A Fresh Perspective

After returning from a nearly two week vacation I realized how important it is to take a break, get away, relax and recharge. While the first day back at work was a rather painful adjustment to the reality of work and not being able to do whatever I wanted for the day, on day two I realized that I had clarity on some things that had been rather fuzzy before vacation. It was like when the coffee kicks in on a morning after a good night of sleep and suddenly things make sense - only more so.

So my summer 2011 advice is get out of the house, get out of town if you can and spend time with people you love and who love you be it friends or family. Or, if you are so inclined get away for a few days alone. Do something fun, try something new, consider pursuing a hobby completely unrelated to your job. Leave the cell phone at home (or at the very least turn off the pulling of work emails.) I found camping where there is no cell signal whatsoever helps if self control does not allow a completely off the grid getaway.

Know Thyself -> Subtitle: Is DIY always a good idea?

A recent presentation I did at work for management about justifying hosted SIEM (Security Information & Event Management) and some follow-up questions from leadership got me thinking about the do it yourself ethos. I think IT in general and InfoSec specifically are big on DIY and this is for the most part a good thing in my opinion.

Products/solutions like Snort/Wireshark/Metasploit/etc. would not be what they are today without the roll up your sleeves, pour yourself another cup of caffeine, get down to the bits and bytes or hex command line foo.

(You knew the but was coming.) But when does trying to be all ninjas to all people become your achilles heel? If you are in a small IT shop is it realistic to think I (or perhaps you the reader) can be a master of all [CISSP] domains? Could trying to do it all lead to missing important stuff while trying to figure out whether or not to worry about a particular IDS event that may or may not be important.

Maybe this is about trying to reassure myself that the insecurity devil that occasionally sits on my left shoulder saying "YOU ARE A NOOB AND A POSER AND YOU WILL NEVER BE A NINJA" is just a figment of my imagination. Or perhaps I am taking a look in the mirror and trying to have an honest self assessment and admit that I am better off finding a good consulting shop to help me tune my IDS/IPS or perhaps hiring out some security functions such as log/event analysis ala SIEM.

Everyone has different gifts/talents/abilities. Knowing yours and admitting which hats do not fit is sometimes painful but can also be a liberating experience and lead to focusing on what gets you fired up.

Sources:
- This post was inspired in part by a radio program I heard featuring Christian author/speaker Chip Ingram about doing a sober self assessment - identify your 3 greatest strengths and 3 biggest weaknesses, there was more to the talk but this to me was the crux.
- The thinking chimp photo is just something I thought about after watching a Nature episode on monkeys - did you know some monkeys have learned to lie and they also have squabbles between groups which lead to injury and death?