StillSecure, After All These Years: rich mogull

3 posts categorized "rich mogull"

May 14, 2008

Rich Mogull does his best Stiennon imitation, says GRC is dead

Some of the Stiennon "magic" must have rubbed off on Rich Mogull when they were both at Gartner or maybe in a case of the imitation being the sincerest form of flattery, Rich M secretly admires Richard S. In any event taking a page out of the "xxxx is dead" playbook, Rich writes that GRC is dead. In fact Rich says it was stillborn and never really alive. There are many things that Rich says in his article as well as Gunnar Peterson's article that he references, that I agree completely with. However, overall I think Rich's fatal mistake is one of Titanic proportions. He is mistaking the tip of the iceberg for the entire mountain of ice that is under the water and not as easily seen. The reports and dashboards of GRC products represent the by product of much of the real work and value they bring not just to the "C" level but to the security practitioner who is tasked with ensuring compliance as well. I am seeing the compliance workload fall on the already over worked, underpaid security guy time and time again and they need help with it!

I know people like Mike Rothman say compliance is bull and if you just follow good security practices, compliance takes care of itself. However, lets be real folks, between PCI, SOX, FISMA, etc., compliance is driving budget in the security industry. In an industry where the "security guy" just did not have the tools to push through budget for the resources required, compliance has become the sledgehammer that the CISO and other security types use to crash through the doors into the CFO's office and get the budget required.

Before I delve further into why I disagree with Rich though, let me state where I do agree with him and Gunnar for that matter. I do agree that a by-product of compliance has been a move towards running your business as "audit-driven rather than business-driven". Somewhere along the line we have forgotten that the rules, regulations and statutes that compliance is driven by were put in place to provide a minimum of acceptable security and confidentiality to protect sensitive information. It was supposed to be about protecting the data, not about checking off the compliance box! I agree with Rich that it has become a way into the C-level office. But what is so bad about that? Symantec has been selling their security into the CFO for years. Rich not having worked at a vendor, I don't know if you realize how hard it is for the security folks to get budget approval for the tools they know they need. In order for security to get its fair share of the budget pie, it is imperative that security budget decisions are made at the C-level. If the security team can't get the approval, the security vendor is going to try and help.

While dashboards and reports are the tip of the iceberg and the shiny baubles that are used by the GRC vendors to get the attention at the C-level, I think that the bulk of the work takes place below the water. It is making sure that in fact the enterprise is in compliance. Making sure that everyone has the latest patch level, has AV installed and that data is protected from leakage is the real work. Testing and ensuring this is the real job of GRC, the reports and dashboard is just the way you can show it working. Rich I think you are the one being short sighted if you think these products are just about the reports. Without actually doing the analysis and investigation the reports are meaningless. In my mind is much like SIM reports. Without actionability and correlation, how much value are the SIM reports?

GRC is a needed tool in todays security practitioners tool kit. They are being placed in the position to ensure compliance and they need the ability to do so. They also need help getting the budget approved for the tools they need to do the job. We can rant all we want about compliance for compliance sake being asinine, but the fact is that is the world we live in right now and rather than spitting into the wind, lets figure out how to make it work best for us.

11:12 PM in compliance, rich mogull | Permalink | TrackBack (1)

Technorati Tags: alan shimel, GRC, rich mogull

February 14, 2008

StillSecure, After all these years, #53 - SSAATY meets the Network Security Podcast

Mckeay Rich_mogull Someone put chocolate on our peanut butter! Mitchell and I got on a party line to record episode 53 and who else was on? None other than that dynamic duo from the Network Security Podcast, Martin McKeay and Rich Mogull! The 4 of us had a great time talking about one of Martin's favorite topics: Privacy. Should what you put on line be held against you by your employer. Do you have any expectation to privacy for all of this information you are posting on Twitter, Facebook, etc. These topics and more come under the glare of the 4 of us.

We also talk about HP's boast of employing 9 of the top 11 security hackers (shades of the infamous top 59 list). There is a special message for all security bloggers and podcasters, as well as security media types who are attending RSA, if you don't know what we are talking about contact us.

If you like the content of these shows or have any other comments or questions, please drop us a line at podcast@stillsecure.com

Thanks to ClickCaster for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley!

Or download here:

Icon_enclosure_music_7 mp3

12:02 AM in Martin McKeay, Mitchell Ashley, podcasting, rich mogull | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: alan shimel, martin mckeay, mitchell ashley, podcast, rich mogull

January 28, 2008

The Mogull's secret life

Rich Mogull was evidently inspired listening to me rant on the podcast about NAC the other day. So much so, that he imagined a place a long time ago, in a galaxy far, far away where it is said the secret origins of NAC occurred. Of course I guess Rich knows about the dark secret life of many things about security and analysts and such. Anyway, Rich actually agrees with me on the dilution of the term NAC. Rich also goes against some of the prevailing wisdom and actually seems to come out supporting NAC as a valuable tool and one that Cisco and Microsoft may not have right. He also, I think correctly, points out that NAC being truly built into the network fabric is probably too far off to wait for right now.

So do I agree with all of Rich's secrets? Of course not, what fun would that be. Besides how could Mike Fratto accuse of me having it both ways. I think that NAC can add a lot of value without actually quarantining anything or anyone. I think just finding out who, what and where is on your network is valuable in a lot of scenarios. I also think that alot of the other bells and whistles as Rich calls them will wind up adding a lot of value to NAC when they are better integrated and understood as part of the greater mission NAC can play.

But all in all, I would say Rich seems to understand the secret world of NAC a lot better than some other analysts do.

08:49 PM in NAC, rich mogull | Permalink | Comments (2) | TrackBack (0)

Technorati Tags: alan shimel, nac, rich mogull

Lijit Search

disclaimer

The views and opinions expresed here are those of myself only and in no way represent the views or positions or opinions of my employer, Latis Networks, Inc. d/b/a StillSecure or anyone else.

Forbes.com

StillSecure, After all these years, the podcast

Currently Reading

James Carroll: Constantine's Sword: The Church and the Jews -- A History
Looks like a book I will learn a lot from. It is long, but than again it covers two thousand years. Will be interesting to see what I say when I finish. (****)

