Week ending 092516

Quick hits as I re-ramp up my Week Ending posts.

  • Holidays in Japan while I’m back in the States.
  • Great feedback from the client about our work.
  • Wish I’d attended @Derbycon.
  • I’ve been back in Detroit on my return from Tokyo. Spent time with my kids, fun time talking about Tokyo and getting sushi (their idea) and my impending move.
  • A great guest joined us on @pvcsec – Marcelle Lee.
  • Professionally I connected with some new folk and a bunch of friends & colleagues.

Journalism & Ethics

Note: This is a total knee jerk reaction to the tweets & post from The Verge that Chris Ziegler was simultaneously a new Apple employee and an existing The Verge editor covering Apple.

Working for two employers at once isn’t new. It happens all the time.

But you can’t report about company B for company A while also an employee for company B. It’s Journalism 101, a class I took. I know famous corporate blogs and sites occasionally like to blur journalistic lines. This violation, if true, is clear.

Assuming Tim Cook didn’t appear apropos of nothing on Chris Ziegler’s doorstep the day his dual employment began, and nothing in what I’ve read so far indicates an immaculate hiring, The Verge should at least brand every article Chris wrote for the past 6 months as suspect. His motives aren’t known. We can only speculate when Mr. Ziegler entered into discussion and ultimately received the offer to join Apple.

Apple should dismiss Mr. Ziegler if the accusations are true. If he was duplicitous to The Verge management, co-workers, and readers it stands to reason he will be duplicitous to Apple as well. His ethics, at least, are questionable.

If someone I hired knowingly still worked in such a conflict of interest I would fire them for cause. I’d be curious to learn of environments where such action wouldn’t be the norm.

Again, I don’t know all the details or all the facts. If correct, the course for Apple and The Verge is clear.

My latest Thursday, 20160908

It’s a rainy, hurricane #Tokyo today. Yesterday was earthquake Tokyo.
@edgarr0jas and I recorded @pvcsec #EP78. I edited and uploaded #EP77 but the show notes are slow going. Someone deleted last week’s run sheet. No @timothydeblock or @cmaddalena or @infosecsherpa, sadly.
I’ve been diving into #blockchain and #fintech during breaks working on a client deliverable.
I can’t help but chime in on the @apple announcement: I’m glad I bought my iPhone 6s+ a few weeks ago. I think there might be a run on them (https://apple.news/AtodeT67IQiKYmKB2s3fvvA).
Big security day today, product and provider oriented. @Dell finished their @EMCcorp acquisition ( http://www.wsj.com/articles/dell-closes-60-billion-merger-with-emc-1473252540), @HPE sold their enterprise software to @MicroFocus (whomever they are; http://reut.rs/2ckMx4c), and @Intel spun off @McAfee Security (http://www.wsj.com/articles/intel-nears-deal-to-sell-mcafee-security-unit-to-tpg-1473277803).
Oh, and I’m playing around with http://www.dayoneapp.com.

A Bit of Travel

On my way to Tokyo as I write this, taking a break from a lengthy client report due in a few weeks.

I’m appreciative of some things:

Economy+ (or less an exit or lesser a bulkhead seat) makes a big difference for me when on a flight longer than two hours. Detroit to Tokyo and the return make it mandatory for me.

An unoccupied middle seat is wonderful.

A friendly and smaller than me person in the aisle seat makes getting out of my window seat (needed for potential naps, elbow protection, and no cart pummeling) outright delightful.

The 747: my favorite airplane. The 787 and 380 are swell and all. For my money there is nothing like flying this beautiful double-decker. I will fly the lower and upper decks in business/first class before they’re retired.

My new travel kit bag pleases me. Tom Bihn’s customer service is matched by the quality of their products.

Audible books and podcasts on @pocketcasts make the trip entertaining and educational while I write.

Kit & Caboodle: The Series & The List

Want to know what I’m carrying in my consulting bag?

Continue reading “Kit & Caboodle: The Series & The List”

Bad Consultant!

I’ve committed two cardinal sins of consulting: I was, for all intents and purposes, unreachable for several days and I have long lingering outstanding expenses.

I’ll save you, Dear Reader, from any details or explanations or excuses. Instead, I’ll use it as a launching point for composing a list of Consulting Sins.

  1. Discussing the client in public
  2. Posting on-line about the client, especially during client meetings.
  3. Leaving one client’s name & references in a document or presentation for another client.
  4. Abusing expense account and billable hours.
  5. Not being reachable.
  6. Letting expenses accumulate.
  7. Failing to submit billable hours on-time.
  8. Over promising and under delivering.
  9. Booking yourself in two places at once.
  10. Lack of preparation.
  11. Don’t proof read, peer review, spell check, and grammar check things going in front of the client.
  12. Overestimate the amount of time you have to deliver anything – you never have enough time.

I’m sure there are more. One colleague of mine would definitely include failing to carry a stain remover. Add your recommended cardinal consulting sins in the comments.

