Strategic Security

The folks over at CIO Magazine did an interesting article on the state of security in the enterprise. Overall, the numbers were pretty disappointing even though they don't surprise me -- a significant number of enterprises that I talk to want to have security, but they also want it in an enumerated list that can be tested with a series of check boxes. Got FIPS?

For a product manager, this is great. It means I can run down a list of certifications that I need to hit and make sure that I pass them. FIPS? Check. Common Criteria? Check. ICSA? Check. The list goes on -- but boy do they make writing product requirement documents easy. I think for my next release I'm just going to shout a bunch of RFCs and certifications across the building. Much easier than, you know, doing work and stuff.

But for a product marketing guy worried about the message he's trying to send, the fact that the enterprise hasn't figured out how to align security with their business means you're always chasing after a tight budget. Sure, security budgets are growing, but just as fast as you see head room over anti-virus, firewalls, and IDS', you've got anti-spyware, anti-malware, and personal firewalls. Endpoint security from the big guns literally require a dedicated isle at my local Fry's Electronics store. And if you haven't been to a Fry's in Silly-con Valley, let me just say that this is a store that's big enough to have a dedicated section for vacuum cleaner air filters and half an isle of various breadboards. Handy should you ever feel like hacking your vacuum cleaner.

In short, my homies over in the security department need to suit up and learn how to make a business case. The bottom line for any money spent in the company is how does this either save more money or make us more money? Nebulous fearmongering about botnets coming to take away your bandwidth
carry about as much weight as Weird Al begging you to not download this song. Until security teams succeed at aligning security needs with the business' goals, we're just not going to see security become any more important than the cost of buying a couple of licenses for anti-virus software and maybe a firewall.

Missing Things

November 3, 2006 represents my last day with Citrix/NetScaler. On one hand, I'm incredibly excited about the new opportunities that lay ahead of me. On the other hand, I'm going to miss the place that I helped build over the last 3 years.

There are of course the people that make Citrix/NetScaler up. It's rare to work with a team that works together as well as this crew does. The experience spoils you in a way -- I've focused on silly things like being a product manager instead of worrying about politics, what the other guy is doing and other such time wasting sillyness. Being a part of the machine that would rally together during escalations, big sales opportunities, and other challenges was not only a great experience, but it was fun. There's nothing quite like the high of walking into a sales call where the person on the other side of the table says "I've already made up my mind, but my boss is making me evaluate three vendors" and leaving with the same person saying "this is amazing, when are we getting the evaluation units again?" And being able to pull that off only works when you know you have a team behind you that will pull through.

What has surprised me the most is that I'm going to miss my products. Being able to point to most of the Alexa Top 100 and knowing that most of them are powered by my product written by my engineers is just plain cool. Ditto with my SSLVPN.

Corporate policy dictates that wireless access be in our DMZ. Want to go anywhere? You need to login to the SSLVPN first. Since the first week I've been here, I've made it a policy that I do all my work through the SSLVPN. I can't claim that my customers can do that if I'm not willing to. As the expression goes, eat your own dog food. So what about my SSLVPN? Well, I'm really going to miss that -- it's fast, it's sweet, it works with everything, and the test engineering box that I use for access has been the most stable remote access product I've ever used. I'm really going to miss that.

But enough with the missing things... time to start thinking forward again. Good times are ahead. :-)

My DVD Player Segfaults

Call it age, but my patience for the gizmo is starting to wane.

Not too many years ago I found a certain degree of pleasure in putting together my own PC. I could tune it to exactly what I wanted, down to the individual jumper settings on the motherboard. I mean, really, who wouldn't want to spend a Saturday afternoon futzing with BIOS settings? Good times, I tell you.

Then I started getting busy. With work. With life. With spending my Saturdays outside. If I weren't married to a fellow geek, there would have been a Dell under my desk a long time ago. No, it wouldn't have all the knobs and dials tuned exactly how I would like it AND I would have to pay more than I would have if I had bought the parts individually. But really, I was okay with that. I had my Saturdays to waste doing other things and I felt that to be a reasonable trade off.

This laziness started creeping into other aspects of my gizmo-hood. Instead of hacking together a DJ-friendly toolchain with my PC, I got equipment that did most of what I wanted out of the box. Ditto with the TiVo vs. Media-PC.

The Smarter Half, however, was not ready to give up her gizmo-hood quite so easily. The fact that she sends me daily links to interesting things on Gizmodo qualifies as the less than subtle hint with respect to where she stands on the topic. So when the DVD player started going a little freaky, she decided that a replacement appliance wasn't going to do what she deemed necessary. So now I have a DVD player that seg-faults.

Specifically, we now have a Mac-Mini under the TV. Cute machine. Looks great in the entertainment center as far as an computer "looks" go. But the thing is still a (relatively) big complex machine compared to a standalone DVD player that does nothing but play DVDs. The Mac can go into "appliance mode", but of course that eliminates a lot of the possible functionality which means The Smarter Half generally keeps it at the desktop. Now when I press "DVD" on the remote, I see a MacOS X desktop, complete with a few random files on the desktop itself. Joy.

Want to play a DVD? Well, hit the DVD button on the remote, then figure out the triple handstand magic key press with appropriate prayer to get the right screen. Once there, pray that some other aspect of the system doesn't start doing funny things that affects the playback of the video. Think I'm making a big deal of this? Well, the first DVD we played in there started stuttering... Heidi drops a root shell to the Mac in my lap and asks, "see anything wrong?" Great... can't watch a DVD without looking for rogue processes.

I'm sure I'll get used to it and eventually even grow to like some of the neat-o features. But in the meantime, I'm going to stick to being the resident Old Fart and remain angry at the fact that my DVD player can seg-fault and crash.