Comments for ShackF00

Comment on The Cloud’s Low-Rent District by Jason Graf

Jason Graf — Thu, 16 Feb 2012 20:11:45 +0000

Great comments and like the analogy to the work of Tim Ferriss. As you stated so many of these CSP’s start out very small and work themselves into big business. Hard to think so far ahead when you are just trying to make your rent payment and pay your employees. The risks are however very large, and anything that will encourage/motivate companies to spend some of their time and money is good. It does seem as humans and organizations that we tend to be mostly motivated by the cost of something or potential loss of business. Thanks for taking the time to put this into words.

Comment on Infosec: Where’s our “Long Tail”? by Lucas Samaras

Lucas Samaras — Mon, 06 Feb 2012 18:22:52 +0000

The innovators are definitely out there, they just get dwarfed by all the noise and forgotten after they get acquired. I’m looking forward to those small booths with quirky launches like xoware, which is in the Exhibitors’ listing but doesn’t even have a website up yet. Here’s their description, let’s hope their busy innovating (ahem, b/c they’re definitely not marketing):

“x.o.ware is building an exoskeleton for your network, which allows you to securely access it or the Internet anywhere. ”

Here’s a quick summary of the Top Ten Finalists from the Innovation Sandbox:
http://www.marketwatch.com/story/top-10-finalists-announced-for-the-most-innovative-company-at-rsar-conference-2012-contest-2012-01-05

Comment on Doom, Gloom, and Infosec by Does Offensive Security Really Exist? | 安全业界观察

Does Offensive Security Really Exist? | 安全业界观察 — Tue, 15 Nov 2011 22:26:47 +0000

[...] had some great commentary and discussion on my last post, “Doom, Gloom, and Infosec“. Jericho rightly pointed out the ever-popular Charlatans page at Attrition. This, could , most [...]

Comment on Doom, Gloom, and Infosec by Open Tabs 11/11/11 | 安全业界观察

Open Tabs 11/11/11 | 安全业界观察 — Fri, 11 Nov 2011 16:07:34 +0000

[...] Doom, gloom and infosec – Of course our career field isn’t all feces and stench, but it’s not roses and cake either. [...]

Comment on Doom, Gloom, and Infosec by Network Security Blog » Open Tabs 11/11/11

Network Security Blog » Open Tabs 11/11/11 — Fri, 11 Nov 2011 14:04:05 +0000

[...] Doom, gloom and infosec – Of course our career field isn’t all feces and stench, but it’s not roses and cake either. [...]

Comment on Doom, Gloom, and Infosec by Davienthemoose

Davienthemoose — Fri, 11 Nov 2011 04:05:46 +0000

I think saying “people don’t listen” is an oversimplification.

It’s not that people don’t listen; it’s that many orgs say “Go make us secure!” an then say “Don’t do that!” to most, if not all of the things that infosec pros know will fullfill that goal. And it’s not a difference of communication or a misalignment of priority; it’s a fundamental difference in culture between infosec pros and those who pay for infosec pros. Infosec pros want to do the right thing; everyone else wants to do whatever they want and have all those inconvenient requirements just leave them alone.

The burnout comes from knowing what is wrong, feeling responsible for it, and being told not to do anything about it (but say you are).

Defense does suck. We spend more time fighting with our own side to get the right tools, the right training, the right policies, the right backing, an the right people to have a chance at fighting “the bad guys” than we do actually doing the job we were hired to do.

Comment on Doom, Gloom, and Infosec by Episode 519 – Infosec Whiners, Rogue Risk Manager, Steve Was Right, Comcast’s Native IPv6 and 5 iOS Tips | InfoSec Daily

Fri, 11 Nov 2011 01:51:40 +0000

[...] Source:http://daveshackleford.com/?p=689 [...]

Comment on Doom, Gloom, and Infosec by @451wendy

@451wendy — Thu, 10 Nov 2011 15:33:13 +0000

Your assertion that “infosec is not a calling” is going to prompt a lot of discussion, I think.

Those folks whose self-identity is based on rescuing or saving others are going to internalize infosec; they can’t help it. And because of all the roadblocks you mention, they’ll find a never-ending supply of windmills, but will very rarely be able to rest on victories. Maybe it’s that combination that leads to stress and unhappiness.

For that matter, if you have a need to “win” and you can’t win at infosec, then at least you can “win” over your fellow infosec practitioners. Which explains a lot of the rest of the debates.

Comment on Doom, Gloom, and Infosec by jericho

jericho — Thu, 10 Nov 2011 09:25:46 +0000

attrition.org/errata would be a great reason ‘infosec sucks’ and would surely explain burnout for attrition staff.

Comment on Doom, Gloom, and Infosec by J4vv4D

J4vv4D — Wed, 09 Nov 2011 15:59:37 +0000

Spot on Dave… now this is what I’m talking about.

You’re absolutely right. We’ve got so many great things going for us in the industry. You can choose to delve into the depths of technology, coding, exploits or go for a wider risk path. There are also so many great people to meet, network with and learn from. Which is probably why there are so many rocking conferences around. We have people who are genuinely excited and passionate about their chosen field of work… and that alone is worth a smile a day