Kevin's Space

From: Do you think you’re a strategist? You’re probably wrong.

It is a cliché that everyone thinks they’re a strategist. The reason everyone thinks they’re a strategist is because they don’t know what a strategist does.

Get a reality check. Odds are you are not a strategist.
Strategy requires thinking conceptually and creating something from nothing. So, for the most part, if you need to see something in order to do strategy then you are not doing strategy, you’re doing editing. 

Strategists usually favor thinking about the future instead of the present; strategists I admire are bored by what is and focus on what could be.

Also, strategy means constantly making decisions based on incomplete information. It means taking intellectual leaps of faith that could derail many departments in an organization, and doing that with confidence.

The best thing you can do for your career is take a personality test to understand your strengths. If you are an INTJ you really are a strategist.  If you are not an INTJ, the fewer letters you have that match that, the further away from strategist you are. So get some self-knowledge before you declare yourself a strategist.

Guy’s out walking in Manhattan when he sees a street vendor selling unmarked aerosol cans. He’s curious and asks what’s in them, and the vendor says, “Tiger repellent.” The guy points out that there are no tigers in New York City, and the vendor replies, “See how well it works?”

Back in January I posted here about 20 things that I plan to accomplish this year. Time to check in and see where I am.

Just for safe keeping, this is the area of focus for my house (condo) hunting. 

Quote

My Live Search Maps collection

searching area

Cathy and I are off on a Road Trip to Glacier National Park.

see the route here: My Live Search Maps collection

Happy to report that I can cross another item of my list. I received notice earlier this week that I passed my CISSP exam and will soon be certified. A candidate has to have their experience vouched for and then the certificate is sent out.

It was a 250 question paper based exam. I'm happy to report that I learned quite a bit in the course of studying.

I've been an advocate of patterns in security for some time now. Design patterns for software and even systems have been in place or are gaining additional acceptance.

Its great to see the concept of patterns being advanced in security. Today I did some reading on CAPEC - the Common Attack Pattern Enumeration and Classification. My major critique is that is focused mainly on attack in the code, that is how an attacker would exploit weakness in the code base. Given my current position, I was hoping a project with this name might be focused on how to use intrusion detection techniques (host, net, etc) to model these attacks and react to them rather than just watching bits on the wire.

Despite what my CISSP text has been telling me...

TSA Loses Hard Drive With Personal Info

May 4, 10:03 PM (ET)
By MATT APUZZO

WASHINGTON (AP) - The Transportation Security Administration has lost a computer hard drive containing Social Security numbers, bank data and payroll information for about 100,000 employees.

Authorities realized Thursday the hard drive was missing from a controlled area at TSA headquarters. TSA Administrator Kip Hawley sent a letter to employees Friday apologizing for the lost data and promising to pay for one year of credit monitoring services.

http://apnews.myway.com/article/20070505/D8OTUCJ80.html

As much as I think having a centralized, or at least unified, agency like the TSA is a good thing; it seems that they haven't mastered basic security concepts in their all around business if things breaches like this are able to occur.

Today, there are two Americas, not one: One America that does the work, another that reaps the reward. One America that pays the taxes, another America that gets the tax breaks. One America that pays $40 dollars for a haircut, another that pays $400.

Way to go John Edwards; you redefine the word hypocrite.

Try not to sue anyone on the way to the parking lot.

After nearly two years of dealing with the absolute lemon that was my Toshiba Tecra M3 (loud fan, finicky disk, video flicker, overheating, etc) the powers that be have bestowed a new laptop on me.

Introducing:

Its a Toshiba Portege M400. I won't go all fan-boy and post my full specs in my sig, but you get the picture. Its an all around nice machine and my first tablet.

Oh, and its running Vista out of the box!

Taxes are already done so mine as well focus on the 3rd one.

Last night I turned on my DVR from Comcast to discover that my problems with a filling up hard drive and many shows to watch had been solved.

The unit decided to delete everything from the drive leaving me with 0 recordings and 0 scheduled programs.

Lets put that into perspective, its like:

• Opening your washing machine and your clothes have vanished
• Looking at your bank account and finding a $0 balance that you cant explain
• Turning on your computer and mysteriously not having any files
• Waking up one day and not having any memories

Yes its thats bad, I'm not saying TV is a life or death thing, but I pay for a service. Now I now what Comcast is going to say: "Mr. Sullivan you pay $10/month for the DVR box". I'll argue that the box is useless without the data. This is a sentiment we hold dearly in the information security field. Furthermore, being a busy working professional I watch nearly 100% of my television programming from the DVR. In order for my $60/month cable tv subscription to be worth anything I need to have the full functionality including preserving recorded data until I view it.

its amazing how soothing taking care of little things can be...

calling insurance company about a pestering question

closing an unused bank account

updating my calendar

cleaning out my wallet

i feel much better now!

Another one of my 2007 commitments is complete, this one on the professional side.

I achieved the certification of Microsoft Certified Systems Engineer: Security for Windows Server 2003

This required 8 grueling exams. Strangely, I took the first test almost 5 years ago in April 2002 when I was still an undergraduate.

Now I will be working on the CISSP exam.

Earlier this year, I made a new year's commitment to explore more of Seattle's Restaurant scene and try new places instead of the same old belltown haunts that I've become used to, despite how good they are.

Well, since we are coming up on the 1/4 way mark of 2007 here is a from memory listing of the places we have tried in the past 10 weeks in no particular order:

• BOKA
• Canterbury Ales and Eats
• Paddy Coynes
• Rendezvous
• Tavolata
• Paragon
• T.S. McHugh's
• La Vita e Bella

I should also give some mention to two out of town restaurants that we have greatly enjoyed this year:

Glowbal Grill and Satay Bar - in Vancouver's Yaletown Neighborhood

Brewhouse - in Whistler Village