Posted May 14th, 2007 by
rybolov
I got an email and a voicemail today from somebody selling compliance products.
The introduction was “I got your contact information off a Security Focus email list. Buy our products.”
Obviously, the sales guy didn’t read my blog and what I really think about compliance. I think there are greener pastures out there to find. =)
Voicemail, however, is a disturbing trend. Usually we play this little game where they send me email, I flag it as spam, and it goes away. Now they’re calling me leaving voicemail. What next, flowers at work?
Spammers beware: If you start buying me presents, I’m getting a restraining order. =)
Similar Posts:
Posted in The Guerilla CISO, What Doesn't Work | 1 Comment »
Posted May 14th, 2007 by
rybolov
I have one project that I’m looking to staff out in the East side of the beltway. It’s my secret little project that I have to turn loose into the world because I’ve done all I can do for it. It’s now time to turn it over to a decent information security manager and influence the outcome indirectly. Before you ask, no, this isn’t working directly for me, but it’s somebody inside my circle of customers.
Also my long-term goal (over the next year) is to hire somebody to work in Salt Lake City as a generalist security manager and responsible on-site adult. I figure I should start looking now because it’s going to be a long time to find somebody who lives in or wants to live in Utah and who knows how the US Government does security.
Similar Posts:
Posted in FISMA, The Guerilla CISO | 1 Comment »
Posted May 8th, 2007 by
rybolov
It seems like the last month people have been relying on me as the resident curmudgeon. I’m a little outspoken on how I feel, so it’s like people expect me to sit in a closet and they throw me slow-moving softballs so I can hit them out of the park. I get the feeling that people are using me to say no to things that they think are wrong and they just need confirmation from somebody else.
I get all the open-ended questions like the following:
- So Mike, how do you feel about us using $foo tool and providing this as a service for free?
- So Mike, we want to do this project and break all the security rules. Will you support us in it?
- So Mike, can we put client networks in this area that we have no control over who goes into and out of?
- So Mike, can we connect $bar network to $baz network and they talk back and forth even though they’re clients that are not supposed to know each other exists?
I mean, how much of a crotchety old jerk does everybody think I am? =) And still, I’m good for one lengthy email rant every week or so.
Similar Posts:
Posted in Rants, The Guerilla CISO | 6 Comments »
Posted May 1st, 2007 by
rybolov
I moved my blog to my own domain to save ISM-Community some licensing fees and because, well, I’m a bit of a control freak *gasp*.
The concept behind The Guerilla CISO is a bit of BOFH, a bit of ranting, and a bit of “do it this way because it works”. In other words, exactly what I would give somebody in person.
I’m slowly moving all the old content over and trying to keep at least the date of the original. I’ll lose all the comments and all of the content will be “stale”. At least it will get spidered soon enough.
It’s tough getting evicted. =)
Similar Posts:
Posted in Odds-n-Sods, The Guerilla CISO | 1 Comment »
Posted May 1st, 2007 by
rybolov
Why, out of all things, did they name the domain DILLIGAF? I still wonder to this day….
Our managed-services infrastructure was built by somebody else–temporary engineering labor from another business unit inside the company. They named the domain DILLIGAF.
For those of you not in the know, DILLIGAF is not a good word, it’s one of those quasi-military acronyms like “FUBAR”. It means the following:
- Do
- I
- Look
- Like
- I
- Give
- A
- F*ck?
Yes, we had some top-notch engineers working for us. Filthy buggers continued to charge us after they were done, too.
First time I heard the domain name, I got mad. Real mad. Reach out over the phone and hit somebody mad. I thought the guy just told me to go RTFM or something along those lines: “Oh, that server is part of the DILLIGAF domain.” Well, same to you, buddy.
But how can I explain the domain to my customers? “And this is where your data goes into the DILLIGAF network, where we take the utmost in care on how it is treated.” Answer is, I can’t say that with a straight face.
We had to change the domain. That’s an outage I gladly authorized. =)
Similar Posts:
Posted in Army, The Guerilla CISO | 6 Comments »
Posted April 24th, 2007 by
rybolov
During a recent conversation with Mark Curphey, we hit on a good idea. I have all these little stories that are about the secret activities around my data center and the bubbling stew that is the security community in the DC area, and I’m thinking about some way back-alley information that nobody on the outside knows. This conversation was the birth of The Guerilla CISO.
Think about The Guerilla CISO as sort of a Bastard Operator from Hell for the Information Security Management World. =)
Similar Posts:
Posted in The Guerilla CISO | No Comments »