November 06, 2009
Joel Scambray
Work, somewhere along my career, became a confusing and convoluted series of cool discoveries non-disclosure agreements that have left me a bit frustrated lately. I love my job, but I can't say much about it.
It did give me a fun opportunity recently. Joel Scambray (yeah, that Joel Scambray) came to our ISSA group to give a presentation. I somehow got voted to be the Vice President of our ISSA chapter (this, in spite of not having a CISSP). I'm apparently not very good at introducing famous people. Alas.
|
| Joel: The man, the legend |
Joel gave a great talk on the future of infosec-stuffs. I have spent a fair amount of time in my life as a vulnerability analyzer/pen tester (not a very great one, or you would have heard of me), and I was interested to hear what a guy who has had a successful career doing that sort of work had to say about it. "We have to stop admiring the problem," apparently.
He's a pretty smart guy, and he has been saying things that I have been thinking lately. I was, for a long time, too heavy-handed with security stuff. "That ain't the right way to do it, it sucks and it will get p0wn3d. Here's why," was my usual assessment. It still is sometimes, though I've been trying to temper such analyses with more practical advice. I guess the profession is succumbing to the Almighty Metric. This isn't a bad thing, although I will miss the Wild, Wild West. Oh, and I do lament the fact that I will probably be doing math in base 10 more often...
I still disagree with Linus' assessment of security testing and discovery. Security is a pretty different ballgame than normal bugs. A bug that affects security means that someone can turn my coffee cup into a missile and use it to blow up my car and kill my dog (and maybe even kill me). Any other kind of bug will probably just give me cold coffee, or maybe make my cup leak so I can't have any caffeine this morning. And this paragraph sums up why I hate physical-world analogies when it comes to security...if in the physical world my coffee cup could be turned into a missile by a kid in Ukraine, then maybe the analogies would make sense.
Post a comment
Further back...
ArchivesFriends and Family
Search
Previous Trips...
-
Hiking Mount Whitney, 2007 
Spring Break in West Virginia, 2005
New Year's in Paris, 2003-2004
Coming to America, 2003
Protesting in Berlin, 2003
Prague Bier-Tour, 2002
Dresden, 2002
Recent Reading
![]()
Stealing the Network
I first bumped into the Stealing the Network series when reading the exploits of Joe Grand, one of the book's many hacker authors.
The 'Stealing the ...' series of books follows a rather disparate group of computer hackers as they help a former NSA spook (many of them unwittingly) gather the money he needs to retire.
The stories themselves are not fantastic fiction. The writing is uneven and choppy, the characters are stereotypical and not very well thought-out. What is fascinating about this book series is the technical accuracy of the exploits (at some points *too* accurate, with screen shots and step-by-step instructions).
It's a great series to read if you're a system administrator, or just getting into the wonderful field of computer security.
Rated 
by reid
on March 06, 2011
by reid
on March 06, 2011
![]()
Close to the Machine
Ellen Ullman is one of those authors that somehow avoided my radar. Until now...
Close to the Machine is less a book than a collection of loosely related personal anecdotes from Ellen's time as a very rare thing -- a successful female bisexual independent computer programming consultant.
In the course of her work and relationship life, she learns hard lessons about programming, running a business, being lonely, and loving the wrong people. I found it particularly poignant being a crypto-nerd with difficult times in relationships and a more-or-less NDA'd, secret work life.
This book is a must-read for anyone into running their own business, programming, or anyone dating a person that is a business-a-holic or programmer.
Rated 
by reid
on November 23, 2009
by reid
on November 23, 2009
![]()
The Long Trip Home
I had the joy of dining with the author in Florida. We went to a little Brazilian BBQ where he spoke with our waitstaff in (what I can only assume was) flawless Portugese.
Brian Wyllie spent 1969-1971 living in Brazil working for the Peace Corps. His recent book outlines his trip back to the United States via Bolivia, Peru, and the Carribean chain, by way of bus, train, and sailboat. The format comes spattered with observations from the modern day, and makes me think, "this must be what John McPhee's journal looks like."
The trip sounded like a fantastic one, but I was left wanting more detail...where did the gun (being snuck through customs in a variety of places, no doubt) come from? And how did Geneve's hair smell? Alas, we'll have to wait for another book to find the answers.
Rated by reid
on April 16, 2009
by reid
on April 16, 2009