Ad hoc operations in the SOC can lead to pain | Me on IDG.TV

At CircleCityCon, CSO’s Steve Ragan chats with Paul Jorgensen, host of the PVC Security Podcast, about ad hoc processes within many security operations centers (SOCs) and how organizations can prevent these types of mistakes.

Source: Ad hoc operations in the SOC can lead to pain | IDG.TV

I relished talking with Steve Ragan at CircleCityCon in Indianapolis last weekend (Saturday 11 June 2016). He recorded us in a bite-sized elevator-pitch of a summary of a key point or two of my talk, “Top 10 Mistakes in Security Operations Centers, Incident Handling, and Incident Response”.

Yes, our first take failed. We were joined then by Chris Maddalena, my co-host from the PVC Security podcast. Chris couldn’t be bothered to join us for the redo, probably because he was busy winning the whole conference or something.

Not only was I moments away from my talk as Steve mentioned in the open; I left straight from my session to the airport en route to Tokyo for work. You can’t see my luggage lurking behind me in the video.

Many thanks to Steve and IDG.tv for having me on. It was fun, deja vu included.

p.s. – I think the rhyme in the title could have been exploited more #justsayin

Interim Symantec President Says Things, Causes Space/Time Rift To Open

Symantec will be filling an important product gap with its acquisition of Blue Coat Systems, Symantec’s interim president and chief operating officer Ajei Gopal said in an interview with Dark Reading this week.

Source: Symantec’s Purchase of Blue Coat Fills Critical Product Gap, Interim President Says


Symantec was smart to buy my company, Blue Coat, and install me as the new president and CEO of Symantec. And as I’m the new Symantec head honcho I agree with the comments made by the former president and CEO of Blue Coat, the company Symantec just acquired.

And thus the PR multiverse folded in upon itself.

Presentation: Top 10 Mistakes in SOC, IH & IR from @CircleCityCon

Here is the PDF with speaker’s notes of my CircleCityCon 2016 talk: Top_10_SOC_CCC2016

The video of my talk is here.

I thoroughly enjoyed speaking at the conference. Thank you to the audience, who were fantastic. I would be remiss if I did not also thank the CCC organizers for bestowing the honor of speaking upon me.


Weekly Review: week ending 04 June

Here’s me returning to the weekly review habit.

I had a busy week, my second in a two-week business Tokyo trip. I found, and my colleagues helped me find, plenty of time for personal fun time.

The first bit of fun I found on Sunday. I wandered through various Tokyo districts recommended to me:

  • Yushima & Nezu, both near to Ueno
  • Ochanomizu & Bunkyo, both near Akihabara
  • Kagurazaka, near central Tokyo

A list rundown isn’t necessary as all five neighborhoods were quaint, quiet, and places I can see myself living. Next trip I’ll check out other options.

The biggest news has to be the trackball I found. It’s made by Elecom, a company lacking a great reputation. Yet they offer what’s essentially a wireless Microsoft Trackball Explorer with extra buttons!

Fixing my return flights is best described as nightmarish. Delta and SkyTeam better integrate their systems than American and the oneworld partners. Topping it off, when I stopped in at the Admirals Club at NRT they wouldn’t take my Alaska Airlines Boardroom membership for lounge access. I purchased my ticket on American. I had a connecting American flight. However, according to their rules I should only gain access if I’m flying on AA metal. The lounge staff was fantastic and granted me access anyway PLUS addressed my seat assignment issue.

I cleared out my expense backlog, long overdue.

I presented my IBM Watson Summit Japan talk about hybrid SOC & cloud technology for about 60 colleagues. I presented a proposal pitch to a customer. Both proved successful and interesting (for me, anyway).

Colleagues pulled me into new customer opportunities. My “dance card” is full. That is a good state of being for a consultant.

The Security Culture Conference in Oslo was the victim of this demand. I have to return to Tokyo the same week. Hard to be in two places at once when you’re not anywhere at all, let alone if they’re on opposite sides of the globe. I had a whole week of vacation around the event planned.

Seated next to me on the flight to ORD was a fun 4 year old girl who slept less than her mom did. She, the girl & not the mom, talked to the videos she watched and had trouble sitting still. The poor fellow in front of the girl received the abuse of pushing-feet-on-the-seat. I enjoyed the extra elbow room.

O’Hare is a miserable airport. It reminds me of a quote from “The Silence of the Lambs” movie I’ll paraphrase: “It’s like the elaboration of a bad joke”. It also reminds me of Zork: “You’re in a maze of twisty passages, all alike”. The Admirals Club lounge is old, crowded, and dirty. The staff is nice enough. The remodel cannot come quickly enough.

When I arrived in Detroit there were no Uber cars available. I took a taxi with a driver new to the city, a bad situation when dozing off constantly (me, not the driver).

Ending on a positive note, the weather is nice.