Read Recently

Wilbur Smith: The Quest
Smith has an amazing ability to transport you back to ancient Eygpt. I have read several of his novels about Eygpt and am always totally absorbed from the very first pages to the end. (****)
Jeff Shaara: The Rising Tide: A Novel of World War II
Great historical novel about WWII. North Africa and Sicily campaigns come alive. You feel like you really are getting to know Ike, Patton, Rommel and the rest. (****)
Dale Brown: Strike Force: A Novel
Another great book by Dale Brown. Iran is getting help from Russia and the Iranian monarchy is trying to overthrow the theocracy. Dreamland's super weapons to the rescue! (****)
Christopher Moore: Lamb: The Gospel According to Biff, Christ's Childhood Pal
The Gospel according to Jesus's childhood pal, Biff. Need I say more. Actually pretty funny stuff. (***)
David Weber: Off Armageddon Reef
Aliens have destroyed humanity. A small isolated colony has been hidden to grow into a new human empire, but they are robbed of the knowledge of their inheritance. A religion based on keeping the people in the dark about their legacy controls the world. Great reading, good fantasy (****)
Michael Chabon: The Amazing Adventures of Kavalier & Clay
Brad Feld gave me this book. It is a Pulitzer Prize winner from the author of the Yiddish Policemens Union. This book is even better. Funny, yet biting it brings the horror and excitement of WWII to life through the eyes of a jewish refugee from Prauge and his cousin from Brooklyn. All about the comic book industry and real life tragedies and love. Worthy of all the praise and awards! (*****)
W. Michael Gear: People of the Nightland (First North Americans)
I have read almost every book in this series of paleo Indians by this husband/wife team. I don't know what it is, but I love hearing these stories based upon Native American legends and myths. (***)
David Michaels: Tom Clancy's EndWar (Tom Clancy's Endwar)
A new series inspired by Tom Clancy and based on a game. It is WW III, Saudi Arabia and Iran have exchanged nukes and the Russians are fighting the US and Euros. Not up to Clancy himself standards, but a good airplane read. (***)
John Grisham: The Appeal
A new legal thriller from Grisham. Does anyone do these better? It started right up from the get go and holds the reader captive. Without giving away the ending, Grisham brings the end of this book home to today's political climate. (****)
Gary Jennings: Aztec Rage (Aztec)
A continuation to the series started by the late Jennings. Not quite as brilliant as the first novel, but it is fairly faithful to Jennings style and continues the history of the Aztec/Spanish mix that becomes Mexico. (***)
Stephen Baxter: Navigator: Time's Tapestry, Book Three (Time's Tapestry)
The 3rd in this alternate history series by Baxter. I am still waiting to see what is alternate about this history. Alternate or not though, Baxter is a master storyteller and it is a pleasure to read. (****)
Harry Turtledove: Opening Atlantis
The first in a new trilogy by the master of alternate history. In this series there is an 8th continent between Europe and America called Atlantis. How it effects the unfolding of world history will be the subject of the series. So far it is pretty interesting. (***)
John Grisham: The Innocent Man: Murder and Injustice in a Small Town
This is a non-fiction book but reads like lots of Grisham's legal thrillers. After reading this book it is hard to think that the death penalty can be enforced in this country without innocent men being executed. It also makes you think Oklahoma is just not a great place to be living in. (***)
David Michaels: Tom Clancy's Splinter Cell: Fallout (Tom Clancy's Splinter Cell)
I really like this series and its hero Sam Fisher. Based on a video game the author has done a great job making Sam Fisher a real person. In this one Sam is chasing his brothers killers who are involved in nuclear terrorism in the former USSR.
Michael Crichton: Next (Harper Fiction)
Everything comes together a little too coincidentally, but it shows us what can happen with gene science gone mad. (**)
Raymond Khoury: The Sanctuary
I liked his Templar book so thought I would give this one a try. Set in 1700's Europe and modern day Iraq and Lebanon, it is a good thriller. (***)
Stephen Baxter: Conqueror: Time's Tapestry Book Two (Time's Tapestry)
Book 2 in the time tapestry series, it is a great historical novel of post-Roman Britain. I am just not sure what the alternative history is here. It seems pretty much as I remember learning it. (***)
John Grisham: Playing For Pizza: A Novel
Another one of Grisham's easy reading non-legal thriller kind of books. A disgraced NFL quarterback goes to play for pizza in Italy. (***)
Harry Turtledove: The Grapple (Settling Accounts, Book 3)
Somehow I am on book 3 of this series. I read book 1 and 2, but did not write up the review of 2. Anyway, in book 3 the tide turns against the CSA and for USA. Great alternate history of WW II (***)
Bill Bryson: The Life and Times of the Thunderbolt Kid: A Memoir
I was looking for something light on a trip back home. Though I am a bit young (beleive it or not) for a lot of this and did not grow up in the Mid-West there are some things about growing up that are universal. Very funny book! (****)
Dale Brown: Dale Brown's Dreamland: Retribution (Dreamland (Harper Paperback))
One of the better ones so far in this series. Lots of cool weapons and sinister bad guys. (***)
Thomas L. Friedman: The World Is Flat: A Brief History of the Twenty-first Century
Finally it comes to paperback and a new updated edition at that! For some reason I never read this bible of our brave new world. So much of it now seems obvious, but there is still much to learn here. (****)
Brian Herbert & Kevin Anderson: Sandworms of Dune
Finally! All of your questions around Dune are answered. The fate of the Universe and the Tyrant's Golden Path is revealed. Every Dune fan should read this one to tie up the loose ends. Also reading Herbert and Anderson's prequels to the original series will help. (*****)
