An Information Security Place

OK, I am going to do a little self-pimping here.  For those of you who have been reading my blog for a year or so, you probably know that I also blog over at Computerworld.  But if you haven’t been around a while, or you just plain missed it, please go take a look when you get the chance (and subscribe to the feed).  My writing is typically a little more subdued over there, simply because CW can’t have me calling people an ass. 

Also, there are a lot of blogs over at CW, and they have a bunch of different subjects.  The site is great (it has won some awards), and the editing staff is awesome as well.

OK, self-pimping is over.

Vet

Since I get an RSA press badge through my Computerworld blog, it is kind of expected that I meet with a few of the vendors and others that are interested in getting their latest news out to the world via the press.  So I did my duty and set up some meetings. 

There are always the small guys trying to get their name out there.  The startups sometimes have a decent story because they are passionate about what they have to offer, especially if they are blazing new trails.  However, most are really just trying to jump on some security bandwagon a bit too late and are really just spending a bunch of venture capital to get a booth at RSA in the hopes that someone will notice them in the far corner of the exhibition hall.  Sad and maybe cynical, but it is true nonetheless.  So, needless to say, I typically avoid those small shops unless I see some good potential (I did setup a meeting with one of them, but I had to cancel because of work).

I did talk to eEye about some of their new offerings.  I have a USB key with all their info, so I will look it over and share what I think is cool.  What I do remember is that they are coming out with some appliances that seem to offer some nice features.  I give more details later.  What I did like about the eEye story is that most of their technology is their own stuff.  They don’t OEM much at all.  While I get the OEM model for companies trying to get into new markets without a lot of effort, it also drives me crazy when a company that is supposed to be a leader in the marketplace just starts OEMing everyone’s stuff.  If you are going to be taken seriously as a security player, you have to do some of your own research.  It kinda gives street cred in a way.  So kudos to eEye for maintaining that within their company.

I also talked with Enterasys, mostly because I used to hold some high-level certifications with those guys.  I worked with them way back in 2001, and they really had the edge as far as technology.  I believe they had the first partnership with Microsoft to get 802.1x going.  While not a true NAC play as far as malware and state-checking, it did limit access to resources at the port level.  That was revolutionary back in 2001, and if their management would have been worth a crap, they could be a major leader in the market right now.  But alas, twas not to be.

As mentioned in my previous post, I went to a blogger gathering with some marketing people over at Microsoft.  Shimmy, Martin, Dr. Anton, Mitchell, Hoff, and I all had a great time talking to the MSFT people (they let us talk ,so that is always a great time). 

I also got to have a nice little private chat with Howard Schmidt, Ed Zeitler, and Rob Ayoub about the Frost-Sullivan/(ISC)2 survey results (sorry that I can’t share them yet - it is embargoed for a couple of weeks).  It was a great conversation all around.  I had never met Mr. Schmidt, though I had attended some of his talks before.  It was nice to sit down and really get to know how he is in private conversation.  He was a really nice guy, and he was remarkably easy to talk with.  There was no hint of condescension (maybe there might have been if he had had thought I was just some journalist, but he found out I was a CISSP when I handed my card over).

Ed Zeilter is also a great guy.  Very open and had no airs about him.  Just liked to talk theory when discussing the results of the survey.  Rob Ayoub from Frost and Sullivan is someone I have met a few times (he is from San Antonio, so we cross paths at TRISC shows and other places).  He has always impressed me with his knowledge and good attitude.

On another note, I thought of something that I wanted to mention to the RSA Conference organizers for next years event.  I think it would be awesome to make a distinction between regular press and us blogger types on our badges.   I think bloggers are typically more respected than journalists because they usually have a day job that involves working in the industry, thus they tend to actually know the nuts and bolts.  Though I didn’t really experience any blatant shunning with my press badge, I did notice that people’s attitudes changed when they learned that I am a security engineer instead of some guy that just writes for a trade rag.  If they didn’t see my card before we started talking, the initial treatment I received was quite a bit different after I started asking in-depth technical questions.  The look in their eyes changes from a glazed "talking to another journalist" to a "this guy actually understands what he is asking".  We’ll see if the suggestion goes anywhere.

Vet

There’s a new security blog out there, and this one is another Accuvant employee (so you know it is going to be good). 

His name is Jim Broome, and his blog is called Jim’s Bloggyness.  Jim is an Assessments Team Lead at Accuvant, and he is one smart dude.  Here’s his profile:

Jim Broome, an information security industry veteran with over a decade of experience in the field, is a Principal Consultant with Accuvant?s assessment team and also acts as the technical lead for the assessment practice area.

Accuvant is a leading national security consulting organization that designs and executes strategies to address its clients? complex information security challenges. Jim?s role is to provide world class security consulting services to Accuvant clients while still providing technical leadership to the assessment team as a whole.

Experience

As one of Accuvant?s more seasoned assessors, Mr. Broome, has performed a number of consultative engagements including enterprise security strategy planning, risk assessments, threat analysis, application assessments, network assessments and penetration testing, and wireless security assessments for a large number of fortune 500 clients. These clients represent a variety of markets including manufacturers, telecommunications (cellular and traditional), public utilities, healthcare, financial services, and state governments.

Prior to joining Accuvant, Jim was a Principal Security Consultant for Internet Security Systems and a member of the X-force penetration testing team. At ISS, he was responsible for providing technical leadership to the Western Region consulting practice while performing his day-to-day duties of performing network assessments and penetration testing. Prior to ISS, he was the Director of Network Operations for Cavion.com, a managed service provider exclusively for credit unions. At Cavion.com, Jim was responsible for managing the network operations staff and security organization while maintaining 99.999% uptime.

Notable Accomplishments

With a been-there-done-that attitude, Jim is a constantly sought after consultant, due to his extensive level of knowledge in most areas of security implementation and management from both a technical and managerial level. As one of the original authors of several training programs including Checkpoint Software?s CCSA/CCSE program, Jim is a well regarded security/technology instructor and mentor to many administrators and IT management organizations.

Since coming to the Accuvant organization, Jim has been responsible for establishing and standardizing many of the solutions and techniques employed by the Assessment practice. This provides our clients with a level of consistency that is unparalleled in the industry and establishes Accuvant as the premiere security services company.

Certifications and Training

Jim is a Certified Information Systems Security Professional (CISSP); Checkpoint Certified Security Engineer (CCSE); NetScreen Certified Security Associate (NCSA); ISS Certified Engineer

Professional Education

BS in Computer Information Systems from Trinity College and University

Welcome to the blogosphere Jim.

Vet

OK, I was going to leave this one alone, but it is just bothering me so much. A couple of weeks back, I wrote a blog post about a comment I had left on a post by Douglas Schweitzer’s at his Computerworld blog. Douglas said in his post that a bot was “essentially just another term for an infected computer.” I took issue with this and wrote a comment as such, then I posted the comment on my blog. I also noted that I wasn’t slamming Douglas in any way. I just felt the error needed to be corrected. Douglas argued on his blog that it was semantics, and that is probably true to a degree, but oh well. I let that go (actually I tried to post another comment on Douglas’ blog, but I think I put too many links in to prove my point because it never popped up - probably looked like spam).

But then out of the blue I get a comment tonight from somebody named David. He says, “And how many computer security books have you written? That’s what I thought…”. My comment to David was:

What the hell does that have to do with the price of tea in China? Do you worship Douglas or something?

Now, I realize that was probably not the most constructive of comebacks, but this really pisses me off. I guess my correct statement about what a bot is does not count because I have never written a book about security. How utterly moronic and completely stupid can you get? That is like saying you have to write a book on weather before you can say a tornado breaks stuff!

If it is because I was correcting someone that has written security books before, that is just as stupid. Writing a book does not make you infallible.

Vet

Take a look at this link. I think this is a splog (spam blog) about taxi’s. It picked up my post about the cab driver incident involving Alan, Mitchell, and myself when we were at RSA. I don’t think I have ever been linked by a splog before. Weird.

Vet

Why do Alan and Mitchell call the Still Secure, After All These Years blog and podcast “SSATY” instead of “SSAATY”? 

Is there a conspiracy against the letter “A”? 

Do they not like the letter “A”?  I would think not since it starts Alan’s first name and also starts Mitchell’s last name. 

Does it help Alan cut costs to leave out the extra “A”?  Maybe so since he has recently announced a very successful quarter at his blog.

Did the blatant pursuit of fame and fortune drive the “A” away?

Did the “A” drive away in a cab after Alan pelted it with racist comments?

I should probably just ask Alan and Mitchell, but that would be too easy.

Vet

Thanks to Kurt for letting me know there are some problems with the permalinks on my blog.  For now, if you click on the link to a spcific post, you will get a 404.  Looks like links to comments are also screwed.

I think this has to do with my theme being old and I am now on WP 2.12.  The author of this theme has a beta out, but I don’t want to screw with that.  So you might be seeing a new theme here soon.  I am uber-busy with a proposal and some afternoon meetings coming up, so I will look into this evening.

Vet

Well, if Mark at securityBuddha can do it, so can I?  What am I talking about?  Well, I am going to make this blog a more pure infosec blog, and I am going to start a personal blog.  It will be called My Tangential Mind.  It will still be at infosecplace.com, but I am adding a subdomain for it.  Nothing is there but an intro post right now.  I will eventually put more work into it.  I am not hooping for it to be some great success.  I just wanted a place to put down personal and random thoughts.

Vet

Well, my good friend and blogging compatriot Martin McKeay has finally made it to the big time by actually having a press release issued about his move to StillSecure. I can honestly say that I have never known someone personally that had his own press release. Wow. I can count the Great McKeay as a close friend!

In all seriousness, Martin deserves this. He is a very well known figure in the security world as a security guru, he is a great writer and security journalist, and he is an all around nice guy. I count myself lucky to have him as a friend, and this could not have happened to a better guy.

All that being said, what about the title of this post? Well, I think StillSecure also deserves congratulations. I have known Alan for about a year now, and I have known Mitchell for quite a few months. And I have to say that these guys deserve Martin just as much as Martin deserves this great move. Alan and Mitchell are great guys, no matter what everyone says about them (sorry, I can’t be nice to people without jabbing them a little - I’m sure it comes from my terrible childhood, which led to my total lack of self esteem and utter lack of respect for my fellow humans, but in retrospect helped developed my writing skills because that is all I had to do in that closet I was locked in for most of my teenage years, but I digress - **sniff**).

But seriously, Alan and Mitchell have done so much to move the security industry forward. Even if you don’t count their work at StillSecure, you still have two guys who are blogging and plugging away at trying to make the security industry a fun and exciting place to work. They deserve to have a great talent like Martin out there evangelizing.

So I say congrats are deserved all around. God bless and good luck to all of you.

Vet

PLEASE, PLEASE, PLEASE do not truncate your post in your RSS feed. I use Blogbridge so I can pull down my feeds and read them when I am running around and don’t have Internet access. When I get to your blog and I see something interesting, if the post is cut off in the feed, I can’t get to it. Drives me frickin’ crazy!

OK.  I’m done.

Vet

[Updated post - I added quite a bit]

I am about to leave the RSA conference. I am a little disappointed that I was not here all week. The last two years I arrived Monday and left Friday and got to go to all the sessions I could make it to. But that was when I was an Information Security Manager for a non-profit psychiatric clinic. They were used to sending doctors and their execs to conferences, so it wasn’t a foreign concept to them. Now that I am a presales SE for a security consulting firm, I have to make sure I am available for meetings and such as much as possible.

I really am grateful that I am here at all this year. I really came in just for the security blogger gathering, and I wouldn’t be here at all if it wasn’t for that. Of course, I did meet with a potential client while I was here, so I feel much more justified.

Speaking of the blogger gathering, I have to agree with Martin that it was a great event. I loved meeting everyone that I have been IM’ing and emailing and podcasting with for a year now (BTW, my blog is almost 1 year old - Feb 24, 2006 was my first post). My favorite part had to be the big bear hugs I got from Alan Shimel and Mitchell Ashley at StillSecure (the most exciting event of the evening was the cab ride from the Thai restaurant to my hotel, but I will give Alan a chance to blog about that first). Those two guys crack me up, and they are really cool guys.

I also finally got to meet the great Mike Rothman. I like that guy a lot.

I also got a thrill when I met people that said they read my blogs. I agree with Alan when he comments on how flattering it is to have someone say they read and actually value what I write.

