Layer 8

Security is fundamentally about people, and everything we know about people is relevant to security. -- B. Schneier

Making sense of the media.

Mike Rothman had a good rant today about the big tech media players.  I have so much already to read and do that I have no time to peruse general tech publications any more, unless they relate to security or I get led there on a particular topic from somewhere else.  Even my free publications like Information Security Magazine pile up on my desk and gather dust. 

So what’s up with the paid report sector?  I admit it’s been many years since I worked for a place that could afford analyst subscriptions like Gartner.  I still get a few reports and quasi-freebies handed to me, though, and I still don’t get the value added there.  As far as I can tell, they’re all writing either for executives who want to go on a spending spree and need to know what else to buy, or they’re writing for vendors in the space who want to know what their competition is doing (and whether they’re getting better publicity).  Every time I’ve seen a quartile chart, it only told me things I already knew.  Am I just keeping up better than I think by reading free stuff on the web, or are these paid reports not worth the simoleons?  Are there any tech publications that really distinguish themselves?  and if so, how?  Do any of them really go to 11?

Maybe it’s product and FUD fatigue.  I’m tired of reading about the latest and greatest software/appliance/gateway/acquisition/merger.  I’m tired of reading about the same security headlines over and over again.  Even the exploit sites are starting to blur in my mind.  When Microsoft releases 26 patches in one fell swoop, how is anyone supposed to pay sufficient attention to understand each one of them?

I’m not even a tech-illiterate manager; I was informed just today that I allegedly have a “massive clue.”  (Of course, that might just have been an attempt to butter me up in advance of a performance review.)  If I’ve got report fatigue, what must it be like for others?  I can understand how any executive who hasn’t spent years in the security realm could get overwhelmed by the media and just want to bury her head in the sand. 

What is the well-dressed ISO buying this year?  Security shouldn’t be about fashion, and yet that’s what it’s starting to feel like.  If the crowded vendor space can’t be disambiguated, and therefore the trade mags don’t have anything new or different to say, then doesn’t it come down to which designer you like the best, and whether you have one of every accessory in your closet/server room?

I’m just waiting for the Vogue equivalent in the security world ...

Posted by shrdlu on Tuesday, October 10, 2006
(2) CommentsPermalink blogmarks Favicon del.icio.us Favicon Digg Favicon Fark Favicon Furl Favicon Google Bookmarks Favicon StumbleUpon Favicon Technorati Favicon TailRank Favicon

Next entry: Everything You Know Is Wrong.

Previous entry: A quick look through my inbox.

Comments

Alex Hutton United States on 10/11  at  05:28 AM:

Feeling like we’ve jumped the shark, are we?

What you say is true.  I think half the reason we’re hearing all about NAC is that there’s nothing else to talk about.

LonerVamp United States on 10/11  at  07:34 AM:

The security space is getting more and more crowded with both practioners (of varying quality) and the vendors selling security to them. I’m sure some less-stellar folks find those sorts of reports useful and informative. Is this all perhaps part of a watering down of the space?

Me? I’d rather spend money on a good staffer who is enthusiastic about Snort than on reports telling me which IPS/IDS/AV/Spam appliance I should get (and then support, and then train staff on, and then keep updated, and then replace after lifecycle, and then justify when the threats and exploits change with the wind…). Skip trying to pony up for ISS and instead get someone who can be surgical with free vulnerability testing tools.

I’d love to just keep it down to basics. I see little reason to spend money on flash and glitz like so many products are showing off. Some fancy products really are worth it, but I think most are like buying $4 bottled water when you can get it from the tap just fine.

Your mags gathering dust makes me smile. At my previous job I used to get about 4 of those mags, but they would only get a quick 10-minute flip-through otherwise they’d pile up on my desk. They remind me of the magazine Muscle & Fitness (it’s a guy thing, mostly). You can read that mage for a year, but after that, you’re really not learning anything new. There are only so many muscles in the body and ways to work them. If you know the basics of muscle mechanics and supplements, you know all you really need to know. Otherwise, it’s just about saying the same thing over and over only with different words. I didn’t bother changing any mags other than TechNet over to my new address when I switched jobs last spring. I’d rather read blogs.

Page 1 of 1 pages

Add a comment

Name:

Email:

Location:

URL:

Smileys

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below: