December 7, 2009 – Volume 4, #36

Good Morning {!firstname}:
Life is a roller coaster. Pure and simple. During a particularly
difficult time about 15 years ago, my Dad sent me Seinfeld’s book, with this
specific passage highlighted:

It’s hard to keep that in context during the day to day grind. One
minute you are up and
then in what seems like the next second you are down. It’s also a bit
more challenging for security folks, because in general we tend to be
somewhat cynical (OK, very cynical) and borderline paranoid. It’s take
me a long time to get in tune with my own peaks and troughs, and some
days that presents a pretty significant battle.

Take
yesterday, for example. I was excited to go see the hometown Falcons
play the Eagles. Yeah, I hate the Eagles. Growing up in NY and being a
Giants fan means you pretty much hate the Eagles. I know hate is a
strong word, but actually it may not be strong enough. I hate^2 the
Eagles, so I was hoping the dirty birds would put a hurting on visitors.

Of course, my optimism lasted about 10 minutes and the reality of the
impact of having 40% of the offense inactive set in. It was ugly, and
totally compounded by the number of Eagles fans there to gloat. OK,
they didn’t gloat, they were pretty cool (especially for Eagles fans),
but still. It hurt, and I was grumpy.

So I get back to Chez Incite and settle in to watch the Giants play the
hated^2 Cowboys. Things started slowly for the G-men, and my mood was
descending into dark places. The Boss was going to vacate the premises,
but then at the end of the first half the Giants got going and held on
for the victory. Elation personified. I’m not sure why football gets me
so fired up, but it does. And given how the Giants have played over the
past two months, getting a big win was awesome.

But then I need to take a step back. There were pretty low lows and
pretty high highs all in the course of about 6 hours. And this was
about football, not anything really important. I think part of finding
balance and happiness is to acknowledge that there are some things that
you CHOOSE to get excited about. That means you also need to accept
that those very things will make you miserable at times.

Then the misery will pass. Just as the happiness will pass. This is the
cycle we call life. Some can’t deal with it and think there is
something wrong with them because they get whiplash swinging back and
forth between pessimism and optimism. There is nothing wrong with that.
There is nothing wrong with them. It’s called being human.

Have a
great day.

Photo: "Ms.
Happy, meet Mr. Sad 111/365" originally uploaded
by SashaW
Technorati: Information
Security, CSO,Security
Mike, Internet
Security

The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com

Follow me on Twitter: @securityincite I’m not sure where I’m going, but I’ll get there in 140 characters – or less…

