Skip to main content
  1. Tags/

general advice

2017


Takeaways from Bruce Schneier’s talk: “Security and Privacy in a Hyper-connected World”

·840 words·4 mins

IBM Interconnect 2017 Bruce SchneierBruce Schneier is one of my favorite speakers when it comes to the topic of all things security. His talk from IBM Interconnect 2017, “Security and Privacy in a Hyper-connected World”1, covered a wide range of security concerns.

There were plenty of great quotes from the talk (scroll to the end for those) and I will summarize the main takeaways in this post.

People, process, and technology #

Bruce hits this topic a lot and for good reason: a weak link in any of the three could lead to a breach and a loss of data. He talked about the concept of security as a product and a process. Security is part of every product we consume. Whether it’s the safety of the food that makes it into our homes or the new internet-connected thermostat on the wall, security is part of the product.

The companies that sell these products have a wide variety of strategies for managing security issues. Vulnerabilities in an internet-connected teapot are not worth much since there isn’t a lot of value there. It’s probably safe to assume that a teapot will have many more vulnerabilities than your average Apple or Android mobile device. Vulnerabilities in those devices are extremely valuable because the data we carry on those devices is valuable.

Certainty vs. uncertainty #

The talk moved into incident response and how to be successful when the worst happens. Automation only works when there’s a high degree of certainty in the situation. If there are variables that can be plugged into an algorithm and a result comes out the other end, automation is fantastic.

Bruce recommended using orchestration when tackling uncertain situations, such as security incident responses. Orchestration involves people following processes and using technology where it makes sense.

He talked about going through TSA checkpoints where metal detectors and x-ray scanners essentially run the show. Humans are around when these pieces of technology detect a problem. If you put a weapon into your carry on, the x-ray scanner will notify a human and that human can take an appropriate response to escalate the problem. If a regular passenger has a firearm in a carry-on bag, the police should be alerted. If an Air Marshal has one, then the situation is handled entirely differently - by a human.

One other aspect he noted was around the uncertainty surrounding our data. Our control over our data, and our control over the systems that hold our data, is decreasing. Bruce remarked that he has more control over what his laptop does than his thermostat.

OODA loop #

Bruce raised awareness around the OODA loop and its value when dealing with security incidents. Savvy readers will remember that the OODA loop was the crux of my “Be an inspiration, not an impostor” talk about impostor syndrome.

His point was that the OODA loop is a great way to structure a response during a stressful situation. When the orchestration works well, the defenders can complete an OODA loop faster than their adversaries can. When it works really well, the defenders can find ways to disrupt the adversaries’ OODA loops and thwart the attack.

2016


Fight cynicism with curiosity

·780 words·4 mins
I’m always interested to talk to college students about technology and business in general.

2015


Fedora Flock 2015: Keynote slides

·85 words·1 min
Fedora Flock 2015 is still going here in Rochester, New York, and I kicked off our second day with a keynote talk about overcoming impostor syndrome.

Book Review: Linux Kernel Development

·764 words·4 mins
I picked up a copy of Robert Love’s book, Linux Kernel Development, earlier this year and I’ve worked my way through it over the past several weeks.

2014


Evade the Breach

·831 words·4 mins
This post appeared on the Rackspace Blog last week and I copied it here so that readers of this blog will see it.

DevOps and enterprise inertia

·785 words·4 mins
As I wait in the airport to fly back home from this year’s Red Hat Summit, I’m thinking back over the many conversations I had over breakfast, over lunch, and during the events.

2013


Seriously, stop disabling SELinux

·147 words·1 min
After many discussions with fellow Linux users, I’ve come to realize that most seem to disable SELinux rather than understand why it’s denying access.

2012


Monitoring and protecting your reputation online

·706 words·4 mins
After a recent issue I had with some users in the Puppy Linux forums, I thought it might be prudent to write a post about how to monitor and protect your reputation online.

Privacy and icanhazip.com

·507 words·3 mins
A forum thread cropped in my inbox today from the Puppy Linux forums titled “Major Hayden?

Preparing for Red Hat Exams

·1011 words·5 mins
I originally wrote this post for the Rackspace Blog but I’ve posted it here just in case anyone following my blog’s feed finds it useful.

2011


Success with stress

·529 words·3 mins
This is a copy of a post I wrote for the Rackspace Talent blog.

How to survive as a technical manager

·934 words·5 mins
Anyone who says management is easy obviously hasn’t done it for very long or they’re not doing their job very well.

Strategies for storing backups

·510 words·3 mins
Although it’s not a glamorous subject for system administrators, backups are necessary for any production environment.

One RHCA exam down, five to go

·212 words·1 min
While I’m not the biggest proponent of certifications, I still think you can learn some valuable information while studying for some certification tests.

2010


Happy Thanksgiving

·131 words·1 min
For those of us in the United States, we celebrate Thanksgiving today.

2008


Small Companies: How to hire and fire a technical person

·1427 words·7 mins
DISCLAIMER: Okay, technical folks - I’m doing this as a favor to the general community of people that aren’t very technical, but they need to know some tips for ridding themselves of a technical person that is harming their business.