Charles Gardner’s Effective IT Blog

….or at least I’d like to kill it.

I wasn’t going to comment on this whole parade of postings, but the camel’s back just broke. So here goes.

The first post I saw was No ROI? No Problem from Richard Bejtlich. I read it and thought that sounded in line with my understanding. Good enough.

Then Richard followed up with Security ROI Revisited to further the conversation.

The feed reader then produced Cutaway’s Security ROI is in the Eyes of the Beholder.

Also I caught Anton Chuvakin’s Security ROI Pile-Up! that hashes through several posts and some ‘in-house’ experts.

Finally we come today with Mike Murray’s I hate ROI.

I’ve got to start with the most foundational understanding I have, and that is that spending money is not the same as investing. An expense is not an investment. Investment is defined as “the investing of money or capital in order to gain profitable returns, as interest, income, or appreciation in value.”

Mr. Murray makes an example using a company that purchases a product for $100k that displaces $1.4M worth of payroll employees. He asks:

Now, did the product produce a return on the investment of $100K into it? You’d be hard-pressed to say that increasing company net profit by $1.3M as the result of a purchasing decision is not a return on the investment.

The problem is it wasn’t an investment in the first place. Yes, the fictitious company did cut costs, and of course that trumps ROI anyway. But let’s not call spending money on the overhead of a business an investment.

If we have to have yet another three letter acronym, let’s start using DUH. On second thought, that’s not an acronym. Still it works. “DUH, saving money is a good thing.” “DUH, protecting our butts might be smart.”

Grrrr…..

Rants

We’ll put this post squarely in the category of rants, but I just have to go there today.

One of my running pet peeves of the last year or two is the schism between antivirus and antimalware products. Frankly when antivirus vendors came out with antimalware products, I fully expected them to get folded back into the AV products themselves. In some cases it has, but in too many it has not.

What does it tell you about a vendor that releases an antimalware product separate from their antivirus? Well you can draw many conclusions, but the one that jumped out at me initially is this: The vendor just admitted that their antivirus won’t catch all the bugs you might expect it to catch, and rather than add that functionality to keep their AV current, fresh, and relevant, they’ll be tapping your wallet again. Correct me if I am wrong here, but isn’t a virus a type of malware? Shouldn’t one cover the other?

Now today I saw this Dark Reading piece: Symantec Unveils Anti-Botware. Yep, that’s an anti-bot app. Huh? There has got to be entomologists that are green with envy at the ability to slice bugs up into so many categories.

This should be a no-brainer. By the time you have a bot on your system, it’s over. Done. Fin. Game Over. Hasta la vista, baby. Wipe & reinstall. No excuses, no exceptions, no kidding. And shouldn’t the antivirus/antimalware crowd be taking care of the inbound pathways the bots use?

Maybe I’m just cranky. What do you think?

Rants

I just added the Jeff Doyle on IP Routing blog to my feed reeder. A couple of IPv6 postings brought me there, and several posts convinced me of the value of keeping up with it.

I like his No Way to Slow Down article on IPv4 depletion. After having read several such pieces on the subject lately, I thought this was a better written and more concise posting than others.

It’s a good sign when a blog is well enough written that I find myself digging back and reading most of the past posts. I’m impressed.

CCNA, IPv6, Routing

In the last couple weeks I have taken an interest in learning more about IPv6. In talking with fellow ServerGuy Todd, I figure that IPv6 will probably be in a mainstream role at some point during my career. Given that thinking, I’d rather be ahead of the curve and start building a good understanding now.

Here is a listing of a few resources I have used so far:

• Wikipedia – Good info to start.
• FreeBSD Handbook – Because we’ve been moving our production systems from Linux to FreeBSD in many cases.
• Everything you need to know about IPv6 – A very good article by Iljitsch van Beijnum who also happens to be the author of Running IPv6.
• Running IPv6 – I am addicted to books, so I just had to fire up the Amazon Prime and get one here stat. I’ve only just started it, but the quick glance and first chapter are very promising.
• Agencies, start your protocols – An article about the upcoming ‘deadline’ for Federal implementation of IPv6, or at least first steps toward it.
• BSDTalk #119 – A nice 15 minute overview of spinning up a lab with IPv6, BSD, and Vista.

That’s it for now, but stay tuned.

IPv6, Networking

This is a listing of the podcasts I currently listen to on a regular basis. I am putting this list here to share and to solicit suggestions for other good podcasts to add to the list.

• Cyberspeak
• BSDTalk
• PaulDotCom Security Weekly
• Blue Box: The VoIP Security Podcast
• SECTHIS.COM Security Podcast
• Network Security Podcast
• SalesRoundup Podcast
• Silver Bullet Security Podcast
• The B2B Marketing Podcast
• The Rear Guard

I have listened to a few others that have been hit-or-miss, but these stay in my podcatcher.

Do you have any favorite podcasts to add?

Podcasts

I just saw a link in a discussion at the Security Catalyst (thread is here) where Rebecca Harold pointed out the INFOSEC Year in Review compiled by Dr. Mich Kabay.

The project’s page is at http://www2.norwich.edu/mkabay/iyir/index.htm.

Last year’s report can be downloaded in PDF form from here: http://www2.norwich.edu/mkabay/iyir/2005.pdf.

At 525 pages, it’s not short reading, but even just a quick scan shows a wealth of useful information.

This was the first nugget that caught my eye. It’s dedicated to the paranoia in each of us:

KEYBOARD NOISE ALLOWS INFERENCE ABOUT WHAT’S BEING TYPED

Using sophisticated artificial intelligence programs, scientists from UC Berkeley have been able to deduce what people are typing simply from the sounds of the different keys. Doug Tygar and colleagues say that they don’t need to study the individual keyboard — the programs use the differences in sounds of keys on the outer side of the keyboard vs the sounds of the inside keys. The microphones can be outside the room being monitored. Over time, the software gets better, and “Once our algorithm has ten minutes’ worth of typed English, it can recover arbitrary text, such as passwords,” says Tygar.

Gotta love it.

Security

It was interesting to read Martin McKeay’s post today about stepping down as the Cobia Product Evangelist. It struck a chord with me because I’ve been recently looking at ways to improve my own career. Martin’s experience reminds me of a bit of ancient wisdom – Know thyself.

I know that personally I learn best from experience. Trying things is a great way to learn. You may learn more about a skill or technology, or you may learn you don’t want to do that job again. The important thing is that you learn from the experience. Far more learning happens in the deep end of the pool than the shallow end.

So kudos to Martin for trying something, for stepping out and going after an opportunity. And kudos to him for knowing when it’s time to try something else. You never truly know unless you try.

For me, I’m thrilled that 8 years ago I left a salaried position to start my own company. In the rougher times I contemplated shutting down and taking a job, but I know myself well enough to know that wouldn’t have been best. Sure a steady paycheck looks nice when things are tough, but it wouldn’t have lasted. The urge to roam would have come up as sure as tomorrow comes.

Looking forward, I am going to pursue more work in the realm of infrastructure. Many of the projects I’ve truly enjoyed have been around infrastructure so I will make a concerted effort to push in that direction. And if a little further down the line it’s not working, I’ll just look back at this post and think of trying something new. Whether it works or not, I should know myself a little better.

Rants