RSA Through Day 4

What a week. This is the view from my chair in the lobby at the hotel Kabuki where I’m staying this week. A very nice place, by the way. I recommend it to anyone coming to San Francisco.

91k (ouch)

Blogger’s Meeting

So anyway, the 2008 RSA Blogger’s Meet-up was excellent. It was very cool finally meet all these people that I’ve been interacting with for so long. Got to shake hands and briefly mention an idea to Bruce Schneier, which was cool from a groupie/fan perspective. The idea I asked him about will be the subject of a future post.

Jeremiah Grossman

I saw Jeremiah (webappsec guru and founder of WhiteHat Security) give his CSRF talk yesterday. Highly excellent. I knew most of the stuff already but he showed some interesting examples. The best part of it was just seeing him give the talk and interact with the crowd. I got to see people go from, “what the hell is this guy talking about” all the way to, “holy crap!”. The sad part is that most people in the crowd probably thought Jeremiah just came up with this. They seemed to mostly be out of the loop.

I later saw Jeremiah roaming the expo floor and I went up and introduced myself and had a short chat about Jujutsu and a potential business opportunity. Very cool dude. Web App Security expert and he’s almost a purple belt in Jujutsu — nice combo. :) Precisely where I’m heading myself, although the webappsec stuff will come first for me by far. Anyway, the whole thing was quite cool.

Gladwell Keynote

Today I was able to see Malcolm Gladwell speak. It was quite good — even better than I expected. He spoke about concepts from his book Blink, but I wasn’t disappointed even though I’d already read that book. In fact, he talked about a concept related to Blink that I either missed when I read it or that he didn’t include in the book.

The idea is that experts’ judgement is highly fragile, and that overwhelming expertise with too much information can severely damage it — even to the point of making it non-expert, or even worse. In other words, in order to get the most benefit from an expert, one often has to remove information from their view. Too much or the wrong types of input can turn an expert into a mouthbreather.

As one would expect, I was mapping the model to my discipline of information security. What came to mind instantly was Richard Bejtlich’s NSM tenet of getting fewer information sources. The “quality” issue is a bit nebulous given the fact that certain kinds of info can cloud our ability to apply expertise, but it’s clear that we can easily approach a point of information overload. Linking this concept to the SEM space is pretty easy to do, and it’s helping me to re-think some of my ideals of a perfect SEM deployment.

And it raises questions. Should we capture everything at some point, and then only do analysis on certain kinds of events? Like only sending certain types of events to ArcSight? Only showing analysts certain kinds of events because too much information will kill their ability to provide a human benefit? And if so, what are those best types of information? Malcolm mentioned a study of the best types of information to give an ER doctor for determining whether pain was heart attack or heartburn. Surely there are similar “golden” information types for doing Security Monitoring as well.

The Knife

Finally, I bought my knife tonight. It’s a piece I’ve wanted since I learned about it and it’s a significant upgrade from my current piece. It’s a William Henry Gentac piece, with a damascus blade. Insanely beautiful. I’m selling my old one on eBay this coming week and should get a good portion of what I paid for this one back. William Henry does very well on eBay, and the fact that I didn’t pay full price for the Gentac helps a lot.

The biggest impetus for this was the fact that my current knife doesn’t have a clip on it, but rather a sheath. It’s kind of cool in a way, but it got old pretty quickly. The extra sheath piece and the lanyard are just unnecessary and kind of annoying most times — especially in dress slacks. I’ve known since I got my current one that my next knife would have the clip. I’m just glad William Henry listened and went with the clip on certain pieces. Here’s what the new one looks like:

• Blade length: 3.17″
• Overall length: 6.81″
• Frame/Bolster: Aerospace grade titanium
• Scale/inlay: Carbon fiber
• Blade: Stainless ‘Dot Matrix’ damascus – Devin Thomas
• Gemstone: Sapphire
• Carry system: Reversible titanium pocket clip – blue

This knife doesn’t upgrade. The next time I get a knife I’ll be adding to this one, not replacing it like I am now. This thing is unspeakably awesome.

Blogging

I’ve had a ton of ideas while out here at RSA. Tons of ideas for things to do on the site, and many ideas about things to write about. Just a couple examples on the former, I’m looking at redoing my CSS soon and going to a white background. I’m also looking at redesigning my logo and adding print and mobile stylesheets. I’m also going to be working with my bandwidth consumption. My site loads too slowly just because I’m not doing things very efficiently.

Anyway, lots to do and lots to think about. And once I make all my changes myself I’m going to outsource (hat tip to Tim Ferriss) the work of getting my whole site up to the new standard. Clean-up, adding the new styelsheets, etc.

Anyway, lots to do and I’m excited about it.: