Back in college, there was a popular class called “Arts 15: Introduction to the popular performing arts” — otherwise known as the history of rock and roll. The professor was, shall we say, opinionated. One test question that is still stuck in my craw follows:
The greatest rock and roll band of all time was:
Live and let live. So many problems in our world stem out of mindsets that bread breed hostility. Mindsets that require all others to conform to our way of thinking or system of beliefs. Narrow thinking.
Narrow thinking does not allow for the possibility of different explanations. Narrow thinking requires that there is only one answer and only one way that is right. Narrow thinking dominates our political, social and economic worlds.
It is the poison that is slowly killing us all.
I just realized that my blog was missing my blogroll! Travesty. Sorry about that.
Fixed.
I’ve been a long time subscriber to SANS news letters. Most days I have too much to do to really read them, but today as I was wrapping up the day I came across this nugget:
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
A fascinating battle is taking place today in the struggle between those
who recognize the need to move quickly to continuous security monitoring
(of critical controls) and those who are clinging to the now discredited
practice of preparing out-of-date, paper-based reports about security.
A US Office-of-Management-and-Budget-led initiative to improve the
metrics by which agencies assessed cyber threats was 50% successful and
50% hijacked by the report writers. All the federal CISOs were asked
this morning to help shape the metrics. We’ll let you know week by week
how the battle goes. It matters because billions of dollars were thrown
away (according to sworn Congressional testimony) on the discredited
reports. Once the federal government makes the transition to automation,
the defense industrial base, and then the rest of the US critical
infrastructure will shift quickly. And that will radically improve the
job prospects for people who can reduce risk vs. those who just write
about risk.
<snip>
TOP OF THE NEWS
–FISMA 2.0 Advances in the US House of Representatives
A bill that transforms FISMA from encouraging paper-pushing to automated
monitoring of security advanced in the House. The bill also calls for
the jobs of the White House Cyber Czar and Chief Technology Officer to
be permanent and subject to Senate Confirmation.
http://www.nextgov.com/nextgov/ng_20100505_8690.php?oref=topnews
Oh, how I would love to see the day come when Information Security wasn’t dominated by people who can’t do a damn thing to mitigate risk but do a great job talking the talk and writing the copy about it. I cannot count how many times I’ve run into a supposed “expert” who couldn’t even begin to pull apart a packet capture or tell me the difference between a Layer2 address and a Layer3 address. It is, as they say, Frustrating.
Recent Comments