StillSecure, After All These Years

I have read a lot this weekend from people whose business acumen I respect.  Brad Feld (here and here), Fred Wilson and Will Herman all published blog or twitter posts dealing with our present economic condition.  One of the great things about blogging though is if I don’t agree with them or want to express my views on the subject, I have my own bully pulpit. I may not have the 100K plus followers that Brad or Fred do, but that is OK, I can put my thoughts out there for the world to see.  So here goes:

First of all no one wanted the federal government to bail out any companies. The government certainly didn’t want to. It truly is an investor of last resort. But the alternatives are just worse.  You will not find many takers willing to raise their hand and say, “yes lets burden our children with the debts of our mistakes”, never the less, if we did nothing we may not leave them anything at all.  So I don’t buy into the - we all want to be socialist Swedes and that this is some how part of Brarak Obama’s plot.  Plain and simple we were in such a rotten place that we had no choice but for the government to step in to avoid such widespread upheaval that it could rock our foundations to its core.

Second, somewhere along the line it has been repeated enough times so that everyone takes as gospel that government can never do anything as well as private markets can.  It started with Ayn Rand for Brad and the gang, but for most of America it is textbook Ronald Regan.  But the fact is that for big projects like going to the moon, building an atomic bomb, winning a war – funding basic R&D, the government actually does a pretty damn good job.  It is not optimum, but the government is in a much better position to weather the storm and see us through to the other side in our current mess.

Next, there really is a case of being a hammer and everything looks like nails here.  Fred calls Citibank to task for taking out an ad in the NY Times. He says “old school companies sticking to old school approaches that don’t work anymore”.  Yes, if you invest in a lot of internet companies and closely watch the ad business on the net, you may discount the value of old fashioned print ads in the NY Times. But lets give the marketing and media departments at Citi and their ad agencies some credit here.  We are not talking about a couple of start up mark-comm folks who know how to manipulate Google Ad Words.  These are people who have been doing this for a living for a long time, have reams of data and no what they are doing.  It wasn’t Citibank’s marketing that got them in this mess. 

Brad jumps on this bandwagon calling it an idiot move, but cuts Citi some slack because they are doing some things he is aware of, but can’t speak about.  I don’t know what these things are but knowing Brad, they involve RSS or at least the web as a communication medium.  Again the hammer looks for nails.  Guys, it may not be the NY Times of the 1970’s we are talking about, but there are still a few of us who read the Times, including the ads. In fact if you guys did not read the Times, you would not know about the ad.  So in a way you prove the value of the ad in that it got your attention.

By taking public money we will have this scrutiny. Not a great thing, but not messed up either. That is the price to be paid for taking public money.  But think about it, as private investors, don't you Brad and Fred look at where money is being spent.  How did you feel about some of your investments buying Super Bowl ads a few years ago. I don’t remember you jumping up and down and calling them idiots while that was going down. Only with the harsh reality of the cold slap in the face of the dot com bubble bursting did many of the VCs of the era fess up to being taken up with “irrational exuberance”.

Brad then goes on to talk about “investment versus speculation”. Sure it is easy a VC who is investing in companies directly and sitting on their boards to be an investor in every sense of the word.  But the speculation of investors in the market is not something that is new or particular to our recent troubles. In many ways it is what fuels the market.  Most people don’t have the luxury of being a “qualified individual” or sitting on the board of a company. Most people can’t even afford the time and effort to go to a shareholders meeting.  They do their research, make their best choice and go with it.  There is more to speculators than the picture of the evil money changers who drove up the price of oil.  Speculation is essential to the market. It may not work for Brad, but for others it is the best they can do.

Finally, my friend Will Herman and his twitter post scared me the most.  Will is a big New England sports fan (Sox, Pats, Bruins and Celts), but I don’t hold that against him. Somewhere he just went off course in regard to sports because on most other things he is dead on. Will twittered about a NY Times article that talks about the new issue facing immigration.  Many highly qualified immigrants are choosing to leave the US and pursue greater opportunity in their native companies. I know many of you might be happy about that, but Will is rightfully upset about it. 

Our country has always been afraid about the next wave of immigrants taking the jobs of those who came before them.  First it was the Irish, the Italians, the Jews, the Hispanic, the African-Americans, etc.  But yet each immigrant group has wound up enriching our society and filling the pockets of those who came before them. We cannot afford at this critical time to be suffering a brain drain of people who have been educated here but are not helping us continue to build our base and add more jobs to the mix. We need this fresh blood, energy, innovation and intelligence.