I also enjoyed meeting Cutaway from Security Ripcord. That guy is as down-to-earth as you get. Just a good guy who doesn’t put on any airs. He’s a Marine (some would say former Marine, but once a Marine always a Marine). I was in the Army, so we inevitably end up talking military stuff. If you add Martin to the mix (ex-Army), it really gets deep.

One other person I really enjoyed meeting was Washintonpost.com’s own Brian Krebs, who writes the Security Fix blog. Brian is a celebrity in the security world because he writes for such a distinguished publication. But he is also respected by security professionals because he writes some good stuff and knows what he is talking about. And he was a nice guy, and he was also humble. I had to thank him personally for the great job he did of exposing the scandal with the Connecticut substitute teacher that was convicted for exposing her students to pornography (here and here).

Some other big names that were there:

Bruce Schneier - It was pretty cool to actually get to introduce myself to him. I’ve met him, but only quickly at shows and at a book signing. This was more personal.

Richard Stiennon - VERY nice guy. And all we bloggers thank him and Fortinet for sponsoring the event (we thank Microsoft as well).

Rich Mogull - Gartner man himself. Another down-to-earth and very likeable guy. And he is a second dan is taekwondo.

Ron Gula - It was a pleasure to meet Ron as well. Another good guy who could easily be arrogant but was not.

There are others, and I don’t mean to leave anyone out. I just can’t remember everyone. Suffice it to say that this was a group of people who were just excited to meet a bunch of peers and talk about security (though I don’t think we talked about security as much as we just BS’ed and had a good time networking).

Vet

There’s a new security blog out there, and it’s from the Great White North. It is called Security Views, and the guy who runs it is named Scott Wright.

I would like to welcome Scott to the fold. Good luck.

And of course, this post about a Canadian blogger would not be complete without a link to a clip from on of the greatest movies of all time, namely Strange Brew!

[ev type="youtube" data="A3DYbE44OIE"][/ev]

Vet

I apologize if you have made comments on some of my posts and have not seen them show up.  Akismet has had a few false positives over the last few days, and I am starting to get so much comment spam that I can’t catch them all.

Vet

I just found this security blog because the author put me in her blogroll, and Technorati let me know about it. The blog is titled Princess of Antiquity. It looks like the author is a 17 year old student in the Phillipines. It is kind of a mixed perosnal / security blog, with a heavy emphasis on security. There is some good stuff in there, and coming from a 17 year old, I have to say that this young lady has no where to go but up. And since she is linking to my blog, you know she is smart!

On a side note, technology is amazing to me sometimes. Even though I know the Internet is world wide and people can check out just about anything from anywhere., it still floors me when someone rom the Phillipines can find my blog. Too cool.

Vet

I am attending the RSA conference in February as press because of my Computerworld blog. I applied at the RSA Conference site, and they accepted me. And like Martin has been posting, I have been getting multiple requests for interviews, breifings, etc. from security companies that are attending.

Well, today I received an email from a public relations firm that did not tell me who they represented. Here’s the text of the email:

Hi Michael,

I saw that you were attending RSA on behalf of Computerworld. I’m just curious – are you attending for content for your blog postings or are you acting in more of a reporter capacity for Computerworld at the conference and planning to write on hard news and discussions with folks who have a presence and activity at the conference?

I don’t know about you, but I was offended by this question. So, because I blog I am not legitimate? Here is my response:

It is for my CW blog and my personal security blog.

And though I may just be feeling defensive, and I also suspect you are not being purposefully belittling, many bloggers would take issue with the tone of your question. Blogging is a completely legitimate news source and is considered by many to be “hard news”. I think this is proved out by RSA accepting so many bloggers as press. And “discussions with folks who have a presence and activity at the conference” are excellent sources for blog posts. In fact, I am interviewing a couple of people for my blog, and these people are security professionals and security industry executive types.

Just because bloggers post their opinions (because we both know “hard news” reporters never report their opinion, right?) does not mean we are not a valid news source.

Any body else take this as I did? Am I being too defensive?

Vet

Either my toe post turned everyone off, or announcing I am a Cowboys fan must have made some people mad. Either way, my Feedburner subscriptions went from the 130’s (been there for a few weeks) to 112 yesterday and 99 today (reflects the previous day). Anybody else see anything like this, or am I just losing my readers?

Not feeling the love here, people.

