woensdag 30 september 2009

Posting drafts: duh!

It happens at moments I am not paying any real attention to the posting itself. Something arouses my typing finger and boom, off it goes. I forget a picture, links, spell chekcing, and post right out nonsense that is soo totally off the wall not even the conspiracy specialists see anything useful in it.

So what do you do with incorrectly posted material? Of course I have the option to alter the text and up scale it and even to retract it, but that feels like cheating. It's like clearing up that blatant hole 'someone' left in the firewall ruleset and silently close it... it's just wrong. It's wrong because errors are an excellent stepping stone to knowledge.

As a rule I like asking the people I work for|with "So how many major incidents have you seen lately". The answer is often more revealing then one might expect. The classics are "None!" and "Define incident" and "That is classified". The one I really like is "One major last 6 to 12 months".

Companies claiming 'none' are more at risk then the others. Thing -do- go wrong and you not knowing is plain dangerous. The people asking for clarification work in a back stabbing culture where bad news shall and will be punished and thus manipulated till the color scheme of the report is all white, yellow and green. The final answer "one" gives me an indication that "major incident" is a weighted value where the worst incident of the year is major, a nice relative scale that I feel most comfortable with. Threats and risk do change, no matter what metrics one uses, no matter how many 'risk managers' and 'risk analysis standards' one uses.

Good [and a little lucky] security officers have the gift to correctly context incidents and know when things are really going down hill and when incidents are more defcon red in the political arena. Both requiere a different approach and a different toolset. Most of us love technology issues:
- Man in the Browser
- Sly holes in firewall
- Rogue route advertisements
- Script kidies
- Lack of bandwidth
- Application layer exploits
- Arp storms

These are in our comfort zone, we deal with them daily and enjoy the puzzle and the diffs we see in the pre and after traffic dumps. A few people I have met in the availability scene like the part of corporate culture where the presentations kick in. The moments of debriefing not-so-hot technical aspects to people who know more about golfclubs then we know about ASM. However, more often then not, that is where the real difference is made: they p0wn the resources and set the priorities.

So when I go out and look for a person to lead the availability department, I look for the person who gets his coffee from the machine that is closest to the techies. The person who actually gets the autistic CCIE to share anecdotes about his holiday and at the same time dares to make a remark about the drawing at the whiteboard.

They're few and far between but easy to spot as they stand out like wolf among sheep.

PS Click on the picture. It will take you to a free download of the whole album of 'The Slew'. A band that just loves to mingle rock, instruments & DJ's in a refreshing mix that is a perfect example how a healthy mix of different 'character & ability' upscales the individual parts of the sum.