Jack Whyte: Knights of the Black and White
I don't know what it is with Templars, but I am facisinated by the story. This is a good one and looks like the start of a series. I reccomend it! (****)
Patrick M. Lencioni: The Five Dysfunctions of a Team: A Leadership Fable
Got this book from Mitchell. It is a quick read and offers some excellent insight into how a real team can function allowing for the free flow of information and exchange of ideas in a healthy and productive way. Great read for anyone part of an executive team. (****)
Harry Turtledove: Return Engagement (Settling Accounts Trilogy, Book 1)
The start of WW II in the alternate history series by Turtledove. The CSA gets off to a quick start against the USA. (***)
Michael Chabon: The Yiddish Policemen's Union: A Novel
Full of Yiddish sayings, in this alternate history of post-WWII Jews is both funny and sad. A good read wrapped in a detective story who done it. (***)
Dale Brown: Edge of Battle
Dale Brown does better when doing battle with other superpowers, not drug smugglers, terrorists and tackling topics immigration reform. I love his action and technology, but didn't like the subject matter. (**)
Kevin J. Anderson: Of Fire and Night (The Saga of Seven Suns, Book 5)
This one clears up a lot of the plot lines from the first four books in a neat bow. However, just when you think the end is near, a new twist comes along that has you waiting for the next book. A big time scifi epic! (****)
Kevin Phillips: American Theocracy: The Peril and Politics of Radical Religion, Oil, and Borrowed Money in the 21stCentury
This can be dry and slow reading, but will open your eyes to what is really going on here. Phillips, a former Republican strategist, lays out a strong case on how oil, religious wars and debt are driving America away from world leadership. (****)
Raymond Khoury: The Last Templar
Another book on the long lost secret of the Templars, which can bring the Church to its needs. It was a good thriller. All of these DaVinci Code spawn are starting to run together in my mind. (***)
Harry Turtledove: American Empire: The Victorious Opposition (American Empire)
Turteldove is the master of alternate history. Many other SF writers are trying this genre, including Card and Baxter. In this one, the Confederate States of America takes on the role of the Nazi's in pre-WWII. Good read. (***)
Steve Berry: The Templar Legacy: A Novel
A DaVinci Code type of novel, with the recent press and controversy around the tomb of Jesus being discovered, this one became more real from it. A good read. (****)
Steve Berry: The Third Secret: A Novel of Suspense
A love story of a priest, a pope and the woman they loved. Wrapped around a quest for the missing 3rd secret of Fatima and an anti-christ potential new pope. Good story (***)
Tobsha Learner: The Witch of Cologne
A little slow moving at first, it picks up steam mid way through. A tale of the end of the inquisition and the begining of modern Europe. This is the backdrop of a forbidden love between a Kabalah trained midwife and her inquisitor priest. It did get you into the plot. (****)
Mark Winegardner: The Godfather's Revenge
Another follow on authorized by Mario Puzo's estate. This fills in the time between Godfather, Part 2 and Part 3. With the characters from the original, it can't help but be good. (***)
Orson Scott Card: Empire
Its the red versus blue states, urban versus rural, neo-cons versus the far left, in this American Civil War II. A little far fetched, the treachery though kept you guessing who and what was really behind it. (****)
James Patterson: Honeymoon
My first Patterson book. I don't usually go in for this type of thriller, but I was getting on the plane in 5 minutes and had to have something to read. I finished it in just a few hours, it was pretty good. (***)
Stephen Baxter: Transcendent (Destiny's Children (Paperback))
The third in the hive series by Baxter. It has his usual long historical sweep between the near and far future. Good harc core sci fi. (****)
David Michaels: Tom Clancy's Splinter Cell: Checkmate (Tom Clancy's Splinter Cell)
This series based on a PC game (corny isn't it) has actually turned into one of the better Clancy series out there. It is number 3 in the series and was pretty good. (***)
Dale Brown: Dale Brown's Dreamland: End Game (Dreamland (Harper Paperback))
Another in the Dreamland series by Dale Brown. It started off a bit slow, but revved up to the usual Brown level of thriller. (***)
Eric Flint: 1812: The Rivers of War
A good alternative history of the War of 1812 and the role of the Native Americans. The alternative prospective is allowing the Cherokee's a planned retreat West and sparing them the Trail of Tears. (***)
Harry Turtledove: End of the Beginning: A Novel of Alternate History
The great sequel to an alternative history where the attack is Pearl Harbor is followed by an invasion and conquest of the islands. No we take them back with a vengence. (****)
Mitch Albom: For One More Day
Like all his books, this one will make you laugh a little, cry a little and think a lot. This particular story was a bit close to home for me. It is a quick read. (*****)
Eliyahu M. Goldratt: The Goal
A great book to make you think about managing a business in a new way. I highly recomend it to anyone interested in how to measure and effect efficient production (****)
Brian Herbert: The Road to Dune
Sort of like viewing the bonus features on a DVD, only the most hard core Dune fan is going to appreciate this. Stuff that wasn't good enough for the originals put together here. (**)
Brian Herbert: Hunters of Dune (The Dune Series)
OK the son is not the father (talking about the authors, not the characters), but this is based on his outlines and haven't you always wondered who the outside enemy was. This is chapter 7 of Dune and if you read the others, you have to read this. (****)
Harry Turtledove: Days of Infamy
I love Sci Fi and Historic novels. So I am drawn to alternate . This one involves the invasion of Hawaii after Pearl Harbor. Of course it will change the course of WW II, at least for a little while before the inevitible. (***)