It is a very telling statistic that these educated, intelligent people are picking up and leaving for greater opportunity elsewhere in the globe. When we can figure out who to reverse that, we will be back on track. In the meantime, I have not had the success that these guys have had in business. But that is the view from down here.

I was cruising/perusing the Security Bloggers Network feed last night.  There is just so much great content on a daily basis in there it is unbelievable. Two articles from two blogs I have not highlighted before caught my attention and moved me to comment here:

1. Scott Wrights Security Views blog has a post up "The first steps in reducing the embarrassing frequency of college system breaches". Scott calls colleges and universities to task for seemingly to be constantly the victims of breaches and security incidents.  I agree.  They are victims because for the most part they allow themselves to be victimized.  The edu market gets great discounts on security technology.  The problem is many of these schools are more concerned about providing access than they are about security.  They are in no win situations. They have to give students access, they can't install software on a students machine, many of these students are young and immature enough to either intentionally or unintentionally do wrong things. But the budget, the level of expertise and the will to do something is overall lacking at most of the schools I have seen.  Until that changes, we will continue to see the edu market as the victims in this ongoing tragedy.

2. Monkey-House.org has a good article titled "Barracuda Spam "Firewall Drowns in The Ping River". The author laments the fact that though he owns his Barracuda firewall appliance, he is not allowed to SSH or have root access to the box.  Unless you pay Barracuda a training fee to be "certified" on the box. 

I have heard both sides of this story.  The vendor claims by giving people this level of access they screw the box up worse and only make for more problems. We have seen this at StillSecure where people actually installed additional software on our appliances (it runs Linux) and when that conflicted with the StillSecure software it was a nightmare to troubleshoot and fix. On the other hand, I strongly believe that you own the box, you should have root access to it.  I don't think that is unreasonable and we continue to do this at StillSecure. What do you think on this one?

I wrote about it yesterday but not sure I made it clear enough. I am going to award a full conference pass to the CSI show Nov 15-21 at the Gaylord National.  All you have to do is leave a comment with your email address about how going to educational conferences like CSI have helped you in your career.  I will pick the best one next week.  A full conference pass is more than 2,000 dollars, so it is a great chance.  BTW, I am not talking about just an exhibit pass, but a full conference pass to all of the sessions too.

So leave your comment and may be the best person win!

I blog a lot. Some times I write stuff I think important. Sometimes I write stuff that is not so important.  What I am going to tell you now is most important.  It has nothing to do with IT security and everything to do with the very future of the planet we all share.  If you are going to read only one book this year, make it Thomas Friedman's Hot, Flat and Crowded.  Friedman has written some amazing books, most recently "The World is Flat".  He also writes amazing columns. But never have a I read anything that has so grabbed me and resonated so strongly with me as this book.  Within the first 25 pages I was so drawn and attuned to what he describes that I am ready to go out and volunteer to do my part and I want to convince you to go do your part too.

Friedman says that America has lost its focus, party due to 9/11, partly to the "dumb as we want to be" mentality of our politicians.  We have built ourselves into a "Fortress America", where "even birds don't fly". We have allowed ourselves to think that the blessed American way of life means we don't have to worry about things like energy consumption, educational challenges and national debt. We are America, we will deal with our problems when we want to and it won't catch up to us because we are America. At the same time the world is changing.  It is getting hotter from global warming, flatter with the world-wide rise of a prosperous middle class and the demands for food, energy and resources are quickly outpacing our ability to meet them.  Our uniquely American problem and the world-wide problem can both be solved by America getting her "groove" back.  By taking its place in the world and by leading the way in the 21st century with "Code Green".  A multi-generational, long term plan to solve the urgent issues facing us all.  Not for altruistic reasons, but for the reasons that have always driven this country - profit and our desire to innovate and reinvent ourselves to be the very best and lead the world.

