I’ve left Verizon. A lot of folks have come up to me and asked, so I thought I’d indulge in a rather self-important blog-post and explain something: It wasn’t about Verizon, but about the opportunity I’ve taken. Wade, Chris, Hylender, Marc, Joe, Dave, Dr. Tippett & all the rest – they were all really, really…Read More Change.
It’s occurring to me this morning that in terms of benefit/cost, purely in “damage to society” terms, the decision to put html in emails could be one of the worst ideas in the past 25 years. But that’s just me. Your thoughts on others in the comments?Read More Worst.Technology.Application.Ever. (?)
From Krugman (commentary is his): “Without metrics, you’re just another guy with an opinion. — Stephan Leschka, Hewlett Packard When I hear words from almost anyone about how their approach is better than some other approach, I think of this quote. And as Daniel Patrick Moynihan said: Every man is entitled to his own opinion,…Read More Quick Quotes For Your Morning
Seriously. Interesting. Go check this out: http://securityblog.verizonbusiness.com/2011/04/12/veris-community-project-update/ Take a look, impact information!Read More VERIS Community Data
Hey Kids, Reader Mark Wallace wrote in a comment to the blog yesterday, and I wanted to answer the comment in an actual blog post. So here goes: — Mark, Thanks for reading! There’s a point where publicly writing forces me to answer a few questions that I’m not ready to make a quick decision…Read More Why Do You Write The Way You Do?
The thread “What is Risk?” came up on a linkedin Group. Thought you might enjoy my answer: ———————- Risk != uncertainty (unless you’re a Knightian frequentist, and then you don’t believe in measurement anyway), though if you were to account for risk in an equation, the amount of uncertainty would be a factor. risk !=…Read More What is Risk (again)?
I participated in another security metrics and risk discussion yesterday (yeah, me talk about metrics & risk – you don’t say). As part of this discussion someone echoed a sentiment I’ve been hearing more and more of recently. A casual acceptance of the logic of metrics and data followed quickly by a dismissive, skeptical statement…Read More Why The New School Is Important
Hey! Tomorrow at 1pm ET reg now: @joshcorman & I redux our (in)famous ‘Metrics are Bunk!?’ debate from RSAC 2011: http://bit.ly/i6z1BLRead More NewSchool Zombies, Moneyball, & Metrics
Not crazy like Sammy-Hagar-has-clearly-abused-his-brain-and-its-giving-him-bad-information-to-come-out-of-his-mouth crazy, but crazy like, there-are-so-many-good-talks-you-can’t-possibly-not-get-value-out-of-the-conference crazy. For example, I’ll be talking twice. Once with Dan Geer and Greg Shannon about Prediction Markets in InfoSec. Then I’ll be giving one of THE FIRST EVER (!) debriefings of the 2011 DBIR (which is going to be crazy like both of the above). I’m…Read More Hey! SourceBoston is going to be CRAZY!
Rob is apparently confused about what risk management means. I tried to leave this as a comment, but apparently there are limitations in commenting. So here go: Rob, Nowhere did I imply you were a bad pen tester. I just said that you should have a salient view of failure in complex systems (which…Read More Back to You, Rob!