Dan Simmons: Olympos
Great conclusion to Ilium. This book ties up the the varied stories of both books into one story line. A vast sage, I think this may be his best yet! (****)
Jeffrey Anderson: Second Genesis
Great story on genetic manipulation, stem cells, medical ethics and just a great thriller. I really liked this book about genetically enhanced chimps. (****)
Chris Stewart: The Fourth War
With everything going on in the Middle East, this one got a little to real. Pakastani nukes are up for grabs. The Israeli Shin Bet and US CIA try to get to them before an Al Queda type of organization can get there hands on them. Scary stuff! (****)
David McCullough: 1776
McCullough is a master of well researched history. This is just about the first year of the revolution and puts you in the middle of the pivotal events. (****)
Kevin J. Anderson: Scattered Suns (The Saga of Seven Suns, Book 4)
After my last two books, it was time for something a little lighter. This is book 4 in a grand SciFi space saga. Lots of characters and plots, good reading. (****)
Karen Armstrong: A History of God: The 4,000-Year Quest of Judaism, Christianity and Islam
A great historical look at the evolution of our concepts and beliefs in God, primarily from the view of Judeo-Christian-Islam perspective. However, other philosophies and religous beliefs are discussed as well. It is very heavy on philosophy and mysticism. You need to think with this book. (****)
James Bradley: Flag of our Fathers
A detailed personal look at the 6 Marines in the famous Iwo Jima flag photo, written by the son of one of them. The loving attention to these American heros is well deserved. (****)
Arthur C. Clarke & Stephen Baxter: Sunstorm (A Time Odyssey)
A sequel to their first book together, A Time's Eye, this is hardcore SF at its best. The story revolves around the inner workings of the sun and the catastrophic results to Earth and humanity if any minor deviation of the Sun's energy output were to take place (***)
Edward Rutherfurd: The Rebels of Ireland : The Dublin Saga
Another great book by the master of historic novels. He may even be better than Michener. This is the sequel to The Princes of Ireland and is even better than the first. (*****)
Stephen Baxter: Exultant (Destiny's Children (Hardcover))
A grand sweeping space saga of the type that Baxter is known for. This one covers from before the big bang to the early history of our universe and such hard science topics as dark energy and dark matter. Great book! (****)
Peter F. Hamilton: Judas Unchained
The sequel to Pandora's Star, this book had almost too many sub-plots. It made it difficult to follow sometimes. The story that had so much promise in Pandora's Star, really seemed to just never get off the ground in this one. Not one of my favorite Hamilton books. He can be up and down like that. (**)
Dan Brown: Digital Fortress : A Thriller
For some reason I thought his other books were not going to be as good as Da Vinci and Angels & Demons. No religous theme here, but a good thriller with lots of twists to keep you on the edge. (****)
Steve Perry: Tom Clancy's Net Force 10 : The Archimedes Effect (Net Force)
This series used to be pretty good reading. Lately it is just not as good. It is OK to pass the time though. (**)
Troy Denning: The Swarm War (Star Wars: Dark Nest, Book 3)
Set after the New Jedi Order series, good filler for trying across the country. (**)
Joseph J Ellis: His Excellency
Good biography on Washington, by one of the masters of revolutionary war history. (****)
Michael Crichton: State of Fear
Great book about the environmental movement. Chricton has another thriller, but this will make you think about your views on global warming, the media and other environmenta issues (****)
David Michaels: Tom Clancy's Splinter Cell: OPERATION BARRACUDA
Based on a video game (yeah thats right), this series is actually pretty good. Makes for good airplane reading. (***)
John Grisham: The Broker
I had low expectations but this book really hooked me. I was over 200 pages in before I took a breath. The end was sort of rushed, but enjoyed this book. He is a master storyteller. (****)
Billy Crystal: 700 Sundays
Based on his one man Broadway show. Billy examines his relationship with his Dad who died when he was 15. He spent about 700 Sundays with him. You will laugh a little and cry a little but I think you will like it. (****)
Bob Dylan: Chronicles : Volume One
One cliche after another, you had to laugh after a while. A hodge podge of glimpes into his early and mid-career. The DVD is much better. (**)
Philip Roth: The Plot Against America: A Novel
A "what if" book. The premise is Lindbergh runs for president in 1940. He defeats Roosevelt, keeps us out of the war and institutes a anti-semtic, facsist administration. Scary! (***)
Ian Caldwell: The Rule of Four
Not as good as the Dan Brown novels I think but an interesting puzzle book. Lots of Princeton stuff by two new young authors (***)
Dale Brown: Act of War : A Novel
I have read all of Dale Brown's books starting with Flight of the Old Dog. If you like Clancy, you will love Dale Brown. (****)
Jeff Rovin: Op-Center XII: War of Eagles (Tom Clancy's Op-Center)
Uses Tom Clancy's name but by other authors. I read all of these series to fill time on planes. Not the greatest books you will ever read but they pass the time away (**)
Brad Meltzer: The Zero Game
My first book by Meltzer, it just seemed a little to simple for me. (**)
Stephen Baxter: Evolution
Great Sci Fi from one of the two new great authors of sci fi from the UK. Baxter and Hamilton pick up the baton from Clark and Asimov (****)
W. Michael Gear: People of the Raven
Another in the first American series. Here white people come to the Pacific Northwest thousands of years ago. (****)
Jimmy Carter: The Hornets Nest
It's hard I guess for an ex-president to really let loose. However, good historical novel of Georgia in American Revolutionary times. (***)