The Daily Incite – 12/07/09 – Happy, Sad, Repeat

Today's Daily Incite

December 7, 2009 – Volume 4, #36

Good Morning {!firstname}:
Life is a roller coaster. Pure and simple. During a particularly
difficult time about 15 years ago, my Dad sent me Seinfeld’s book, with this
specific passage highlighted:

"Life is truly a ride. We’re all
strapped in and no one can stop it. When the doctor slaps your behind,
he’s ripping your ticket and away you go. As you make each passage from
youth to adulthood to maturity, sometimes you put your arms up and
scream, sometimes you just hang on to that bar in front of you. But the
ride is the thing. I think the most you can hope for at the end of life
is that your hair’s messed, you’re out of breath, and you didn’t throw

It’s hard to keep that in context during the day to day grind. One
minute you are up and
then in what seems like the next second you are down. It’s also a bit
more challenging for security folks, because in general we tend to be
somewhat cynical (OK, very cynical) and borderline paranoid. It’s take
me a long time to get in tune with my own peaks and troughs, and some
days that presents a pretty significant battle.

Happy? Sad? Yes, just wait a few minutes.Take
yesterday, for example. I was excited to go see the hometown Falcons
play the Eagles. Yeah, I hate the Eagles. Growing up in NY and being a
Giants fan means you pretty much hate the Eagles. I know hate is a
strong word, but actually it may not be strong enough. I hate^2 the
Eagles, so I was hoping the dirty birds would put a hurting on visitors.

Of course, my optimism lasted about 10 minutes and the reality of the
impact of having 40% of the offense inactive set in. It was ugly, and
totally compounded by the number of Eagles fans there to gloat. OK,
they didn’t gloat, they were pretty cool (especially for Eagles fans),
but still. It hurt, and I was grumpy.

So I get back to Chez Incite and settle in to watch the Giants play the
hated^2 Cowboys. Things started slowly for the G-men, and my mood was
descending into dark places. The Boss was going to vacate the premises,
but then at the end of the first half the Giants got going and held on
for the victory. Elation personified. I’m not sure why football gets me
so fired up, but it does. And given how the Giants have played over the
past two months, getting a big win was awesome.

But then I need to take a step back. There were pretty low lows and
pretty high highs all in the course of about 6 hours. And this was
about football, not anything really important. I think part of finding
balance and happiness is to acknowledge that there are some things that
you CHOOSE to get excited about. That means you also need to accept
that those very things will make you miserable at times.

Then the misery will pass. Just as the happiness will pass. This is the
cycle we call life. Some can’t deal with it and think there is
something wrong with them because they get whiplash swinging back and
forth between pessimism and optimism. There is nothing wrong with that.
There is nothing wrong with them. It’s called being human.

Have a
great day.

Photo: "Ms.
Happy, meet Mr. Sad 111/365
" originally uploaded
by SashaW

Technorati: , ,,

The Pragmatic CSO

Pragmatic CSO:

Available Now!

Read the Intro and

"5 Tips to be a
Better CSO"

me on Twitter:



I’m not sure where I’m going, but I’ll get there in 140 characters – or

Incite 4 U

  1. Liberation
    and Thought Leadership
    – RockyD rocks the house on FUDSEC
    last week with a
    post about getting out of the rut many of us are in
    There is a lot of good stuff in here (especially about focusing on
    R&D and better information sharing) and like most of the FUDSEC
    posts, it’s about spurring discussion. Mort
    takes issues with some of the stuff on the Securosis blog
    and I agree with his positions, so I’m not going to rehash. What I’m
    going to pick on is the part where Rocky advocates a "vendor thought
    leadership" approach to the more strategic problem set. Sorry dude,
    it’s not going to happen. Unless you count having every vendor (or
    consultant) apply what’s in their bag and position it as a "strategic"
    solution. The profit motive ensures that the job of the vendor (and in
    many cases, consultant) is to convince the customer the strategic
    problem-set is addressed by the products. I know you are advocating the
    exact opposite approach, but I can’t see it happening because a
    quarterly mind-set ensures short cuts are taken at every opportunity.
  2. Noise level
    at an all-time high
    – The results of the annual CSI
    survey are out. The
    Help-Net Security folks did a nice job summarizing the findings
    Basically we are dealing with a lot more incidents, but the average
    loss per incident is coming down. Hmmm. That wouldn’t have to do with
    the fact that losses are not growing as fast as the number of
    incidents, eh? But the point is this is all noise. These surveys are
    interesting to look at in five year cycles to see where we’ve been, but
    not very instructive to understand where we are going. Fact is, we need
    to focus on blocking and tackling – STILL. And given that cyber-crime
    is a growth market, I don’t expect these surveys to show anything
    remarkably different for years to come. The point is for you to not end
    up as one of the statistics.
  3. More noise
    about data breaches
    – The folks at Imperva were also kind
    enough to point out the fact that even
    though the number of reported data breaches is going down, the number
    of records compromised has exponentially increased
    Which again is predictable. With some exceptions, the amount of work to
    steal a million identities is similar to stealing 50 million. So why
    wouldn’t the bad guys go after bigger targets? And they have –
    successfully. Good for them. The point is the noise can be used for FUD
    purposes (yes, there is a time and place for fear, uncertainty, and
    doubt in every security practitioners bag), but it shouldn’t be
    impacting our plans, strategies or processes AT ALL. Incidents and
    breaches happen, we know that. Blocking and tackling will help make
    sure you aren’t low hanging fruit – but you will still likely be pwned.
    Then it’s about making sure your incident response plan is where it
    needs to be.
  4. Santa in camo
    comes early for ARST
    – ArcSight announced their fiscal 2Q
    results last week, and the numbers were good. Here is the
    and the
    earnings call transcript
    39% year of year growth and another quarter of strong cash flow. Lots
    of activity in the federal space, which is expected – given the focus
    on cyber-X that most of the defense and civilian agencies have. In
    fact, government revenues accounted for 49% of their quarter. As the
    federal markets figure out which end is up for FY 2010, it’ll be
    interesting to see if/how the commercial markets continue to adopt
    security management technology. Given compliance mandates, everyone
    needs it – but there are cheap ways to check the box and there are
    expensive ways to overhaul operations. Which path commercial
    organizations take is still an open question (in my mind anyway).
  5. Rebranding
    – Speaking of SIEM, Independent Anton (did you check
    out his new consulting site?) has an interesting analysis of the SIEM market,
    bringing in some Ries marketing mojo and really trying to tackle the
    issue of perception vs. reality. Given that I know a thing or two about
    how to (or more likely, how NOT to) market a SIEM platform, the reality
    is that SIEM is not a must-have. I know about 10 vendors that will be
    jumping up and down telling me I’m wrong. But they are missing the
    point. Compliance is a must have, and that means some of the aspects of
    most modern SIEMs (like log management) must be highlighted because
    that’s where the funding is. Once the funding is found, then it’s about
    highlighting difference – such as with capabilities like SIEM or NBA or
    configuration audit. Anton is right that the focus must be on solving
    problems, not on flashing lights or even scalability. Until a customer
    is convinced a SIEM can solve a problem, how fast it is (or how many
    other capabilities it has) is really besides the point.
  6. Andreas’ love
    note to 2009
    – The analyst I now dub "Double A" for
    Andreas Antonopoulos does a little revisiting of his 2009 predictions in one of
    his last NetworkWorld columns for 2009
    . As you can see, there
    wasn’t anything too controversial here and for the most part he was
    right. It turns out that if you keep your head off the chopping block,
    it usually is still attached at the end of the year. I’d take some
    issue with his "correct" prediction about mobile security, given the
    iPhone worm was only applicable to those with jail broken phones, but
    it’s good to see someone holding themselves accountable for the things
    said. Perhaps Big Research will get into the act as well (0%
  7. Cloud-based
    security services unite
    – I loved the Wonder
    cartoon when I was growing up. And when I saw
    this announcement about RSA leveraging some of Trend Micro’s threat
    intelligence in their own fraud detection services
    , the
    Wonder Twins popped into my head. The reality is this kind of
    information sharing is a good thing. Will it make a difference? Who
    knows, but it makes for good marketing since when trying to
    differentiate "cloud intelligence" it’s all about how much data you
    have. What you use, on the other hand, is very likely a different
    story. Obviously Art (playing the role of Zan) transforms into a cloud.
    But what about Eva (playing Jayna)? What animal form makes the most
    sense for her? Leave your thoughts in the comments…
  8. Pretty good
    rules to live by
    – It’s great to see other folks sharing
    their own life philosophies, and I’ll point the interesting one’s out
    as appropriate. I want to give Michael Dahn some props on a set of three "rules" that he lives by,
    that I think are applicable to most of us. The first is "nothing is
    impossible, the impossible just takes longer." Perseverance is a key to
    success, check. "Learn the good, avoid the bad" seems obvious, but is
    VERY hard to actually do. I’ve found that most folks have to learn the
    hard way what is good and what is bad. It’s a rare bird that can
    actually learn from someone else’s pain. And finally "never stop
    improving" which is actually a double edged sword. One of my problems
    is that I am never satisfied and that creates some real issues in
    knowing how good you need to be in any aspect of anything.

*** This is a Security Bloggers Network syndicated blog from Mike Rothman's blog authored by Mike Rothman. Read the original post at:

Avatar photo

Mike Rothman

Mike is a 25+-year security veteran, specializing in the sexy aspects of security, such as protecting networks and endpoints, security management, compliance and helping clients navigate a secure evolution to the cloud.

mike-rothman has 38 posts and counting.See all posts by mike-rothman