Sometimes staying motivated in any particular role for a long time can be tough. In the information security world, the upsides include proactive customers that take protecting their company values, mission and intellectual property (shareholder value) seriously. The downside includes prospects that are completely clueless about the risks they face. Some very wise investors whos advice I follow say when evaluating a company to invest in, there are four M’s that potential shareholders should pay attention to: Meaning, Management, Moat, and Margin. The company has to do something that resonates with you, they need to have skilled management that has shareholder value in mind (they aren’t traitors that spend shareholder owned money for their own luxury or enrichment), they need to have some inherent competitive differentiator, and finally they need to have a current valuation that gives prospective shareholders a return on their investment.

Equally, to stay motivated in a role, individuals need a sense of accomplishment. Paul G gave a great synopsis of this by condensing it down to four key attributes that any role has to have to provide an individual with the motivation to do great things: Compensation, Purpose, Autonomy, and Mastery. It’s been proven that money is not an effective motivator by itself .. an example being the difference between a cash payout versus some meaningful memory.  If an individual receives $5,000 in bonus money, although it’s appreciated and goes to some purpose, three months later, it’s difficult to recall exactly what that money was spent on.  Where that same individual receives an equivilent value item (prehaps a mountain bike or a trip to a vacation spot), three months later, the reward is still very tangible. Purpose, autonomy and mastery are all needed to give an individual the tools and space to make a tangible difference, where it may be difficult, if not impossible, for them to make a lasting difference without all three attributes.

The parallel between these two sets of concepts is clear: a company needs individuals that are motivated to be the best at what they do and compete for the win better than our competitors.  Individuals need a company that will not only provide these motivational tools, but has the capability to do so.  For a company that is not managed well, doesn’t have a competitve offering, or is under capitalized, they won’t be able to attract and retain the best individuals that they need to win and thrive.

With any major change, such as starting another degree, changing jobs or moving cities, things can be overwhelming. It takes every ounce of strength and stick-to-it-tivness to navigate these changes and focus on the end goal.  Finding ways to motivate yourself can be challenging when faced with the overwhelming task of taking on that degree or life change. Just like strength training in any fitness program, one fantastic outcome of these challenging circumstances is the realization that we can do it .. and that new strength is our new norm.

Here’s the start of a few pics from Austin that are either Al’s or Amanda’s favs.

Texas capitol building in Austin

Austin Java

Al's fav .. Austin and Apple

Fantastic Food almost for Free

Just finished a trip to Maui and had the good fortune of diving again with the crew at Mike Severns diving. The crew this time included dive masters AJ and Warren (as usual) but I also had a chance to dive with dive master Seth too. As usual, Andy did a masterful job as the captain!

Kihei Boat Launch

Al, Seth, Dani and Andy

Two quiet days in October and the weather was fantastic. Day one I got to dive with AJ and Warren, while the second day I dove with Seth. The fact that every single time I head out with these guys, they have outstanding customer service and attitude .. and that’s not just the awesome sticky buns they consistently provide.

Day one was a great day in the Molokini crater where we saw lots of coral creatures including an extremely large lobster. The second dive at Puu O’Lai had great visibility and lots of turtles and several amazing (apparently rare) fly-bys of four Spotted Eagle Rays.

Spotted Eagle Rays

Bubbles off back wall of Molokini

Day two we hit the back wall of the Molokini Crater with the (literally) breath-taking 350′ expanse of coral and creatures. Dive two on the second day was at Wailea Point with more very friendly turtles.

Thanks again guys – hopefully we’ll see you in another year.

Few human made disasters in recent history have had a larger impact on the United States, North America, and in fact the western world than the attacks on the World Trade tower buildings. I encourage my friends and acquaintances to visit the 9/11 Tribute Movement website and pledge their memorial activity.

Remembrance of those who lost their lives and those who gave their lives in the line of duty is an important act that we all should honor.

 We will be doing our most difficult cross country mountain bike ride and will give a minute of silence at the top in honor of those who lost their lives as well as in support of the survivors.

Visit www.911day.org and tell the nation what you’ll be doing on 9/11/11.

Update: At 6,398′ on Moose Mountain, we gave a moment of silence.

You’ve just taken over as an information security director, manager, or architect at an organization. Either this is a new organization that has never had this role before or your predecessor has moved on for some reason. Now what? The following outlines steps that have been shown to be effective (also based on what’s been ineffective) getting traction and generating results within the first three months. Once some small successes are under your belt, you can grow the momentum to help the business grow faster or reduce the risk to their success (or both).

Now what do we do?

Apply a tried and true multi phase approach .. assess current state, determine desired target state, perform a gap analysis, implement improvements based on priority. Basically we need to establish current state, determine what future state should be, and use the gap analysis as the deliverables of the IT security program. There may be many trade-offs that are made due to limiters like political challenges, funding constraints and difficulty in changing corporate culture. The plan you build with the business gives you the ammunition needed to persuade all your stakeholders of the value in the changes you’ll be proposing.

1. Understand the Current Environment

For a manager or enterprise architect to determine where to start, a current state must be known. This is basically an inventory of what IT security controls, people and processes are in place. This inventory is used to determine what immediately known risks and gaps from relevant security control frameworks exist. The known risks and gaps gives us a starting point to understand where impacts on the business may originate from.

Take the opportunity to socialize foundational security concepts with your new business owners and solicit their input. What are the security related concerns they have? If there has been any articulation of Strengths, Weaknesses, Opportunities, and Threats (SWOT), obtaining that review can also give you an idea of weaknesses or threats that are indicative of missing controls. In the discussions with your new constituents, talk to the infrastructure managers and ask them what security related concerns keep them awake at night – there is likely some awareness but they don’t know how to move forward. Keep in mind most organizations will want a pragmatic approach versus an ivory tower perfect target state.

Some simple questions can quickly give you a picture of the state of security controls. For example, in organizations I’ve worked with, the network administrators could not provide me a complete “layer three” diagram – a diagram that shows all the network segments and how they hang together. It wasn’t that they didn’t want to, the diagrams simply didn’t exist. With over 1,500 network nodes over two data centers and two office complexes, the network group had the topology and configuration “in their heads”. Obvious weaknesses and threats include prevention of succession planning or disaster recovery, poor security transparency, and making nearly any change to the environment higher risk than necessary.

Read the rest of this entry »

<Updated Aug 18, 2011 after a successful PVR rollout>

Technology has evolved since the last MythTV PVR I built, as chronicled here.  Here’s the latest techniques and tech that I’ve used to (start) build(ing) my current PVR. I’ll update this article as I go, as there’s been some bumps along the way, so completion of the project has been slower than I anticipated.

Requirements for my new PVR include:

• Linux operating system for cost and flexibility reasons
• Quiet! Fan-less operation if at all possible, external power supply ok
• Small form factor, black case to fit in with my current home theater gear
• Video capture with MPEG-2 hardware acceleration to help keep the CPU needed as small as possible, in an expansion card format for the most compact physical footprint .. additionally there must be at least two independent tuners
• Analog tuners, but would be good if they were capable of digital for when I eventually move to digital/HD
• IR receiver and transmitter capability for easy remote control and ability of the PVR to use my current set-top box as a source (gives me all the cable company movies and channels that are not available via the basic cable connection
• Ability to schedule at least 10 shows and retain 5 episodes of each show .. also ability to schedule based on show name alone
• Ability to perform post-recording processing, such as removing commercials or changing formats
• Should be able to use a pre-packaged distribution for most if not all of the functions .. I know it’s a home-brew, but I’m tired of messing with individual packages, firmware, and custom codes to make it work. Using a distribution package makes it easier to maintain through updates.
• Want to purchase the parts from the same supplier if possible (ended up using newegg.ca)

Since I already run MythTV, it was an obvious starting point and given I don’t have an affinity to a specific Linux distribution, I looked at Mythbuntu and Mythdora since I’m familiar with and already run both Ubuntu and Fedora distributions.

After downloading the Mythbuntu 10.10 ISO disk image, I discovered I didn’t have my USB DVD drive, so I wanted to create a bootable USB flash disk.  I followed the excellent instructions at https://help.ubuntu.com/community/Installation/FromUSBStick and successfully burned a bootable Mythbuntu disk on a 2GB USB flash disk via a Ubuntu VM running on my MacBook Pro.

Read the rest of this entry »