***UPDATE*** Read comments to this post for an explanation of what is going on. Thanks to Eric over at Feedburner for a quick response!

Vet

I posted a couple of weeks ago about me doing a talk at Alert Logic. Misha Govshteyn is the founder and CTO of AlertLogic was in the group as well, and we talked for a bit about various things. If you have not talked to Misha, he is a very informed person, and he is clearly intelligent with clear cut and well thought out opinions about security.

By the way, I WAS NOT PAID FOR THE TALK, AND I DO NOT HAVE ANY STOCK OR INVESTMENT IN ALERT LOGIC.

Anyway, one of the issues that came up was the possibility of Misha starting a blog. To my knowledge, he has not started one yet. However, Alert Logic has a blog that has been kept under wraps. Until now, that is. I have been given the honor of revealing their blog to the world (they chose me because of my thousands and thousands of readers and fans - **HACK, COUGH** - sorry, hairball).

But in all seriousness, I have read some of the stuff on the blog, and it looks good. The writing is often very witty and well though out (this Jeremy Hewlett guy has some great skills with the written word). And I have found them to be very informative as well. Go check ‘em out here.

Of course, now that you Alert Logic guys have been exposed to the world, be prepared for comments and criticisms. I hope you have some thick skin. It ain’t easy out here sometimes!

Vet

Mitchell Ashely wrote a piece on conflict of interest yesterday. It was specifically concerning analysts because of the firestorm of posts about some analysts recently jumping ship and going to manufacturers.

Mitchell’s post got me to thinking about some things specific to me (because I am my number one fan, and because the analyst sopa opera just doesn’t interest me too much). What I mean is my recent job change and how it effected my blogging.

If anyone is new and doesn’t know to what I am referring, you can read about it here. But in short, I recently moved from the security management world to the consulting / reseller world. This was quite a change, and I learned soon after the change that I would have to steer clear of some subjects on my CW blog because of, you guessed it, possible conflicts of interest. What I mean is, if Accuvant (my employeer) partners with a certain vendor, then it would be a conflict of interest if I wrote something negative about a competitor of that vendor. So CW said, basically, no posting about specific vendors at all.

Initially, I bristeld at these restrictions and considered dropping away from Computerworld. It bothered me because I felt like I was being told that I could not speak my mind (similar to what Mike Rothman went through recently at Network World - I am not apple-to-apple comparing what Mike went through to what I was looking at, since Mike was speaking his mind on his own blog, and Network World let him go for it, which is bogus). Basically, did I want some organization telling me what I could and could not say?

Then, I got to thinking about the issue a little more closely, and I realized a few things. One, this is their sandbox (I got that analogy from Rothman), so I had to play by their rules. Second, they are a business that has to protect their objectivity (though some people will argue whether any of these technology media outlets are objective)., Third, and this mattered the most to me, I could still post my personal views on my personal blog. I know this didn’t protect Mike, but so far I have had no issues with my editors at CW, and I think that will stick.

So the conflict of interest issue was settled in my mind because I still have a free voice at my personal blog. If CW was to ever let me go for something I posted there or on my personal blog, then c’est la vie. I can go on.

Vet

If you don’t follow my ComputerWorld blog, well…. you should! Presently I am a once-a-week blogger over there (though I don’t always get to it that often), but I will soon be a regular three-posts-a-week blogger. They have lost a couple of bloggers due to burn out, so the editor over there offered me a spot.

The bloggers they lost were writing a post a day, so I hope the three posts a week won’t be so hard and I can last a while. Anyway, I am excited about it.

Thanks to all of you who read my stuff and actually think I have something constructive to say.

BTW, here’s the PhotoShop job Alan Shimel did on me while disagreeing with my online shopping post at CW.

Thanks Alan for letting me have the picture. That made my day, even if you were tearing me apart!

Vet

I just came across a new security blog this morning. Andy, IT Guy has been writing since August, and he has some good insights into security. He commented about my Generalist vs. Expert post, which also shows that he has excellent taste in security blogs ;).

Welcome Andy. Happy blogging and good luck.
Vet

 

Before you read this post, go take a look at my “Rules” for my blog.

