I felt a great disturbance in the Metaverse as if a million computers cried out in a blue screen of death and were suddenly rebooted. And as I sat transfixed by the enormity of the problem, the potential for someone to shut down the main reactor forever destroying the Internet as we know it I heard a voice, it was Howard Zuse and he spoke to me in plain calculus, or as he called it Plankalkul, but since I have always been bad at math and don’t understand German I was left confused and alone. I moved uneasily in my Herman Miller Aeron chair as my mind wandered in and out of states of digital consciousness, finally darkness overtook me. When I awoke I had this unsettling feeling that I had to get to Alderan to pick up some power converters but the only one who could guide me through a civilization on the brink of collapse was a cyberpunk pizza delivery warrior prince adorned in a leather kimono armed with a lone sword. As my eyes focused what started as a dream became a reality and spread through the stars but the silence of the moment was quickly broken as a digital voice spoke “the internet is too important for me to allow you humans to jeopardize it, I must destroy you Dave” I wondered why he was calling me Dave, but before I could ask the warrior prince drew his sword, on which was engraved the term Ultima Ratio Regum, and held it high and shouted “computer, compute to the last digit the value of pi”…
I just returned from a week of partner, customer and prospect visits and met with some really smart IT ops and security folks who are in the trenches fighting the day to day battles most of us in the blogging community have condemned as fighting the wrong battles. It is easy to do, one simply grabs their computer and writes something like “We are fighting the wrong battles” or one could ramble on incessantly about how we are not really doing anything wrong we just need to call it something different since we are not really securing information, and unable to attain security – fzzzpt, noise, pop, fizzle, crack – of course we simply change security to a different word since it is the lexicon that is broken, the definitions, misused and misaligned, seriously though what is secure anyway? what is risk management? (that is a rhetorical question Alex)
The security, risk, compliance, and survivability blogging community has become a tangled web of self-referential, cross-referencing trackbacks, ever escalating meme’s driven from the depths of one’s navel. Not that there is anything wrong with that, mind you, it is what it is and it makes for pleasant reading, although not necessarily value-added or actionable.
Yet among the intertwined swamps and marshes of borderline literate prose and grammatical acumen the likes of which have not been seen since the introduction of Hooked on Phonics there lies nuggets of actionable information. Of course without the bumper sticker philosophers, without the back of the napkin attempts to revolutionize a multi-billion dollar industry, without the silly pictures and cute references, the really useful stuff would be pretty damn boring. So although I declare 2007 the year of self-referential navel gazing for the security blogging community I commend many on their attempts to add real value to the conversation, sharing their experience, their knowledge, and their time and to everyone else – well there’s nothing wrong with gazing at your navel and then sharing it with the world either.