Archive for January, 2011

Jan 30 2011

Writing myself out of time (and energy) to blog

Published by under Blogging,Podcast

One of the main reasons I started blogging way back when was because I had ideas I wanted to express and an excess of time to think about them.  Boy, those were the days, when it wasn’t uncommon to have two or three breaks during the day when I could not only read some of the interesting articles and make a comment or two.  I could whip out a post in 15 minutes or less because I’d done most of the planning for the writing in some other down time I’d had earlier in the day.  I wish I’d been able to save some of that down time, because I could use it now.  Oh, yes I could.

We all have those days where the currents of your work load all gang up to overwhelm you at once.  That’s pretty much been the whole year so far for me.  Add on to that a regular podcast, gearing up for interviews at RSA, preparing a talk with Mike Dahn on PCI and Cloud Computing, plus preparing for travel the week after RSA.  And then there’s another project that’s just ramping up.  I have high hopes for this one, but I’ll have to keep quiet on it for a little while.  And speaking at Source Boston in April.

One of the reasons I haven’t been writing much on the blog lately is that I’ve gotten so up close and personal with PCI the last few months that it’s hard to pull back a little and look at bigger picture issues.  I never intended for this blog to be a PCI specific site and I still don’t.  So I resist writing on the stuff I deal with daily, which limits what I have the time and energy to write about.  I have plenty of writing coming up for Verizon Business concerning PCI, but I expect that to surface mainly on the Verizon Business Security Blog

I’m not going to shut down this blog any time soon, it’ll still be here, but the reality of life is I need to concentrate more on my day job than the things I’ve been doing for years on the side.  I’ll still write here when I have a spare moment and an idle thought, but I’m no longer going to pressure myself to feel I need to update daily (how long has that been?), weekly or even monthly.  Podcast notes will show up weekly (or so), I’ll still mouth off from time to time.  But I have to make this a lower priority, at least for the time being.

Hopefully I can re-examine the blog once RSA is over.  There’s been a lot of talk lately that blogging in the security community has fallen by the wayside and I definitely feel some of the effects as well.  I think it’s part of growing up and having to spend more time making things happen and less time talking about it.  At least that’s what I’d like to believe.  In the mean time, this can be my annual “RSA is a lot of work, I’m burnt out, it’s fun, but I can’t wait for it to be over’ blog post.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off on Writing myself out of time (and energy) to blog

Jan 30 2011

Network Security Podcast, Episode 229

Published by under Podcast

Insane week. All of us traveling or hitting major
conference-related deadlines. Apologies for the awkward pauses,
stammering, and sounds of heads exploding.

Okay, that last one is pretty cool.

Things can’t be this crazy forever, can they?

Ah heck… it isn’t like you guys read these notes anyway. Here you go:

Network Security Podcast, Episode 229, January 25, 2011
Time:  22:10

Show Notes:

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off on Network Security Podcast, Episode 229

Jan 19 2011

2011 Social Security Awards

I am so behind on my blogging it’s not funny.  I was supposed to say something about the 2011 Social Security Awards a couple of weeks ago, but between running around the country and writing long, boring reports on PCI compliance, something had to fall off the to-do list, and blogging was it.  Which is why it’s a little ironic to break the silence with a post honoring some of the best writers in our business.  After which I’ll probably be going back to radio silence as I try to create a small bubble of calm in my work schedule that will allow me to attend the RSA Conference with minimal interference.  Or at least that’s the theory.

This is the third annual Social Security Blogger Awards, and once again the committee putting it together, led by the incomparable Alan Shimel, has worked hard to improve both the process for deciding the categories and the process for voting.  There were a number of categorizations in last year’s awards that had many of us laughing and shaking our heads in confusion, but by that time it was too late to make changes.  So this year Alan and his team of judges, who are all professional writers who cover the security field, revamped the categories and I think everyone involved will agree that they’ve done a great job of it.  The judges picked the cream of the the blogs and podcasts from all the great people we have writing, now it’s up to you to decide who the real winners are.

As always, I look forward to the night of the Security Bloggers Meetup at RSA.  This year, my influence on the whole process has been minimal, and as always, Jennifer Leggio has been shouldering far more than her fair share of the work.  Not to say I haven’t done anything… well, actually, I haven’t.  We’ve been doing this for a number of years now and it’s clear that Jennifer has a handle on everything and if I try to get further involved I’ll slow things down more than help.  Which goes back to my original point that I’m already too busy with the day job to help much.  But the SBM has become the central event of the RSA Conference, at least for me, and the pivot that all my other plans revolve around for the week.  The few hours we take out of an evening to connect and reconnect with the people in our community who distinguish themselves by trying to express the problems and solutions for our industry is worth more than almost anything else that goes on at RSA, at least for me.  People who are passionate about what we do are always exciting to be around.

Who are your favorites for this year’s Social Security Awards?  I especially like the new category “The single best security blog post of the year”.  Not everyone can write regularly, in fact some people may only put out one or two blog posts a month.  But the thought and quality of writing that goes into those infrequent posts is exceptional and deserves to be recognized.  And the folks who continue to put out exceptional content day after day just blow my mind. 

Go now, vote on the Social Security Awards.  Vote for your favorite, vote for the person you think is most deserving or vote in an utterly random fashion, as long as you vote.  While the awards are for bloggers and by bloggers, the reason we write is for the readers and listeners in the real world.  And this is your chance to help recognize the people you think have had the most impact and influence on our community.  Or at least amused you the most.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

Jan 18 2011

Network Security Podcast, Episode 228

Published by under Podcast

This week Zach is away, so Rich provided us with our third co-host tonight.  She doesn’t say much, what she does say is gibberish, but she’s cute as can be anyway.  Besides, speaking gibberish hasn’t stopped anyone else from being a guest on our show, so why start now.  We talk about Facebook and all the wonderful privacy initiatives they’re pushing (NOT), as well as some issues going on within the security community.  And we’re planning for RSA 2011 next month.  The fun never ceases.

Network Security Podcast, Episode 228, January 18, 2011
Time:  33:50

Show Notes:


[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off on Network Security Podcast, Episode 228

Jan 04 2011

Network Security Podcast, Episode 227

Published by under Podcast

Insert blurb here, say something funny.

Well, at least that’s the theory.  This week’s show is Martin and Zach; Rich is off doing other stuff.  We talk a little about Zach talking at Shmoocon and Martin presenting at RSA and then get into the stories of the week.  You know, the normal, slightly rambling stuff

Aaand we’re taking next week off.

Network Security Podcast, Episode 226, January 4, 2010
Time:  [27:52]

Show Notes:

Online impersonation banned starting in New Year

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off on Network Security Podcast, Episode 227

Jan 03 2011

Good morning 2011

Published by under Blogging,General,Simple Security

It felt good.  I took the last two weeks of 2011 and took a hiatus from Twitter, I tried to stop reading security stories and I generally just stayed away from my home office and computer whenever I didn’t absolutely need to be working.  I still used the iPad and I couldn’t leave my phones behind, but it really felt good to deprioritize social media and email in favor of spending time with my family over the holidays.  And it felt good to just put a little distance between myself and all the stressors on the Internet and in my inbox. 

I don’t do year end reviews and I don’t do predictions; it’s not that I’m against them, it’s that I feel there are a lot of other people out there who have a better 10K foot view than I do.  Plus I hate looking back the next year and seeing how wrong I was about where everything was going.  That being said, I get the feeling that 2011 will be a year of change; too many people are complaining too loudly about being burnt out.  Too many people are saying ‘what we’re doing isn’t working’.  There were too many high profile incidents for people to ignore and keep on doing what they’ve been doing.  Or at least that’s my hope.

Alex Hutton sent out a tweet about a concept called ‘slow hunches‘ not to long ago.  The basic idea is that we all have portions of great ideas floating around in our heads, it’s when these ideas bump against other ideas and let them mature over time that the real game changers start to develop.  That’s a gross simplification of an entire book, but I hope it get’s the message across.  I know I have a number of these partially formed ideas in the back of my head and I know from experience that a number of other people across the industry have similar ideas floating around.  What I don’t know is how we get those ideas together in order to affect change.  Because doing the same ol’, same ol’ isn’t working.

Maybe I’m just optimistic and nothing will change.  But like the idea of slow hunches, there are so many incidents both big and small, happening right now that something has to give.  Rich (Mogull) is often telling me that as long as we can continue to do business within an acceptable level of fraud, nothing is going to change.  And he may be right.  But I hope he’s just more of a pessimist than I am.  And in the bigger picture, I’m sure he is right, since the more things change, the more they stay the same.  But I can still hope that someone amongst our community will come up with a seminal idea this year that will change the way we look at security.  Other than “let’s concentrate on the basics” that is.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off on Good morning 2011