We need to leave our post 9/11 defensive crouch that has us playing afraid. We need America to "play the vital role it has long played for the rest of the world - as a beacon of hope and the country that can always be counted on to lead the world in response to whatever is the most important challenge of the day. We need that America - we need to be that America -more than ever today."  I personally have felt for a long time that we needed a new "put a man on the moon" mission to energize our country, to rally around and bring our tremendous innovation and ingenuity to bear. I have also felt that energy was that next great American mission. The reason that the last century and a half were American centuries is that we led the way in energy production. We need to lead the way with the next dominant energy sources. Everything I have felt around this, Friedman has put to words.  He defines the problems and lays out what we have to do to invent the solutions, while reinventing ourselves and the world we live in. 

Enough gushing on about the book. Go out and buy and read this book.  After you do, try to do your part in making Code Green a success. The life you and your children will lead may very well depend on it!

Matt Asay has a blog up on "OLPC's capitulation to Windows...". In it Matt waxes poetic about what a mistake Nicholas Negroponte is making by embracing Windows for the OLPC laptop project. Matt points to Groklaw, Richard Stallman and the rest of the Redmond revolutionaries who want to see Negroponte tarred and feathered and question his vision. Hey, lets face it the "m" word is toxic to that crowd. But I really think Matt is just plain twisted about this and about what OLPC is really about. Here is what Matt has to say, "OLPC is rather about liberating developing nations from their vassal status that continually keeps them at the mercy of the pricing and licensing of Microsoft and other proprietary vendors." No Matt, that is not what OLPC is all about and that is what the problem is! OLPC is about getting a laptop in the hands of every kid in the world. It is about giving these kids a chance to learn and grow up to compete in the global economy with the same tools that kids in this country have. It has nothing to with your views of Microsoft being a 21st century imperialistic empire.

Matt both of my boys have OLPC laptops, I know what it is like using them. The Sugar interface is tough. As Negroponte says, it is a amorphous blob. The command line structure of the laptop made it hard for me to retrieve and install files. File names are truncated and kept in non-standard directories. When kids are learning windows in school, this is difficult for them. The laptops are a tool for them to learn, it shouldn't be about learning the tool. It needs to be more main stream for kids to be able to leverage it across the world. It needs to be more standards based. I don't care if it is open source standards or closed source standards but it has to be better. Windows will give it that.

But ultimately Matt, I feel that the OLPC project was hijacked by the open source movement as a "Trojan horse" to overthrow Windows. If that was your intention great. Me, I was a lot more humble and noble in what I thought it was. I thought was about getting a computer in the kids hands and having them learn and contribute.

While attending the SANS event in Orlando this week I had a chance to meet a fellow who works at a company that is a StillSecure customer.  I had never met this particular guy before, so I asked him how long he had been working in security at the company.  The answer I got reminded me of an old quote from the move "The Producers" -

-Who d'ya want? -I beg your pardon? -Who d'ya want? Nobody gets in the building unless I know who they want. I'm the concierge. My husband used to be the concierge, but he's dead. Now I'm the concierge.

This guy had worked at the company for a number of years in the network department. They had a "guy who did the security".  He is the one that bought the StillSecure product.  Evidently a while back the security guy left the company.  It is not clear whether he quit or was asked to leave, but the bottom line is they had no security guy. Instead of hiring another security guy, they made this poor SOB the security guy.  He inherited a bunch of security products including our own and a bunch of "open source stuff".  This guy didn't even know where to begin.

After floundering around for a while, he made a smart move and signed up for some security training from SANS and is just beginning to realize how much he doesn't know.  But it will still be some time before he is in a position to handle the security at his company, that by the way has SOX issues to deal with.  I suggested that perhaps he look into some MSSP service to help him out.  I am going to try and help this fellow out as much as I can, but he has a tall order.

How many others are out there in the same boat?  How many people have had the security role thrust on them, without the training or expertise to make it happen.  The greatest tools in the world, won't make up for this lack of skills and experience.  Is it any wonder that we have a breach a day announced and our security seems to be in such disarray? We should let security be handled by security professionals or else we deserve what we get!

The other night I was reading Hans Christian Andersen's classic "The Emperors New Clothes" with 6 year old Bradley.  Bradley cracked up that the king was walking around naked.  I was reminded about how no one wants to be thought of as ignorant or not fit for their job, so they will say and do things that they think other people want to hear.  It is a great, timeless story.  Today, I had my own emperors new clothes experience.

