July 13, 2009 at 07:21 · Filed under Personal
In economic times such as these it is imperative that architects and leads alike look beyond the glossy software catalog and instead to the web. In the past we often discounted open source as unsupported and hacker-like in the development efforts. One would hope that in this day of enterprise open source powering the majority of web applications that we could back away from the mantra of yesteryear.
The argument often heard in corporate America is without a company backing it, how can you trust the source of the code? In the same bated breath they will speak to Microsoft and Oracle as pristine trophy holders of American Ideals. In this global economy and 24×7 development cycle there is very little code still developed stateside only. The pond and time zone allow for rapid development cycles and releases. It is ignorant to think that Microsoft’s code is not spattered with code developed in foreign countries. The bazaar development paradigm has extended well upon the weird GNU hackers in their basements, even Microsoft and other commercial entities have opened the doors to this development process.
As security professionals we must be the voice of reason. Most commonly it is our doorstep the argument falls on. The corporate IT groups and managers look to our nod for successful deployment. We owe it to ourselves and the industry to take a dispassionate review of all products and benchmark them against the same criteria we would any product. It is tempting give the source code availability as a pro for deployment, but it is important to pull away from this position. When is the last time you performed a code audit of one of the multiple open source products you are employing?
Rather utilize the larger establishment for verification of your position. DoD, DISA, NSA, and US-Cert are all running open source code reviews. A quick US-CERT search for vulnerabilities will yield many open source tools with results. There is no discrimination against closed and open source models in their review of security. When we as a professional organization remove the zealotry and religious-esqe view of products we can then pick the right tool for the job.
For those of us with a foot on each side of the court reviewing products for both security and IT lifecycles the key will be very simply supporting open standards. Opening the selection process to any tool that supports open, documented standards allows the battlefield to be level. It is unrealistic to compare the merits of Apache’s ASP support to IIS and expect useful results. Likewise it is unrealistic to compare 7za compression formats to WinZip and ding 7za for utilizing a proprietary format.
July 11, 2009 at 04:24 · Filed under Personal
What appears to be a world littered with twitter messages and facebook status message updates, I thought it appropriate to update those who care enough to read. I have neglected the communication I often share with everyone due to the constraints of time and sleep. Given the choice to ensure a rigid routine or talk to you all late into the night, I am selfish and choose sleep and eating. Sorry, just the caveman in us all.
Location for the first time in 3 years has been, dare I say, stable. I transitioned from the vertical living of Crystal City to a beautiful little townhome in Old Tow Alexandria. This means absolutely nothing to you non-DC snobs, but equate it to moving from concrete jungle to suburbia soccer mom throw down. Oscar and I stand out like a clown at a funeral, but we enjoy the family atmosphere and nice walking sidewalks. Even if we are required to dodge yuppies at every turn. They are nice yuppies. With that stationary expression though, I must admit I type this from the airplane. My work (will cover shortly) has brought me back to the mistress of the road. We had been seperated for awhile, but I am now back to knowing her well. The travel is nowhere near the amount you are all accustom to by reading my messages, but certainley enough to earn me an extra chocoloate on the hotel bed pillow.
A few months ago I was given the offical grade for the role I was filling. Up until then I was performing the work, but not given the same titel and responsbility. It has been a learning experience as no good work goes unpunished. The mantra I am finding is hard work just deserves some more of it. To be perfectly honest I love it and the hours are a blessing. Watching the military father I had from afar and being raised in a family of strong men has left me well equipped to take the role on. Phrases like:
* Troops are your greatest asset and biggest responsiblity
* God calls you to lead by example and with integrity
* Lead from the front, not from the rear
* Set the bar high enough and someone will get their chin there
* If your men are there, you are too. Never excuse yourself from hard work because you are the boss
These all guide me on my new found adventures in to management land. My refusal to be the manager who doesn’t understand the work he is leading has helped me to stay engaged. The natural curoristy I was raised with keeps my after hours and waking moments filled with techie stuff and geeky expansion. It still makes me smile to be the guy who fixes the problem when no one else can.
All in all the year mark is approaching 1 August for my first trip to DC. When I type up my memoirs (To be titled “The Geek shall inherit the Earth”) this will serve as a chapter mark. Much growth and learning has occured in the short time of this transition. I hope to be in a better place to catchup with you all soon. God bless, love and thankfullness, and sheesh I ramble well :)
Location for the first time in 3 years has been, dare I say, stable. I transitioned from the vertical living of Crystal City to a beautiful little town-home in Old Town Alexandria. This means absolutely nothing to you non-DC snobs, but equate it to moving from concrete jungle to suburbia soccer mom throw down. Oscar and I stand out like a clown at a funeral, but we enjoy the family atmosphere and nice walking sidewalks. Even if we are required to dodge yuppies at every turn. They are nice yuppies. With that stationary expression though, I must admit I type this from the airplane. My work (will cover shortly) has brought me back to the mistress of the road. We had been separated for awhile, but I am now back to knowing her well. The travel is nowhere near the amount you are all accustom to by reading my messages, but certainly enough to earn me an extra chocolate on the hotel bed pillow.
A few months ago I was given the official grade for the role I was filling. Up until then I was performing the work, but not given the same titel and responsbility. It has been a learning experience as no good work goes unpunished. The mantra I am finding is hard work just deserves some more of it. To be perfectly honest I love it and the hours are a blessing. Watching the military father I had from afar and being raised in a family of strong men has left me well equipped to take the role on. Phrases like:
- Troops are your greatest asset and biggest responsibility
- God calls you to lead by example and with integrity
- Lead from the front, not from the rear
- Set the bar high enough and someone will get their chin there
- If your men are there, you are too. Never excuse yourself from hard work because you are the boss
These all guide me on my new found adventures in to management land. My refusal to be the manager who doesn’t understand the work he is leading has helped me to stay engaged. The natural curiosity I was raised with keeps my after hours and waking moments filled with techie stuff and geeky expansion. It still makes me smile to be the guy who fixes the problem when no one else can.
All in all the year mark is approaching 1 August for my first trip to DC. When I type up my memoirs (To be titled “The Geek shall inherit the Earth”) this will serve as a chapter mark. Much growth and learning has occurred in the short time of this transition. I hope to be in a better place to catchup with you all soon. God bless, love and thank-fullness, and sheesh I ramble well :)
