Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

February 05 2012

wimming

My first board meeting

As I'm sitting on a plane out of Tampa, FL I can take the time to  reflect  on the past few days as I attended my first ever (ISC)2 Board Meeting. My head abuzz with all the ideas that came up, the pleasant and interesting conversations and trying to remember the dozens and dozens of people I met, I will try to order my thoughts.

First off, I couldn't have expected a better and warmer welcome than the one I received from the existing, former and new board members and the (ISC)2 management. Taking the time to answer each and every question I had about the organisation, the structure and the working of the board. Just being there and appreciating my first and sometimes hesitant interjections or simply ridiculous questions meant a great deal to make me feel comfortable. Obviously points of view may differ on certain subjects but open and honest discussion is the fundament on which consensus is build. 

Secondly, if there is one moment I will remember as a "we're doing awesome stuff here" moment it must have happened when I was led around the office and met every single member of the (ISC)2 staff. Any organisation flourishes by the passion and dedication of the people it employs. I can't be more excited about what (ISC)2 can accomplish, and already is accomplishing, with these teams. 

You have all voted for me to become a Director on this Board supporting a specific platform. Now more than ever am I convinced that we can do this. Not me alone but together with the fellow board members I get to work with, (ISC)2 in itself and you, as a member.

Anybody familiar with how a Board actually works, understands that I will not make comments on the opinions and or decisions of any individual board member, I will also not discuss any of the meetings beyond what's published as minutesfrom said meetings on the (ISC)2 web site. While I appreciate that some will take me up on this decision, it's the only reasonable thing to do in order not to shame the trust you have put in me by voting for me and to maintain the relationship I've build with my fellow board members. I can only hope you understand this.

In between quarterly board meetings I will be active on several committees that prepare motions for the Board. I will be active on those that work on issues I've put forward in my platform. As you may know (it's pretty similar to how your parliament works) committees are where the hard work happens. I have chosen not to take on a chair for any of the committees that exist here because I want to focus on getting to know how everything works before I take up additional responsibility. 

If there's anything you want to see specifically addressed, don't hesitate to drop me an e-mail. I will either direct you to the correct persons within the organisation to handle it or put it on my agenda.

January 10 2012

wimming
If you haven't found it yet, keep looking. Don't settle. As with all matters of the heart, you'll know when you find it. And, like any great relationship, it just gets better and better as the years roll on.
— Steve Jobs
wimming
8627_d355
Reposted bygotohell gotohell
wimming
8566_a391_500
Reposted bythedogswhiskyandtequilademonfoeaferciagotohellegoisteezerocool911silentballerina

December 21 2011

wimming

Misconceptions about security errata

I have one word for what went down in the twitterverse today : wow!

The post on securityerrata.org put the community on fire and honestly, I wouldn't have expected anything less. Security B-Sides has, in a very short period, become something a lot of people are passionate about. It represents, in a large part, what this community is about : passion for information security, knowledge sharing and pushing the enveloppe. It's real, it's global and it works. 

Contrary to what you might expect I am not gonna make assumptions like others have done before me.  I wanna get something straight about what a lot of people have taken for granted : security errata.

Whether you're Gregory D. Evans, Ankith Fadia, Steve Gibson or HTBridge doesn't matter. If you're on the errata page, I believe there's something fishy about how you work, how you interact with the community or how you present yourself. Why? It's quite simple actually ...

When accepting errata articles, Brian Martin and the crew behind attrition.org are extremely scrutinous about the material.  I've learned that the hard way. Writing for errata is probably the most demanding thing I have done ... ever! Yes, I've done it and it sucked the blood out of my fuzzy cojones. Every single fact you present needs to be supported by substantial evidence (which doesn't necessarily end up on the site), every claim is scrutinized and every document is read and re-read before it ends up on the site. Briann will, at length, fact-check with both sides where possible. I know he has in several instances, I can not confirm it has happened in this case but knowing how it works I'm inclined to think he has at least tried.

Errata is not a joke people. It's not a tool to be used to randomly attack people. It will not lend itself to mud-slinging and personal vendettas. Errata is serious business even though the Laszlo takes the fuse out of it once in a while.

Obviously, there's lots of you sitting at the sidelines ready to root for your favorite fighter. It's easy, it's convenient and we all love a good bitchfight.  My advise is to understand the platform and to be familiar with the rules in the arena before taking sides.  

It's no secret Chris Nickerson is a good friend of mine but I'm just as interested to hear Mike Dahn's side. It's been 15 hours since the release ... the community is waiting.