For the past several days I have been writing about this whole Barracuda-Trend Micro affair.  In several articles I used the word Calvary. I was talking about the soldiers riding in on the horses.  Every time I wrote it though I kept getting visions of a cemetery out on Long Island.  Finally, someone had the gumption to write me today and tell me that I meant cavalry, not Calvary.  Well I certainly felt like the emperor with no clothes!

I apologize for my butchery of the English language.  I am also grateful to Jack Walsh for pointing out my error. To the rest of you I ask:  (fixed after the fact) Were you not reading? Were you afraid to be wrong, so didn't want to say anything?  Did you not realize that this was wrong? Or perhaps you just took silent satisfaction in seeing me mess up?  In any event below are the definitions of the two words. I was right Calvary is the place where the crucifixion took place and there is a cemetery in Long Island by the same name.


Cal·va·ry /ˈkælvəri/ Pronunciation Key - Show Spelled Pronunciation[kal-vuh-ree] Pronunciation Key - Show IPA Pronunciation
–noun, plural -ries for 2, 3.
1. Golgotha, the place where Jesus was crucified. Luke 23:33.
2. (often lowercase) a sculptured representation of the Crucifixion, usually erected in the open air.
3. (lowercase) an experience or occasion of extreme suffering, esp. mental suffering.

cav·al·ry   /ˈkævəlri/ Pronunciation Key - Show Spelled Pronunciation[kav-uhl-ree] Pronunciation Key - Show IPA Pronunciation –noun, plural -ries.

Steve Tobak, of Invisor Consulting, LLC, over on his C/Net News Blog has a great article up on selling.  While I don't usually push the Zig Ziglar or Jeffrey Gitomer stuff, something about this article rang true to me.  Steve started out talking about the stereotypical negative image of sales people as being pushy with no self-respect.  But then he makes a good point.  All of us in one way or another have to sell at one time or another. And importantly, we also need to be successful in selling, when we do it.  Steve uses a term my grandmother used to say about children.  Selling isn't a bad thing, it "is misunderstood". My grandma used to say there were no bad children, they were just misunderstood. Selling according to Steve is capitalism in its purest form.  So here according to Steve Tobak are his 10 rules to help you sell more effectively:

1. Be knowledgeable. Also, be prepared. Know your material cold, and that includes knowing how you stack up against the competition and anticipating what may come up. Knowledge and preparation also facilitate effective selling by helping you feel more confident and
   less nervous.
2. Be yourself. If you try to be someone else, or something you're not, you'll fail. Just don't even go there. If you think you're lacking something critical to sell effectively, then learn it or get it. Or maybe you're just on the wrong track. But don't fake it.
3. Be honest. If you believe in yourself, your ideas, your product, whatever, you'll do just fine. Also be forthright, don't beat around the bush. Strategic positioning is one thing--a good thing--but bullshit or dishonesty is bad news.
4. Be persistent. Also, be patient. That doesn't mean don't take no for an answer. Sometimes it's best to give up the battle to win the war. Have faith in yourself, the rest of the universe, and karma. Things really do work out for the best. And if they don't, worrying about it won't make a difference.
5. Be concise. Be crisp, focused, pithy. Don't be verbose, annoying, time consuming, selfish, or a pain in the ass. Don't abuse the audience's or the customer's time and patience. Goes hand-in-hand with being respectful.
6. Be creative. Also be open, collaborative, flexible, a problem solver. The concept of value proposition is based primarily on solving a tough problem better than others can. If it was easy, they wouldn't need you or your product.
7. Be respectful. Respect the audience's or the customer's and right to make their own decision. Be respectful of your competition, as well. Crisply state your selling points, then stop and wait for questions. If you lose, be gracious and you'll win the next time. Don't be arrogant.
8. Be there. Answer the phone, show up, make yourself available, whatever it takes. Also, be present, in the moment, in real time. Interact. Take it one step at a time and trust the process. Don't fire off an e-mail or a phone call and then go into hiding.
9. Be brave. We all have fears. Be afraid. Not only is it normal, it's a critical survival skill. Courage is being scared, recognizing your fear, facing your fear, and doing the right thing anyway. Don't try to block fear; you can't, at least not without creating bigger problems.
10. Shut up and listen. Selling is not about talking, it's about listening. When you listen, you hear what your customer or whoever is looking for. Then you can tailor your responses appropriately and, if you're on the ball, make a connection.

