An Information Security Place

You know how a lot of people who have regular jobs tend to be able to relax during this week?  A lot of people are on vacation, or they are so looking forward to a couple of days off that they just relax and kinda half-ass work for three days? Well, that ain’t the case in the VAR and vendor world, as I learned recently.

Basically, this is rush week.  Everyone wants to close every possible deal before Thanksgiving, no matter how big or small, because everyone REALLY starts lazing down right before Christmas.  I have been in this pre-sales role for over a year now, but the market was so new for us last year that I didn’t really see all the activity during Q4 last year.  But I am getting a trial by fire this week (especially with my counterpart in Dallas out for the week because his wife and he just had their second baby - Congrats Gabe!). 

So people out there in the trenches with some dollars left in your end-of-year budget, if you want to get a good deal on products and services, always remember the end of the quarter and the week before Thanksgiving.  Or maybe remember the month AFTER Thanksgiving, since VARs and vendors aren’t expecting as much during that time.

Vet

If you are one of the people in the trenches out there, what most motivates your management to spend money on security?  Let us know by answering the poll on the right column. 

Vet

Hey!  BIG NEWS!!!   Windows XP SP1 with no firewall is hackable!!!  Did you guys and gals know about this!  Holy Crap!!!

I saw this on mcwresearch.com (thanks Michael).  cnet needs to be smacked for even thinking about printing this. 

Vet

I have been fortunate the last two weeks to connect (and reconnect) with blogging friends.  Last week I was in Denver for some Q1 Labs training, so I got in touch with Mr. Mitchell Ashley.  We had some good beer and a nice dinner at Chili’s near Englewood.  We also had good conversation and talked about Mitchell’s new venture.  Mitchell is a great guy, and I know he will do well in everything he does.  It was awesome to see him again, and though I know he is not only in security now, I still hope to see him at RSA next year, and I continue to look forward to his blog.

And today I flew into Atlanta, where I picked up a rental and headed out to Greenville, SC for some meetings.  I figured while I was there I would try to hook up with Rothman and Andy Willingham.  I didn’t give Mike enough notice (he’s a busy guy), but we had a good phone call as I was getting off the plane.  But I did get to meet Andy finally, which was awesome.  We enjoyed some lunch together and talked about things (see picture below).  We just had about an hour to talk since he had a date with his wife at 1pm (don’t blame him a bit), but it was great nonetheless.

It is always great to talk to people who share a common interest.  I have really been feeling disconnected lately from other security professionals and security bloggers, and this really helped things a lot. 

Thanks to Mitchell and Andy for meeting with me.  And thanks to Mike as well.  I know I didn’t give you enough notice.  The next time I drop into Atlanta, I will be sure to let you know sooner.

And since I didn’t get to take a picture with Rothman…

And by the way, Mitchell, you still owe me a picture.  You see what happens if you don’t deliver.  You don’t want to end up like poor Andy…

Vet

I want to say thank you to everyone who gave me thanks for being a veteran.  Sometimes stuff happens in this country that makes me wonder why I ever volunteered.  Sometimes I think many of the people I fought for weren’t worth it.  Then I have people coming up to me who know I served and fought, and they tell me thanks for everything I did.  And although I am typically humble about my service (since I did not do anything close to what our guys and girls are doing over there now), I immediately accept that thanks because I know the people mean it.  I know those people love our country, and they appreciate me doing what I did.  And that restores my faith ten-fold.

So thanks to all you veterans out there, and thanks to those people who appreciate what we have done.  You are the people we fought and died for, and I for one was honored to do so.

Vet

I’m not sure if any of you have noticed, but my blogging frequency has been hurting lately.  And honestly, I am not sure how long it will be before it picks up again.  I am trying to figure out how to refocus myself because my job has changed so much.  I am now traveling to Dallas and elsewhere quite a bit, which is making me spend a lot more time focusing on my family when I am home instead of working on my blogs. 

And honestly, this job at Accuvant has changed my focus as a security professional.  Instead of looking at security from the standpoint of fighting in the trenches, I am looking at security from the viewpoint of which product will fix which problem.  Accuvant is a lot more than a VAR, believe me.  But as an SE, I have to figure out how our services and our partners’ products fit in different companies.  That means I have to know security, but it does not lend itself to knowing trends in the real security world.  It just makes me know product better.  Not necessarily a bad thing, and it can give up a lot of blog fodder.  However, posting about what products people are buying is not where I want my blog to go.  That’s just too much like being an analyst (no offense Rothman).

So I am trying to figure out how I can make this blog meaningful to my readers out there AND stay true to security.  I just don’t know how to do that yet, so I am not sure how much I will be posting.  I will be trying to up my posting frequency to my Computerworld blog.  I think I should do more for them.  They are good folks over there.

So anyway, if you have some suggestions for me, please let me know.  But until I figure out how to focus on true security issues and not just product talk, the posting will probably be light over here for a while. 

But I also ask a favor.  Please don’t delete my feed.  Just be patient.

Vet

A few days ago I heard someone on the radio say that one’s motivation is integral to fulfillment in one’s career.  The key points that really stood out for me were:

• You should strive to make your hobby your career
• Doing the best job possible in your career should be your goal, not fame and recognition.
• If you set out in your career to be famous, you may make that goal, but you will be forever dependent on that fame for fulfillment
• Fame is extremely fragile, so dependence on fame makes your fulfillment just as fragile
• If your goal is to do the best you can do and you do it, then the fame will come from that.

These points really struck me hard, and they made me think of what I was doing in my career and in my blogging.  And they made me think about this blog post from Misha over at Alert Logic way back in December of last year.  Here’s what Misha said I said:

When I asked Michael why he blogged he thought for a few moments and said ?I like being famous?. It?s just that kind of unpolished honesty that makes guys like Michael more fun to read than, say, Bill Kristol of The Weekly Standard.

Now while there is nothing inherently wrong with wanting to be famous, you have to look at the next to last point above.  Do you see why it is not a very good reason for doing what you do? 

I know what I want to do with my career.  I have said more than once that I like to speak to groups, that I like to be the person to whom everyone is listening.  And I enjoy writing in my blogs just as much.  Right now those things are my hobbies, but I fully plan on making them my career as I move forward (I’m only 35 - I have some time). 

And while that type of career is naturally going to involve some degree of fame, I have come to understand that fame should not be my prime motivator.  I should be doing what I love to do, and I should be doing it to be the best I can be, not because I want people to think I am a smart guy and because I want them to like me.  If I do the best I can do, then the other stuff will come, and I will be fulfilled in my achievement rather than relying on the fickleness of the crowd.

Thanks for reading.

Vet

My many friends at Alert Logic just released their logging product.  I have not had a chance to sit down and do a demo with them yet, but I really think they are making a wise move with this product.  Logging is extremely hot in the market because of compliance, and this is a natural fit for mid-sized companies that don’t have the staff and the time to jack with this.  And from what I hear, about 8 out of 10 people they talk to want to hear more.

Congrats to everyone over there.  Here’s to your continued success.

Vet

I was in IAH (Bush Intercontinental in Houston) today waiting for a plane to Denver, and I passed by the departure / arrival screens in Terminal E to check on my flight.  Most of the screens were populated, but this was on the middle screens:

Nice to see they are using the ultra-secure VNC.  Makes me wonder if whoever was on the other end had any idea this was showing in the terminal.

Vet

Oh well

Dear Michael :

Thank you for submitting a presentation proposal for RSA Conference 2008, April 7 - 11, 2008 at The Moscone Center in San Francisco, California. The Program Committee has completed the review and selection process and unfortunately, with over 2800 submissions and only 220 track sessions, we could not accommodate everyone.

We regret to inform you that after careful evaluation of your proposal against the goals and objectives of this year’s Conference, the presentation submission referenced below has not been selected. Should you have questions regarding the selection process, feel free to contact us and we will forward them to the Conference Program Committee.

Session Track: Professional Development
Session Code: 1208
Session Title: Information Security Research - Tapping the Blogosphere

…

on behalf of
RSA Conference 2008
speakers@rsasecurity.com

Vet

I have received the go ahead from the Marketing people over at the PCI Security Standards Council to interview Bob Russo, the PCI Council’s General Manager (I met him at the PCI mini-seminar I blogged about).  Since I haven’t been into podcasting for a while, I am going to go down the Cutaway path and send him a series of questions via a Word doc.  But I thought it would be cool for a lot of the questions to come from my readers.  BTW, the final interview will be posted on my Computerworld blog.

Soooo, if you are interested in PCI and want to ask THE MAN some questions, please send me questions at questions_at_infosecplace.com or my contact page.

Vet