienced a passing mental dalliance with the concept of paying someone with a much nicer ladder than me to spend an hour or two giving my home a colored LED bodyslam, but it just seems wrong. The whole idea of the holidays is to outdo your neighbors with your own sweat and blood, Clark Griswald style. To relish how your ability to run an extension cord to the second story makes you a better person. Paying someone? That’s the Lance Armstrong of Christmas.
Actually, Lance had to cheat because everyone else was – he was just better and meaner at it. Paying someone to put up your lights before Thanksgiving makes you lower than a meth cooker with an ice cream truck. There’s no excuse for it, and I, for one, plan on complaining to my HOA. Which probably won’t help because I live in a different town, but someone needs to know.
Sorry. I was going to talk about how awesome the Amazon Web Services concert conference was, but the lights got under my skin. For the record, I can’t remember a more exciting time to be in technology, and thanks to Amazon and other innovators, a truly awesome future is becoming reality.
But did I mention those lights?
On to the Summary:
Favorite Securosis Posts
- Mike Rothman: CISO’s Guide to the Cloud: Real World Examples. Rich just killed it in this series. Really great research from top to bottom. And stuff not many others are thinking about. Yet. They will.
- Adrian Lane: Compliance for the Sake of Compliance. If a company can’t implement a security program, there is no security program.
- Rich: Mike’s You Cannot Outsource Accountability. Ever.
Other Securosis Posts
- Digging into the Underground.
- Incite 11/20/2013 – Live Right Now.
- Black Hat Cloud Security Training (Beta) in Seattle Next Month.
- Defending Against Application Denial of Service: Building Protections in.
- The CISO’s Guide to the Cloud: Adapting Security for Cloud Computing, Part 2.
- The CISO’s Guide to the Cloud: Adapting Security for Cloud Computing (part 1).
Favorite Outside Posts
- Mike Rothman: 20 Things You Need to Let Go to Be Happy. Ah, the elusive happiness. For me, happy is a place I visit a couple times a day. Then it passes. But these little tips remind me about why I get unhappy. Mostly because I’m not following this advice.
- Adrian Lane: 2014 to be an eventful year for SSL. Most people forget that SHA-1 is basic infrastructure, used by just about every single HTTPS/SSL/TLS connection in existence. The deprecation of SHA-1 is not just because it was an NSA contribution via NIST, but it has overstayed its welcome. Larry does a nice job of covering the issues.
- Mort: What’s my name? No, really, what is it? In other words: a user forgetting their username and/or password is orders of magnitude more likely than user enumeration…
- Mort (2): Boring Is Good.
- Rich: AWS vs. CSPs: Hardware Infrastructure. I was at these sessions. It is hard to express the enormity of cloud computing in general, and AWS in particular. They can’t even buy routers big enough to handle the traffic so they have to build their own networking stack and rearchitect everything.
Research Reports and Presentations
- Executive Guide to Pragmatic Network Security Management.
- Security Awareness Training Evolution.
- Firewall Management Essentials.
- A Practical Example of Software Defined Security.
- Continuous Security Monitoring.
- API Gateways: Where Security Enables Innovation.
- Identity and Access Management for Cloud Services.
- Dealing with Database Denial of Service.
- The 2014 Endpoint Security Buyer’s Guide.
- The CISO’s Guide to Advanced Attackers.
Top News and Posts
- Senators back lawsuit against NSA: ‘no evidence’ that bulk phone spying helps national security.
- Feds Arrest 5 More Suspects in $45 Million Global Bank Heist.
- The second operating system hiding in every mobile phone.
Blog Comment of the Week
This week’s best comment goes to Andrew, in response to The CISO’s Guide to the Cloud: Adapting Security for Cloud Computing.
‘We cannot overstate the importance of hardening the management plane. It literally provides absolute control over your cloud deployment – often including all disaster recovery.’
Great point. Information assurance is vital. Managing all the risks related to the usage, processing, storage, and transmission of data needs to be at the core of cloud services.