Department of Homeland Security Secretary Michael Chertoff is going to be looking for a new job soon and he’s brushing up his resume in preparation, sort of. He’s released a video showing what he’s done as the head of the DHS and what he’s handing off to his successor. It’s an interesting watch and gives you a little insight into what he sees as important. Secretary Chertoff has shown that he has a deeper understanding of the 21st century, blogging and social media than most members of the Bush regime by repeatedly reaching out to bloggers and using the tools of Web 2.0 to communicate with the public. This video is a perfect example of how someone in the blogosphere would go about creating their own resume.
I don’t agree with everything that the DHS does, I sincerely doubt there’s anyone who does, even Chertoff himself. But they’ve been given an extremely tough mandate and what I do believe is that he’s done the best job he could. As Janet Napolitano steps in to take over for Secretary Chertoff, it will be extremely interesting to see how the focus shifts and what aspects of national security come to the foreground. There have already been indications that she’ll concentrate more on imigration issues since that’s her background, but what else will she concentrating on? I can only hope Govenor, soon to be Secretary, Napolitano continues in Mr. Chertoff’s footsteps and builds on the efforts to communicate with us.
I hope Mr. Chertoff takes a little time to kick of his shoes (get it, an airport pun), relax and let someone else take the heat for a while.
DHS Secretary Michal Chertoff Accomplishment Video
I made two fairly major purchases this week, even though I had to use the credit card to make them, something I hate doing. Both are aimed at promoting my long term health, one physical, the other career. The first was to get a small amount of exercise equipment and order the DVD’s for the P90x system. I’m sure anyone who’s following the security guys in Twitter has heard more than their fair share about P90x lately and Chris Hoff has gone so far as to create a new blog of his own to monitor his progress with the P90x system. I probably won’t go as far as he has with the blog, but I think I will follow his example and take a ‘Week 0’ picture and occasional pictures after that. I’m not starting the program until after Christmas myself, mostly because I’ll be heading out for the in-laws for a week and don’t want to start something this hard then stop for a week.
The second purchase I made was to get myself a membership in Microsoft’s Technet Plus. I’ve had access to TN+ several times before through employers and I’d used it a lot to build and rebuild servers, test out new programs and generally learn aspects of Microsoft programs I wouldn’t normally have access to. Unluckily the last time I had access to TN+ was just after XP came out and when Vista came out the only reason I got to try it at all was that I happened to recieve a copy of Vista Ultimate at an event I attended. Not that I ever successful upgraded a system to Vista, but at least I got to try.
The truth is, TN+ is also a tax writeoff for me. I haven’t earned much from Google Ads this year, but it’s more than the cost of the TN+ subscription and this will help me conteract what little tax burden there is. But more importantly, this is an investment in my own continuing education for security and technology. I work from home and while I get a chance to see different networks and OS’s with every new client, it’s not the same as getting your hands into the guts of a server and administering it yourself.
So I’m viewing the purchase of TN+ as in investment in my technical skills for the future. And that’s how I’m selling it to my wife as well. I put a lot of time in to reading blogs, writing my own blog and creating the podcast, but the amount of money I’ve put into furthering my skills has been minimal the last few years. My training comes through going to events like RSA, Black Hat and Defcon. I don’t have a lot of time and energy to read security books, but several of the publishers occasionally send me those to read and review. I often think about investing in a Masters Degree. It’d be expensive and time consuming, but it’s a piece of paper that helps you go a lot further in life than a BS will. But until my wife finishes her own college courses and gets a job, any further courses for me will have to wait.
What other venues should I be spending money on to further my career as
a security professional? Is there something I’m neglecting that might
eventually catch up to me? How are you investing in your career? Are you investing in your career monetarily or are you making your investments in time and energy instead? I know there are a lot of people out there who are beginning their careers who are curious about how to get into security, but I’m wondering how the people who’ve been in the field for years are continuing to improve their skills and preparing for that next step up or making themselves as ‘recession proof’ as possible. I don’t think anyone in this field can afford to say they’re resting on their laurels.
We can’t live without anti virus on our computers in this day and age. I guess we really can, strictly speaking, but the non-techies in my household don’t have the understanding of the Internet to know which behaviors to avoid and what might get them in trouble. So I put AV on their computers, because it’s easier than trying to educate them. And as vital as AV is in these situations, I refuse to pay for it. Why? Because there are so many free options available, and I think most of the for-pay AV’s are too expensive for offering few features that I can’t get in the free versions. I suspect the free AV solutions use the home AV market as a loss leader to get themselves market share and awareness, giving them a toehold in the corporate AV market, which is where the real money is in any case.
For years I’ve been using AVG Anti Virus free edition, but recently I’ve been less than happy with it. It’s been fine on my computer, a decent XP desktop, but on my wife’s slightly older Win2K system, it’s been more than a little unstable and recently started complaining at startup that it was missing a .bin file. I tried to update it several times and scanned the hard drive several times, but I lack the confidence in it’s ability to find malware if it’s acting this flaky. So this morning I uninstalled AVG and now I’m in the process of installing Avast Home Edition. The initial installation was as painless as expected, the system rebooted and before it fully loaded into Windows it’s doing a full system scan for malware. It hadn’t found anything when I started writing this, but given the amount of storage space on her computer, a full scan could take a little while.
So my question to you is what free AV program do you use at home and install on your family’s computers? Or do you pay for AV from one of the big names? Or do you skip AV all together, since the I’ve read numbers stating that AV is only between 60% and 80% effective in any case? And most importantly why did you make the decision you did?
Update: Here’s a link to an entire list of AV products out there at Checkvir.com and a really good report by Anti-malware Test Lab, showing exactly how ineffective AV is. According to this report, only Avira (who?) Kaspersky and F-Secure AV even hit the 90% mark for finding viruses. The big players, Symantec and McAfee only hit the mid-60’s. Ouch!
I’m back from the far reaches of Canada (Montreal), I’ve almost recovered from the 20+ hours of flying in the last 10 days and other things I picked up along the way. My mind says I could still use another 6-8 hours of sleep, but my body and my kids don’t quite agree with it. So instead I’m up early playing my MMORPG, reading my twitter stream and blogging. Sounds like a pretty typical Saturday morning to me. Except I’m heading down to SF in a couple of hours to record more video discussions with several other security professionals, some face to face, some via the miracles of the Internet. I’ve already professed to the group that I’m the least likely to be considered an ‘expert’ in most of the subjects we’ll be talking about, but that’s never stopped me from voicing an opinion before, so why let it start now.
Saturday morning reading:
- Just a little forewarning: There’s some big news coming to the Security Blogger Meetup page in the next couple of days. I can’t tell you more until I get permission, but keep an eye out on the page and your email if you’re a security blogger, podcaster or writer.
- Wave Bubble: Build your own self-tuning RF jammer. Which is probably illegal in several states, especially if you use it against cell phones. But hey, it’d be worth taking in the theater with you to block those annoying jerks in the row behind you who insist on taking calls in the middle of the show. Thanks to John McCash for showing me this one.
- I found out this week that the CEO of my ISP blogs and twitters, and is now following me. Sonic.net is one of, if not the, biggest privately owned ISP in the US. After the holidays are over, I’m hoping to get an interview with him and several of his engineers to discuss the security concerns of running a large ISP.
- ‘Dirty Dozen’ of vulnerable apps – I’m not sure if this is a valid list or just another attempt to garner attention, but I’m putting in my reading list to figure out later.
- Review of “Schneier on Security” – I like Bruce Schneier, but I’ve most likely read almost every article in this book when it originally came out. So why would I spend money to read them again in paper form? YMMV
- It’s not a good time to be using IE7. Or IE6 or IE8 or MS SQL Server or … well, you get the picture. Switch to Firefox already!
- And speaking of Firefox, Window Snyder is leaving Mozilla for an undisclosed startup. Good luck Window!
- There was a lot of stuff on the ZDNet site to read this week. I wonder how long it’s going to take Chris Hoff to tear into this article on Cloud Computing.
- If you’ve been blogging for long, you’ve probably had an “Oh shit, people actually read my drek!” moment. Hopefully yours wasn’t right after you got /.’d for tearing into someone for being ignorant.
- I saved the stupidest for last: The McCain campaign was selling off some of the equipment they no longer needed and forgot to wipe the memory of their Blackberries. There were a number of private politician phone numbers still on the phones, even some emails and text messages. And there’s a call out to see if other people who bought the stuff found sensitive information as well. Who needs to hack your email account when you’ll just sell it for $20?