Incite 4 U

1. Liberation
   and Thought Leadership – RockyD rocks the house on FUDSEC
   last week with a
   post about getting out of the rut many of us are in.
   There is a lot of good stuff in here (especially about focusing on
   R&D and better information sharing) and like most of the FUDSEC
   posts, it’s about spurring discussion. Mort
   takes issues with some of the stuff on the Securosis blog,
   and I agree with his positions, so I’m not going to rehash. What I’m
   going to pick on is the part where Rocky advocates a "vendor thought
   leadership" approach to the more strategic problem set. Sorry dude,
   it’s not going to happen. Unless you count having every vendor (or
   consultant) apply what’s in their bag and position it as a "strategic"
   solution. The profit motive ensures that the job of the vendor (and in
   many cases, consultant) is to convince the customer the strategic
   problem-set is addressed by the products. I know you are advocating the
   exact opposite approach, but I can’t see it happening because a
   quarterly mind-set ensures short cuts are taken at every opportunity.
2. Noise level
   at an all-time high – The results of the annual CSI
   survey are out. The
   Help-Net Security folks did a nice job summarizing the findings.
   Basically we are dealing with a lot more incidents, but the average
   loss per incident is coming down. Hmmm. That wouldn’t have to do with
   the fact that losses are not growing as fast as the number of
   incidents, eh? But the point is this is all noise. These surveys are
   interesting to look at in five year cycles to see where we’ve been, but
   not very instructive to understand where we are going. Fact is, we need
   to focus on blocking and tackling – STILL. And given that cyber-crime
   is a growth market, I don’t expect these surveys to show anything
   remarkably different for years to come. The point is for you to not end
   up as one of the statistics.
3. More noise
   about data breaches – The folks at Imperva were also kind
   enough to point out the fact that even
   though the number of reported data breaches is going down, the number
   of records compromised has exponentially increased.
   Which again is predictable. With some exceptions, the amount of work to
   steal a million identities is similar to stealing 50 million. So why
   wouldn’t the bad guys go after bigger targets? And they have –
   successfully. Good for them. The point is the noise can be used for FUD
   purposes (yes, there is a time and place for fear, uncertainty, and
   doubt in every security practitioners bag), but it shouldn’t be
   impacting our plans, strategies or processes AT ALL. Incidents and
   breaches happen, we know that. Blocking and tackling will help make
   sure you aren’t low hanging fruit – but you will still likely be pwned.
   Then it’s about making sure your incident response plan is where it
   needs to be.
4. Santa in camo
   comes early for ARST – ArcSight announced their fiscal 2Q
   results last week, and the numbers were good. Here is the
   release and the
   earnings call transcript.
   39% year of year growth and another quarter of strong cash flow. Lots
   of activity in the federal space, which is expected – given the focus
   on cyber-X that most of the defense and civilian agencies have. In
   fact, government revenues accounted for 49% of their quarter. As the
   federal markets figure out which end is up for FY 2010, it’ll be
   interesting to see if/how the commercial markets continue to adopt
   security management technology. Given compliance mandates, everyone
   needs it – but there are cheap ways to check the box and there are
   expensive ways to overhaul operations. Which path commercial
   organizations take is still an open question (in my mind anyway).
5. Rebranding
   SIEM – Speaking of SIEM, Independent Anton (did you check
   out his new consulting site?) has an interesting analysis of the SIEM market,
   bringing in some Ries marketing mojo and really trying to tackle the
   issue of perception vs. reality. Given that I know a thing or two about
   how to (or more likely, how NOT to) market a SIEM platform, the reality
   is that SIEM is not a must-have. I know about 10 vendors that will be
   jumping up and down telling me I’m wrong. But they are missing the
   point. Compliance is a must have, and that means some of the aspects of
   most modern SIEMs (like log management) must be highlighted because
   that’s where the funding is. Once the funding is found, then it’s about
   highlighting difference – such as with capabilities like SIEM or NBA or
   configuration audit. Anton is right that the focus must be on solving
   problems, not on flashing lights or even scalability. Until a customer
   is convinced a SIEM can solve a problem, how fast it is (or how many
   other capabilities it has) is really besides the point.
6. Andreas’ love
   note to 2009 – The analyst I now dub "Double A" for
   Andreas Antonopoulos does a little revisiting of his 2009 predictions in one of
   his last NetworkWorld columns for 2009. As you can see, there
   wasn’t anything too controversial here and for the most part he was
   right. It turns out that if you keep your head off the chopping block,
   it usually is still attached at the end of the year. I’d take some
   issue with his "correct" prediction about mobile security, given the
   iPhone worm was only applicable to those with jail broken phones, but
   it’s good to see someone holding themselves accountable for the things
   said. Perhaps Big Research will get into the act as well (0%
   probability).
7. Cloud-based
   security services unite – I loved the Wonder
   Twins cartoon when I was growing up. And when I saw
   this announcement about RSA leveraging some of Trend Micro’s threat
   intelligence in their own fraud detection services, the
   Wonder Twins popped into my head. The reality is this kind of
   information sharing is a good thing. Will it make a difference? Who
   knows, but it makes for good marketing since when trying to
   differentiate "cloud intelligence" it’s all about how much data you
   have. What you use, on the other hand, is very likely a different
   story. Obviously Art (playing the role of Zan) transforms into a cloud.
   But what about Eva (playing Jayna)? What animal form makes the most
   sense for her? Leave your thoughts in the comments…
8. Pretty good
   rules to live by – It’s great to see other folks sharing
   their own life philosophies, and I’ll point the interesting one’s out
   as appropriate. I want to give Michael Dahn some props on a set of three "rules" that he lives by,
   that I think are applicable to most of us. The first is "nothing is
   impossible, the impossible just takes longer." Perseverance is a key to
   success, check. "Learn the good, avoid the bad" seems obvious, but is
   VERY hard to actually do. I’ve found that most folks have to learn the
   hard way what is good and what is bad. It’s a rare bird that can
   actually learn from someone else’s pain. And finally "never stop
   improving" which is actually a double edged sword. One of my problems
   is that I am never satisfied and that creates some real issues in
   knowing how good you need to be in any aspect of anything.