Showing posts from December, 2018

Notes on Self-Publishing a Book

In this post I would like to share a few thoughts on self-publishing a book , in case anyone is considering that option. As I mentioned in my post on  burnout , one of my goals was to publish a book on a subject other than cyber security. A friend from my Krav Maga school, Anna Wonsley , learned that I had  published several books , and asked if we might collaborate on a book about stretching. The timing was right, so I agreed. I published my first book with Pearson and Addison-Wesley in 2004, and my last with No Starch in 2013. 14 years is an eternity in the publishing world, and even in the last 5 years the economics and structure of book publishing have changed quite a bit. To better understand the changes, I had dinner with one of the finest technical authors around, Michael W. Lucas . We met prior to my interest in this book, because I had wondered about publishing books on my own. MWL started in traditional publishing like me, but has since become a full-time author an

Managing Burnout

This is not strictly an information security post, but the topic likely affects a decent proportion of my readership. Within the last few years I experienced a profound professional "burnout." I've privately mentioned this to colleagues in the industry, and heard similar stories or requests for advice on how to handle burnout. I want to share my story in the hopes that it helps others in the security scene, either by coping with existing burnout or preparing for a possible burnout. How did burnout manifest for me? It began with FireEye's acquisition of Mandiant, almost exactly five years ago. 2013 was a big year for Mandiant, starting with the APT1 report in early 2013 and concluding with the acquisition in December. The prospect of becoming part of a Silicon Valley software company initially seemed exciting, because we would presumably have greater resources to battle intruders. Soon, however, I found myself at odds with FireEye's culture and managerial

The Origin of the Quote "There Are Two Types of Companies"

While listening to a webcast this morning, I heard the speaker mention There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked. He credited Cisco CEO John Chambers but didn't provide any source. That didn't sound right to me. I could think of two possible antecedents. so I did some research. I confirmed my memory and would like to present what I found here. John Chambers did indeed offer the previous quote, in a January 2015 post for the World Economic Forum titled What does the Internet of Everything mean for security?  Unfortunately, neither Mr Chambers nor the person who likely wrote the article for him decided to credit the author of this quote. Before providing proper credit for this quote, we need to decide what the quote actually says. As noted in this October 2015 article by Frank Johnson titled Are there really only “two kinds of enterprises”? , there are really (at least) two versions of this quote: