Tag Archives: clo

Dedication .. in your pursuits and profession

What is dedication… how do you define it? How are you better for it?

To often people try to raise dedication to a level that seems impossible to achieve, but that is not necessary. Dedication to your passions, pursuits, and life are simple enough. Dedication should not have soft edges, but should happen at intervals.

I find that dedication to training for instance can be achieved when rest days, variety in events, and fun are brought into a sometimes realistically “boring” or mundane and repetitive set of activities. For instance when pursuing Ironman Events the training typically involves 6-8 months of training 16 hours of a week across each skill. Needless to say this can lead to a bit of mental fatigue, but adding short / fun swim, run, and rides can provide the sufficient gap necessary to allow for dedication to continue with stronger mental stamina to raise to the next level.

This concept of interval training is well tested in physical athletes, and I have sought to apply it in my life generally.

Consider how you would apply it in the following areas:

  1. Making moments in your life beautiful
  2. Living life (feeling like you are in a rut and there is nothing new/exciting?) > seek out new adventure! (I recently, thanks to the Olympics) have been re-introduced to my love for ice skating, and gymnastics thanks to my daughter)
  3. Work – variety is the spice of life, inject hands on hard core with cerebral program and management functions (don't lose touch of how the tire meets the road or you'll either lose the rhythm of the industry or have unrealistic expectations across your teams and business.. pretty simple)

How does this relate to business.. well the same as it does for our personal ventures, since the personal venture and dedication of our people is what makes up our business. Without these fundamental pieces there is no business that can succeed.

Information Security, like other fields, requires this type of dedication given the sheer complexity and dependency placed upon these efforts by the individuals behind them. I would challenge you to answer the above questions for yourself personally, and then consider how they apply to your sphere of influence. When you are satisfied, seek out your colleagues and team members .. are they, and if not how can you help them move forward?

Sometimes the most technical aspect of our field of business, technology, and information security is the people themselves.

Best,

James

 

Industrial Control Systems – the new security frontier, a call for Org change

Screen Shot 2012-12-28 at 10.42.40 AM

A quote similar stated that SCADA and basically systems controlling physical machines is the new attack surface.  It struck me as obvious and non-obvious upon reflection.  The security of these systems tends to be Facilities and not under the scope of concern of most CISO and certainly not the CIO.  That is unless the organization is structured where such operating roles are under the General Legal Counsel or the COO.  The structure of the organization as it relates to operational integrity, competitiveness, and ultimately compliance – security depends upon the organizational structures being adapted to the technology age. To often we forget the value of organizational strategy shifts, and this is one that will be necessary and provide valuable returns.

How can this trickle into the tactical operations of the business?

Consider this single example?

  • What controls do you have on checking the version of the HVAC units (software version) powering your data center and or corporate offices?
  • Is there a security control in place to have it; be sure it can handle the load, and testing to ensure it works?  I imagine yes to all 3, as these are ABC of operations

However ….

  • What is the version of the HVAC PLC / SCADA element that is being utilized by the vendor and monitoring teams that is accessible remotely?
  • When audits occur, do they check to be sure the device isn’t the Siemens or other manufacturer that was just highlighted at Defcon or on the news?

If this is the new frontier, we need to start structuring organizations in a manner that are designed to care for these considerations to allow for business to be agile and competitive.

Thoughts (a bit of latitude on the above terminology is requested, given I am simplifying the example to avoid to much technical specification and confusion)?

James