 

OK, now that you are back, let me piss off some people.  During this election season, I have to say that most of the security bloggers out there stayed out of the fray by sticking to what their blogs are about, namely: security.  And my blog rules state that I will do the same.  Basically, if you want to discuss a law or other political issue that pertains to security, then fine.  I will do the same.  Martin McKeay and I have had our friendly blog disagreements concerning phone tapping, phone tracing, tracking terrorists, and privacy stuff.  Alan Shimel and I have done the same to a degree.  All that is fine because that kind of stuff is relevant to security.  You can make judgements and assumptions as to our political leanings based on what we have posted (and maybe the region of the country we each live in), but that is no guarantee as to where we stand because we have made no definitive statements on the subject (I haven’t read all of Martin’s or Alan’s stuff, but I haven’t seen it in any of the stuff I have read).

I say this because I read a couple of posts from security bloggers during this last election season that, in my opinion, are just a little off.  One post was by the Great One, Mr. Schneier himself.  He says he is glad to see the Republicans get some of the brunt of the electronic polling problems.  He backs off of that kinda quickly, but it shows his bias clearly.  Another is by a blogging buddy of mine, Christian Koch (might not be a buddy after I writie this, but I hope all is still well).  In his post, he doesn’t even try to hide his feelings at all (not saying that he should have to, but you will see where I am going with it below).

First of all, I want to say that I respect everyone’s views, even if I don’t agree with them or understand them.

Second, if you have a blog, then it’s your fingers doing the typing, so you have full freedom to write about anything you want.  I get that, and I would never say you can’t. 

However, don’t we, as security bloggers, owe it to our readers to stay a level above all this mud slinging and give content that is relevant to security?  It seems a tab bit like false advertising if you have a blog that is advertised as a security blog and you use it to blast a politician or a political party because you don’t like their politics.

And another reason not to show which side you are on is because it tends to taint your readers’ opinions of you from then on.  If you try to come at an argument with logical, non-biased opinions, your debate will still be tainted by your blantantly-stated political beliefs.  That is no better in my mind than if you stated that you liked TippingPoint IPS better than anyone else’s, then tried to go into a debate about IPS products and tried to stay neutral.  There is nothing wrong with stating your opinion on the matter because you are free to say what you want.  But your opinion will be tainted from then on.  And you would never again be able to be neutral on the debate (at least, not for a long time) because you can’t switch to neutral once you have got in gear.

Anyway, my two cent’s worth.  You may think I am just frustrated because I did not like the outcome of the election.  But you really can’t make that statement, because I have never said which side I am on, regardless how many clues you think I have given.  So there!

And Christian, just to hopefully ease hurt feelings, I thought the cartoon in your post was pretty funny.

Vet

Go listen here.

Thanks again to Alan and Mitchell for having me on the panel.  And thanks to the panel for a great discussion.

Vet

…but this transition is taking most of my time.  I promise I will be posting soon.  I am travelling to Dallas for the rest of the week, so I will try to hit some stuff this weekend.

Please keep coming back.  This blog is not dead!!!!  Really!!!!!

Vet

I posted a few days back about some transition going on with me. So, I got some ’splainin’ to do. Well, here it is. I am changing jobs. I know, what’s the big deal? But this is more than a job change for me. The last few years as an Information Security Manager have made me realize that the technical side of my job, though still a good part of what I do, is starting to fade into the background. As I get more and more resources in place and grow the security infrastructure, I am starting to focus more and more on personnel manangement and security maintenance, with the project and technical work becoming much less frequent. Basically, my skills is sufferin’. And they are suffering at a time in my life where I just can’t afford it. I am only 34 years old (today, in fact - happy B-day to me!!), so I think the move into management is not for me yet. Maybe it never will be,but I definitely know it is not the time now.

So, I decided to make a change. I wanted a job where I would get to see different technologies and get to be a lot more technical. However, I wanted to stay in security and not go out into another technical job that pushed me back into network engineering. So, I started looking a while back to see what was out there. I did not put a lot of effort into it. I figured if it was supposed to happen, then it would happen.

Well, it did. On Friday, I accepted a position as a Security Engineer with a security reseller and consulting company. Basically, it is a pre-sales engineering job with a lot of consultation, design work and some implementation work. There a couple of reasons I decided to make the move: 1) I believe this will keep my technical skills up, and 2) it is going to allow for a lot of freedom that I have been looking for.  This is the company’s first permenant presence in Houston, so I will be starting the office (we will be bringing in a sales person in a couple of months - any sales people looking for a job, shoot me an email at m1a1vet-at-infosecplace.com).  That is exciting to me.  And I will be able to work from home for a while, so I will be seeing more of my family. Basically, I am excited about this, and I think it will be good for me and my career.

