It is 6:44pm as I write this.
Adrian just left after we recorded our first extended Firestarter/Happy Hour.
The idea was that he would drive down, we would dial Mike in from Atlanta, talk about RSA stuff, Adrian would leave, and I would finish off work.
It was a pretty sweet plan. Right up until some semi rolled over at a major intersection near my house, shutting down both a highway and an arterial surface street. Adrian’s ride was delayed, but the beer wasn’t. My wife was also delayed because she handles daycare pickups (I do dropoffs), but the beer wasn’t.
You see where this is headed?
I had some wonderful pre-RSA things to talk about today. Mostly how I’m finding that in my hands-on research I am pushing beyond the capabilities of some products I am working with. I am asking for API calls that don’t exist and features that aren’t exposed.
And yet. So far I have been mostly able to work around these issues. Oh, your API can’t identify XYZ in AWS? No worries, I can code that up pretty quickly.
To be honest, this is really new territory for me as an analyst and as a developer. In my dev days I mostly stuck to one platform and one database, and learned the lines pretty quickly. As analysts we mostly talk to users and vendors to understand how things work – we don’t really have the resources to get hands-on with products, and even if we did, that wouldn’t reflect operational realities (which is why most magazine/whatever writeups are garbage).
But now with cloud and DevOps I can dig in and explore tools and technologies to an unprecedented degree. I am learning that some of what I’m trying is pushing the limits, and I get to figure out alternative ways of solving the random problem I picked. I won’t lie – this is a blast. Sure, it’s frustrating to hit a technical issue beyond my capabilities, but it is incredibly satisfying when I learn a significant percentage of them aren’t due to personal failures, but instead limitations of what I am working with.
As an analyst that is awesome. There is no better validation that I am on the right track than breaking things, at a fundamental level. And to be honest this is the kind of intellectual curiosity I think defines a security professional. My advantage is that I figured out how to make a living out of writing about stuff, and producing crappy code that could never withstand a production environment. No accountability? Sign me up, baby!
At this pint I should probably mention that I am 5 craft brews in, so… er…. I am not responsible for this Summary. That is all.
On to the Summary:
Adrian Lane: Deep Dive on Data Security.
Mike Rothman: Deep Dive on Cloud Security. Rich kills it in his RSA Conference Guide piece on Cloud Security. He understands how all the pieces fit together. Read it – it will be pretty pertinent over the next couple years.
Dave Lewis: After-School Special: It’s Time We Talked – about Big Data Security.
David Mortman: RSA Conference Guide 2014 Watch List: DevOps.
Rich: The (Full) 2014 Securosis RSA Conference Guide. Sure, we write the pieces, but for the past couple years Mike has pulled it together and added some serious awesome with his mad meme skills. He is really the driver who adds the awesome. Even if you already read the posts, you need to check out the PDF. Especially the IDM section – that’s all I will say.
RSA Conference Guide 2014 Deep Dive: Identity and Access Management.
RSA Conference Guide 2014 Deep Dive: Security Management and Compliance.
Adrian Lane: The thing to know about JavaScript. Ad a newbie with Javascript and NodeJS, I found this helpful.
Mike Rothman: Wealth Logic founder shares his insights. Pretty much everyone has money pressures one way or another. I really liked this guy’s perspective. This is the money quote: “In other words, the portfolio’s purpose isn’t to produce income, but to be consumed to fuel your life. The goal isn’t to be the richest guy in the graveyard.” Man, that’s good advice.
Rich: Target hack cost banks and credit unions more than $200 million. These are the kinds of numbers that move the meter.
Gal: Swiss fighters grounded during hijacking as outside office hours. One of those stories that defies commentary.
Rich (yup, another one): My hope for the new Cosmos. The original had a profound affect on how I see the world. My kids are probably too young but I will try to force this on them anyway.