November 2009 Archives

BeFUDdled by Risk

| 5 Comments | 1 TrackBack
"You keep using that word. I do not think it means what you think it means." -Inigo Montoya in The Princess Bride

In the past couple months I've come to hate the word "risk" and its associated phrase "risk management." It's not because risk itself is inherently bad or wrong, or that the need for good, quality risk management has changed. Rather, it's the overuse and misuse of the term that is really grating on me. Despite a lot more talk about risk, it seems that it's even less understood and even more poorly defined than ever before.

Perhaps the most egregious "risk" annoyance is its constant use as a FUD hammer for pushing products or agendas. It seems that every time we turn around, somebody is proclaiming that something is a HIGH RISK (bold, all caps, exclamation, exclamation, exclamation, omg we're all gonna die!). Unless, of course, we buy their product or support their agenda.

Life As a Moving Experience

| 1 Comment

I've moved a lot over the years. Cross-country twice this year already for starters, plus the move to NoVA from MT in 2003, the move to Central PA from MT, and then back, in 2002, down to Chicago in '98, up to the the Twin Cities in '99, and the move to MT in '01 in the first place. On top of all these home moves, we've also done a ton of driving vacations, driving through the vast majority of continental states in the last 10 years (I've driven through or in every state except SC, OR, and NE). Suffice to say, my life is about being in-motion, or so it seems.

Given this experience, I thought it only appropriate to sit back and reflect a bit on the moves of the last 10 years. There are lots of interesting lessons to learn, and I hope that you'll find these interesting and, perhaps, a wee bit amusing.

Top 11 Signs We Never Settled in Phoenix

11. Half our garage was full of packed boxes.
10. Only one car (of two) got AZ plates.
9. Bookshelves were never reassembled.
8. Half my clothes were still in tubs.
7. Only the kiddo had a doctor.
6. We never bothered to find a dentist.
5. We never bothered moving closer to our employers.
4. We never adjusted to having deadly creepy crawlies around the house. *shudder*
3. We kept all our winter clothing.
2. We still think 85 is a fairly warm day.
1. We sprinted at the first chance to move away.

How NOT To Build a Security Program

| 2 Comments

Andy Willingham (Andy ITGuy, @andywillingham) had a post up early this week titled "Building a security program from the ground up". It's an interesting read, though a bit on the naive side. Having just come out of an environment where my role was to build a security program from the ground up, I have a little bit of insight into this challenge. Despite my own failure and eventual inexplicable job loss, there is still much to learn, and much that I can add to this discussion.

Of course, it wouldn't be right to talk about this topic without first acknowledging one of my major biases; that is, my strong preference toward the model I developed specifically toward how to structure an information assurance program (see my earlier posts "Do You Need a Security Department?" and the slightly older "My Philosophy of Security"). Below is a snapshot of the TEAM Model, which I'll most likely mention in my responses.


A Couple (Brief) Political Quibbles...

If you don't care about politics, or other peoples' views on politics, please skip this post... :)

I wanted to comment on two things that I've found rather annoying of late: health care reform and the Nobel Peace Prize.

On health care reform, I'm at a loss. Despite all the doom and gloom and FUD, I think people are failing (once again) to get ticked off for the right reasons. Specifically, writing a law that says "though shalt have health insurance" is NOT a national health care plan. Look at how poorly states do enforcing their requirement for car insurance. Now the federal government is supposed to use a similar tact, nationally, for all people? Please. It's complete bullocks, and I really think this thing should be put out of our misery. Basically, my taxes are going to be increased so that the federal government can do... what exactly?

On the Nobel Peace Prize, I'm at a bit of a loss to explain how a president who's served less than a year in office can win it. What has he done? I mean, I'm all for supporting President Obama, but his win here greatly cheapens this award. By all rights, he should have thanked the committee for their support and good intentions and then turned it down. Seriously. A prize unearned is no prize at all. I'm very disappointed in the Nobel committee.

Big, Nasty, Unfixed Adobe Flash Bug

Hello kind souls! Just wanted to give you a heads-up on a new Flash vulnerability that affects any Flash server that allows uploads of any sort. Adobe has confirmed the vulnerability and shrugged about how to fix it.

For the full details, please visit the Foreground Security release:
http://www.foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html

(Please Note: I am an employee of Foreground Security. That being said, this is a nasty bugger.)

EFF Quote of the Day

I loved this quote from today's EFFector 22.32 by the EFF.

* DVR Is TV's New BFF
Digital Video Recorders (DVRs), once considered a mortal threat by the
entertainment industry, have now become its new best friend. It's just
the latest example of how the industry's constant warnings of the
dangers of "piracy" frequently turn out to be baseless hysteria.
https://www.eff.org/deeplinks/2009/11/dvr-tvs-new-bff

Fail: The Arizona Experiment

| 3 Comments

In case you didn't catch the news in September and October, our little experiment with moving to the desert southwest ended abruptly, returning us to Northern Virginia (NoVA), and right quickly at that. Overall, things are working out for the best (despite the recent hospital visit by our li'l boo). It only seemed appropriate, then, to reflect a bit on this experiment and some of the things I'm slowly learning.

Overall, our Arizona experience wasn't the greatest. We had a hard time finding food that we liked (so many bad Mexican places, so little time). Making friends was very challenging (we're neither retired nor heavily tattooed, unlike the majority of the population, or so it seemed). The area seemed to be teeming with shysters, whether it be scam movers, lousy car service, lousy car wash service, expensive insurance, or whatever. Following are some various reflections on the life we tried to make.

Things You Think About In Hospitals

| 1 Comment

We just spent a bit over 24 hours in the hospital, the kiddo having come down with a bad case of the croup (complete with stridor). The last time I was overnight in the hospital was also for this kiddo, though for slightly more joyous reasons (aka "birth"), but I digress. When one spends a night in the hospital - particularly one for which you've not planned - it puts you in a position to rely on the hospital staff and facility much more to ensure that your needs are adequately met. Here are some random thoughts from the fray of this latest experience...

btw, the care we received was very good, and so this shouldn't be seen as negative or griping, just observations of various things... the contrast between quality of care and quality of environment were, perhaps, what I found so interesting here...

My Other Pages

Support Me

Support EFF


Bloggers' Rights at EFF

Creative Commons License
This blog is licensed under a Creative Commons License.
Powered by Movable Type 5.2.10