Showing posts from February, 2011

Ten Years After Leaving the Air Force

Ten years ago today was my last official day as an active duty officer in the United States Air Force. I left the Individual Ready Reserve in June 2002, but I don't count that extra time since I worked as a civilian full-time. I find it ironic that the "Officer In Charge" (OIC) of "Career Enhancements" signed my Honorable Discharge! Leaving the service can be quite a "career enhancement" when you want to continue defending Air Force data assets but the service feels its time to "career broaden." :) To this day I am grateful for the colleagues, training, experiences, missions, and responsibilities of my time in the Air Force. At the same time, I remain amazed that I spent almost 11 years of my life wearing the uniform. It seems so long ago now, but I am always pleased to run across people in the security and intelligence worlds who remember working with "Captain Bejtlich." I've greatly enjoyed the last ten years out of uni

Comparing Microsoft's Communication Methods

Today is Microsoft Patch Tuesday, which means if you so choose you can read posts by the Microsoft Security Response Center like February 2011 Security Bulletin Release . The advisory states "we have 12 bulletins addressing 22 vulnerabilities in Microsoft Windows, Office, Internet Explorer, and IIS (Internet Information Services). Three bulletins are rated Critical." Microsoft communicates information about these vulnerabilities using two graphics. The first is "Severity and Exploitability Index": The second is "Bulletin Deployment Priority": I'm not even going to start a discussion about why the first chart shows "risk" and then "impact" (isn't impact a component of risk?) I'm also not going to dwell about how the first column of the second chart has been "overloaded" to include only a small bit of information on the code affected, rather that prominently communicating that data in a column of its own. Instead,