It seems like the last month people have been relying on me as the resident curmudgeon.  I’m a little outspoken on how I feel, so it’s like people expect me to sit in a closet and they throw me slow-moving softballs so I can hit them out of the park.  I get the feeling that people are using me to say no to things that they think are wrong and they just need confirmation from somebody else.

I get all the open-ended questions like the following:

• So Mike, how do you feel about us using $foo tool and providing this as a service for free?
• So Mike, we want to do this project and break all the security rules.  Will you support us in it?
• So Mike, can we put client networks in this area that we have no control over who goes into and out of?
• So Mike, can we connect $bar network to $baz network and they talk back and forth even though they’re clients that are not supposed to know each other exists?

I mean, how much of a crotchety old jerk does everybody think I am? =)   And still, I’m good for one lengthy email rant every week or so.

• How I Became the Owner of Two Rogue WiFi APs
• What the Government Looks for in a Product
• My New Fan Club
• My System Environment
• Combatting Tool Creep

I finally got an EZPass for the Dulles Tollroad.  It cut my commute down from 45 minutes to 25 minutes–it’s complete magic.

However, in amongst all the other material that comes with the transponder there is a privacy policy about disclosure of your EZPass records.  Go read it and you’ll understand when I say this:  Don’t put a bulleted list of people in your privacy policy unless you disclose PII to them because it’s too easy to misunderstand!!

I had to read the policy at least 3 times before I realized that they only release with a court order.   I guess we should just chalk it up as a lesson learned in “don’t write it this way”.

• Do You Know What FISMA Is?
• RealID V/S Court Security Improvement Act of 2007
• Remembering Accreditation
• When the News Breaks, We Fix it…
• Civilians Ask “What’s With All the Privacy Act Kerfluffle?”

I moved my blog to my own domain to save ISM-Community some licensing fees and because, well, I’m a bit of a control freak *gasp*.

The concept behind The Guerilla CISO is a bit of BOFH, a bit of ranting, and a bit of “do it this way because it works”.   In other words, exactly what I would give somebody in person.

I’m slowly moving all the old content over and trying to keep at least the date of the original.  I’ll lose all the comments and all of the content will be “stale”.  At least it will get spidered soon enough.

It’s tough getting evicted. =)

• DILLIGAF!!!
• I’m Big and Open
• CISO’s “Book of Death” for June 22nd
• How I Became the Owner of Two Rogue WiFi APs
• Some Thoughts on Comments to My Blog…

Why, out of all things, did they name the domain DILLIGAF? I still wonder to this day….

Our managed-services infrastructure was built by somebody else–temporary engineering labor from another business unit inside the company. They named the domain DILLIGAF.

For those of you not in the know, DILLIGAF is not a good word, it’s one of those quasi-military acronyms like “FUBAR”. It means the following:

• Do
• I
• Look
• Like
• I
• Give
• A
• F*ck?

Yes, we had some top-notch engineers working for us. Filthy buggers continued to charge us after they were done, too.

First time I heard the domain name, I got mad. Real mad. Reach out over the phone and hit somebody mad. I thought the guy just told me to go RTFM or something along those lines: “Oh, that server is part of the DILLIGAF domain.” Well, same to you, buddy.

But how can I explain the domain to my customers? “And this is where your data goes into the DILLIGAF network, where we take the utmost in care on how it is treated.” Answer is, I can’t say that with a straight face.

We had to change the domain. That’s an outage I gladly authorized. =)

• My System Environment
• My 2 Obsessions this Week
• Personnel Turnover
• In This Corner, the Business Reference Model
• Taking a Cue From Hermey the Elf