November 30 2011

wimming

#wimming in Colombia

It's funny that a stupid hashtag with my name that started jokingly is still alive and kicking after so many months.  While some might think this is an ego thing, I'd argue that is far from the truth. However, a lot of people might be curious what this 'wimming' thing is ... or has become.  Lemme explain ;-)

The start :
some fellow on the PTES mailing list kept spelling my name as 'win' (I'm looking at you @indi303) and when I corrected him he said "not true, cuz you're wimming". It was right about when Charlie Sheen was rocking the twitterverse with Tiger Blood so it became a hash tag.

The truth :
'wimming' is not about me but it's what usually happens when likeminded people end up in places far away from home and create the space to talk shop, reinvent themselves and just have a kickass time. For me 'wimming' moments are inspiring, energizing and I learn a lot from them. 

How does Colombia fits into this picture :
The team that came to Colombia for the first SecZone event was another set of likeminded people. I get inspired and energized from people like Dave Kennedy, Chris Nickerson, James Arlen, Dave Marcus, Georgia Weidman and everybody here that I'm not mentioning by name. It's amazing to be allowed to pick their brain and I think I'm not only speaking for myself when I say this one is another one for the history books.

The event set up by Edgar Rojas and his team was of unseen quality for a first time event. It seemed like they have been doing this for years. They had an awesome turnout, an amazing location, audience participation, ... and I've heard nothing but good feedback.

When I'm hopping on the plane to reunite with my family tomorrow, I'll have plenty of awesome memories and lots of energy and inspiration to do what we have to do : Do Security Right!

'wimming' results in awesome stuff and if that's what it takes to have my name connected to a hashtag, I'll allow it.

November 26 2011

wimming

lost in translation

You tried to tell Nathan that he had to finish that report by close of business on Tuesday. It's Thursday now and he just sent it to you. You're livid!

Your boss burst into your room late Wednesday afternoon yelling at you and asking where that report is you had promised to finish by Tuesday. Tuesday? In the team meeting you agreed on Thursday !!!
He can't just change the rules like that.

You just got word that your project got denied. Your organisation needs to be PCI compliant by end of year and without this project this is never gonna happen. You're desperate ...

At today's management meeting the PCI project got discussed. While flipping through the powerpoint you noticed John was checking his blackberry and sipping coffee. Linda was flicking her finger across the screen of her iPhone. No doubt birds were crashing into weird constructions. You go ALT+F4 on the powerpoint and deny the project. It needs more explanation.

Whenever communication runs awry two roles emerge from the murky water : the culprit and the victim. There's usually two of each and (surprise,surprise) normally one person plays both roles at the same time.

Now guess what ... communication in it's very basic sense does not have a victim and a culprit role. There's 4 basic components to communication :

1. The sender : the person who intends to transmit a message using a specific medium to a receiver.

2. The message : this is the element of information intended to be transferred by the sender to a receiver.

3. The medium : the most appropriate vehicle to carry the message from the sender to the receiver.

4. The receiver : the person or persons the sender intends to transmit his message to.

Ok, there's a 5th element : Noise. Any medium can have a certain amount of noise that possibly impacts the transmitted message.

Now ... if the sender does not perceive the intended results after he has transmitted the message, in general, the receiver is never at fault.  Why you ask?

1. It is the sender's responsibility to format the message in such a way that it can be transmitted as intended over the chosen medium to the receiver.

2. It is the sender's responsibility to choose the medium that is most appropriate (with an acceptable noise level) to transmit the intended message to the receiver.

AND

3. It is the sender's responsibility to tune the message according to the level of understanding and knowledge of the subject at the receiver's end!

Next time your communication fails to levy the expected actions or results, don't blame the receiver or assume it "got lost in translation". Look at yourself, learn from the mistakes and do better next time.

Communication ... it's what matters.

 



November 22 2011

wimming

SecBiz@Home

SecBiz@Home

We've spent a lot of time on discussing the divide between 'security' and 'the business'. In fact we've spent so much time on it that instead of closing the gap that is there, we have probably widened it by alienating valuable resources from both sides.  We've had leaders that have taken us nowhere and followers with nothing but a vested interest in maintaining the gap. I want to take a completely different approach.

What we basically need is a network of recording devices in boardrooms around the globe. These devices will basically record every single word uttered in those rooms and index them in one big database. The client that you, the SecBiz@Home member, install on your desktop, laptop, iPhone, Android Device, Blackberry, iPad or any other computing device (we will be truly cross-platform) will receive work packages to analyze. If the client finds an indication that security might be understood by people in those boardrooms it will report it to a central HQ which will immediately dispatch 'Team Sierra' to the location to eliminate the unsub.

I know it's a golden idea because it will allow us to maintain the status quo. It fosters inertia and prevents change. It is awesome.

Admit it, you love it. More than you loved SETI back when we were looking for E.T.'s brothers and sisters!
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.