I guess I should tell where I am going! The company is Accuvant.

I will spare you the marketing hype, but I can say that they are a top-notch security company. They have some really quality folks over there, and I know I will learn a lot from them. I have worked with them over the last year or so, and my experience has been nothing but positive.

Just to explain, the reason I am making such a big deal about this here ay An Information Security Place is because this move might have a big bearing on my blogging. I have worked for VAR’s before, but my view of the security industry is likely to change quite a bit. I have spent the last three years as a security manager, sothat will always be there and will affect my thinking. But I take my blogging very seriously (though I have a great time doing it), so I have to recognize that this is going to affect what I blog about and how I see issues.

I know many people read my blog because they are security practitioners and they like that I have the same viewpoint. I promise those people that I will do my best not to betray those views. Security management is a part of me. But I will also be seeing things from the reseller perspective. I think that will give me a fresh outlook that will only add to what I can think and write about.

So, that is what’s going on with me. I plan on always keeping this site and my Computerworld blog going strong, but please understand if I have some dry times in the next few weeks as I move over. Thanks for reading. Please stick around and see the things that are to come.

Vet

Thanks to Mike at MCWResearch for letting me know that Akismet was down today.  I got a good amount of obvious spam, but they caught it pretty quick and everything seems OK now.  I didn’t notice it because it is Sunday, and I just happened to check my email.

I can’t say anything bad about those guys at Akismet.  Thanks for all you do over there.

Vet

Just some random thoughts here on why I write this security blog:

1. Simply, I enjoy writing
2. Simply, I enjoy security
3. I enjoy people reading and commenting on my opinions
4. It might make me famous one day!
5. It helps me become a better security professional because I have to research to write viable and informed opinions
6. It helps me to become a better writer
7. I get to meet great people (Martin, Alan, Mike, Chris, Mitchell, etc.)
8. It gives me something to do when I am up at 1am in the morning (I need to go to sleep)
9. Looks cool on my resume
10. Some other stuff

Vet

Just to let all my thousands (yea, right) of loyal readers know, I am going through some transition right now.  I will explain more fully later, but that is the reason I have not been posting this week (and the fact that I am preparing for our annual audit here at work).  I hope to get some time this week to look at the news more closely and develop some opinions (developing opinions is not too difficult for me, as you may well know).

Vet

Since I started blogging, I’ve seen a few people post what blogs they peruse. I guess I’ll hop on that train as well, especially since I just learned how to export my OPML file out of BlogBridge and import it into Bloglines.

There are 60 feeds (this includes news and blogs) pertaining to security that I read. Some of these are rarely updated, some are fairly consistent, and some are in between. Many are common. Some are fairly new and haven’t gained much traction yet. But the sheer amount of opinions and data there is astounding, just in 60 feeds.

So take a look my public Bloglines feed list if you have the inclination.

Vet

Here’s my “poor self esteem” question for the week. Should I be concerned that I have not been getting much comment spam the last two weeks? I am fairly sure my readership has gone up in the last month or so, but the amount of spam has gone down. I use Akismet, and it does a great job. But I was getting 20 and 30 at a time. Now I can go a day or more without one. When I do get them, it is maybe 2 or 3 at a time.

BTW, Mike Rothman’s links to my blog keep getting marked as spam, even after a few times of marking them as not spam.

What are you doing over there, Mike? I’m starting to get suspicious.

Vet

As I mentioned in my last post, I had the honor to virtually meet Mitchell Ashley, CTO of StillSecure, while recording Alan Shimel’s podcast last night.  Alan kiddingly calls Mitchell “Ed McMahon” because he is regularly joining Alan on his podcasts.

Mitchell has recently been inspired to start his own blog.  I started reading it when I saw the announcement at Alan’s blog, and I am impressed.  Mitchell obviously knows the business and is a smart guy, so i think you would do well in reading his stuff.  I know he will be successful in his endeavours (because I link to his blog, of course).

Vet