I have never seen these put quite like this, but I like it. Maybe it can help you sell, no matter what it is you are selling!  Thanks to Steve for sharing.

I guess with reading "The World is Flat" I am thinking about the whole outsourcing thing a lot more and how America can compete in a flat world. Dave Rosenberg over on the Open Sources blog has an interesting article that I think helps illustrate my view on this. The article notes that Wipro, the giant Indian outsourcing firm plans to open a software design center in Atlanta and will hire about 500 programmers over the next three years.  Dave talks about possible cultural differences that will make it interesting and challenging.  I don't think it will be any more challenging than Toyota or any of the other foreign car manufacturers opening plants and building cars here in America.  They will find the American worker not as lazy or ugly as advertised.  They will find them incredibly productive given the right incentives and environment.  Enough so that it makes sense for them to bring jobs here. Now you can say that Wipro, Toyota, etc are foreign companies and so they are profiting from the fruits of American labor.  But are they any more foreign than "American" companies? I think not. I think where the plants and offices are built and where people are earning good livings is what counts.

In fact I think this is the future of all of this outsourcing. Yes there are short terms differences in labor costs versus productivity as many former developing companies join the flat world.  But just as the Japanese found out, when workers who may be envious or contemptuous of our decadent lifestyle get a taste of the good life, they become not very different that Americans.  They want big cars, iPods, cell phones, good things for their families and a nice place to live and learn. Then they want to take off to take some time to smell the flowers and enjoy the good life.  Soon the advantage that had capital moving there begins to wane.  I think the relative costs begin to come into balance and the many advantages of the American labor force who have dealt with working through the "good times" come into play. 

That is not to say that we have some inalienable right for high paying jobs to automatically come here.  It means that we still have many advantages to leverage and that we should not fear other countries becoming more developed.  That makes them bigger consumers for our products and makes each of them a "little bit American" themselves.  It is a brave new flat world that we live in and in which our children will grow up in.  However, it is one full of opportunity for more people than ever before including us here in the USA.

Douglas Schweitzer over on his ComputerWorld blog has an article up on the proposed legislation by Senators Murphy and Stevens banning the use of social networking sites in public schools and libraries.  Unlike most of the coverage of this proposed legislation I have seen, Douglas seems to support it.  Maybe he does not realize that the way it is currently written, such sites as Wikipedia would be banned as well.  That would be a real shame, as even my young sons have started to use the Wiki for school research.  However, I have a bigger a problem with what Douglas writes.

Douglas seems to be proud that Suffolk County, Long Island (I lived in Dix Hills in Suffolk before moving to Florida, so know it well) has already banned MySpace and the like from libraries there.  I don't know if they have also banned Wikipedia, but the real point is, Douglas does that make your children safer?  Do you think all of the sexual predators are on MySpace?  Do you honestly think cocooning your children is going to keep them safe.  There comes a point where they have to live in the real world as it is.  I am against censorship in any public forum, unless you are talking about obscenity or other illegal acts.  I think your job as a parent is to do your best to make sure you child understands right from wrong, is not a "victim" that is easily fooled by predators and that you can trust to do the right thing.  This sort of attitude reminds me of the parents who always wanted to "hide" the drug issue from their children.  You know what, those kids wound up being the biggest drug abusers. My child in second grade is already learning drugs are bad.  The philosophy is that if you have not talked to your child about drugs by the time they are in second grade, someone else has.  Same thing here. If you think banning MySpace is going to keep your kids from learning things or being exposed to predators, brother do I have a bridge to sell you. Douglas does not want his kids learning their sex-ed on the internet.  Douglas here is a news flash, your kids are going to learn about sex-ed on the internet, whether you ban MySpace or not.  In fact the internet is just todays tool to learn about sex-ed.  Douglas where did you learn about it?  Did you sit down and have the birds and bees talk with your dad or had you already been exposed by some of your more daring friends in school.  I think artificial constraints just don't work and don't accomplish the goals.  Better to educate children on how to use and benefit from using MySpace the right way then to ban it all together.

The other problem is today My Space, tomorrow what?  It used to be the AOL chat rooms.  Who is going to decide what my child can and cannot see.  I don't want the US Senate (some of whom have never been on the net and don't have a clue) or some local library board making that decision.  As a parent I reserve that right to myself. I will make that decision and stay out of my business!