Tag, I’m it

30 Dec , 2006  

Well, my good friend (though I’ll be rethinking that) Michael Farnum at An Information Security Place blog-tagged me this week. So I’ll do my best to share a few tidbits few might know about me.

  • I came to network security indirectly. I started as a software developer and dba, and thanks to client server architectures and Ethernet, I got into networking and later network security. That’s why the convergence of networking, security and software fascinates me so much – it’s a description of my career.
  • I’m a CTO but I find that while technology is important it is actually very much a secondary factor to building successful products and companies. A bit of irony; a good CTO must first be a great business person.
  • Not too long ago I personally led a product organization of over 250 bringing the first video-on-demand, home shopping, gaming and cable-modem services to market, immediately followed by building out a broadband service network with over 450 POPs in COs and colo’s.
  • I’ve been a musician since age 9, played professionally for a while, recorded a CD and now play guitar and lead a contemporary worship band. I recorded my CD with my two good friends Michael Reese and Tommy Stephenson, 1996 Los Angeles Guitar Player of the Year (+ LA studio musician), and recording and touring keyboard player for Joe Walsh (and many others), respectively.
  • My best college professor, Stan Compton, told me “everything you’ve learned in these C.S. classes will be obsolete in 24 months – I hope you’ve learned how to learn.” How true it is. My mother also has a passion for learning. Thanks to you both for those life lessons.

Okay, I’ve done my part for king and country, well blog-tagging at least. Everyone I know has probably already been tagged so I’ll leave it to others to pass it along. Isn’t it ironic that blog-tagging relies on the term “tagging”, spray painting someone else’s stuff with paint? On second thought, I guess not. 🙂 – Mitchell

EDITOR’S NOTE: I’m only adding this because it really annoys my daughter when I remind her of it. Regarding #3, I also paid my way through college as a musician. After freshman year, I told dad he didn’t need to send any more money. Between gigs and working at the music store, I covered all my school, books, living expenses, booze (oh, I already said living expenses, didn’t I) and music gear costs. The store manager always gave us $20 to buy beer for the ride home after delivering pianos too. You could drink legal when you were 19 back then. My how times have changed. My daughter is a junior in college and will be 21 in January. Now you know why I had to come back and add this note, lol. 😀

Blog, Network, Podcasts, Security

Podcast 26 – Special 2006 Bloggers’Wrap Up

30 Dec , 2006  

podcast microphoneAlan and I wrapped up this year with a very special year end podcast #26. First, Mike Rothman joined us as a special guest for the show. A number of our security blogging friends recorded and sent to us their thoughts on the most important security events of 2006. Alan, Mike and I then get to add our two cents on the subject as well.

Joining us on podcast 26 with their own recorded thoughts are:

And of course our special guest for this show Mike Rothman from Security Incite.

We owe thanks to so many people throughout the year that have joined us for the podcast. Most important are you the listeners who continue to follow our musings on happenings within network security. Thank you for a successful ’06 and here’s to a safe and secure ’07! – Mitchell

Listen to podcast #26 at


A very white Christmas

26 Dec , 2006  

snowy lamppostHo ho ho, I “ho”-pe all of you had a very merry Christmas, happy Hanukah and happy holidays this week. The big Colorado snow storm made everyone change their plans but everything worked out for us in the end. We had a joyous Christmas eve and picturesque Christmas day celebration.

My wife, kids, mom and dad, brother and sister-in-law, and sister all made it to our house safely for Christmas day festivities. We celebrated with a prime rib roast (cooked by yours truly), twice-baked potatoes loaded with goodies (prepared by my wife and daughter), yummy Caesar salad, plus cinnamon-raison bread pudding for dessert. After a well organized gift opening and gift exchange game organized by my wife, we all settled in just to enjoy the time together. The gifts were nice but the hard work put in by my wife and daughter, and the time together with the family was most special. I really had a great time.

window snow driftThe blizzard snow a few days before forced everyone to make last minute adjustments to their plans; shopping got crammed into Friday and Saturday (after all stores were closed for two days), rerouting air travel plans (DIA airport was closed for more than 48 hours), picking up stranded family at the airport, digging our my daughter’s car, ground blizzards, an inconveniently timed flat tire on Saturday, and of course the ever joyful snow shoveling of our driveway and cul-de-sac just to break a path through the snow needed to get to work and shopping.

We had 32 inches of snowfall and 4 foot drifts in our backyard (the driveway topped out at 32 inches). It was a challenge driving home but thankfully I didn’t spend long hours stuck on US 36 or in a snow drift. Thanks to the back roads (avoiding every street with an uphill slope on it) and a pioneering van I drafted behind which guided me a good part of the way home during whiteout conditions.

daughter's buried car or a Macintosh mouse - you choose

All’s well that ends well. And all of my wife’s preparations for family festivities came off flawlessly. I’m very thankful all the family was able to make it to our house for Christmas. I hope you enjoyed your Christmas holiday together as well.

P.S. They are calling for 5-15 inches of snow this Thursday and Friday. If you have a snowblower, we’re havin’ a party this weekend and you’re invited! 🙂


Riding the storm out – Winter’06

20 Dec , 2006  

Most of you have probably heard that Denver and the surrounding states are in the middle of a Christmas season blizzard. It’s 10:30pm and we’ve receive a reported 14-16″ with 35+ mph winds. The forecast is for continued snow through the night until mid-morning. The blizzard warning is scheduled to end at noon Thursday.

I thought I would share with you a few pictures from around our house in Colorado. Here is the view out our opened front door. My first thought was an image of the blizzard scene from the classic movie The Shining. You can just imagine little Doc running out to hide in the lighted hedge maze with a crazed madman not far behind. “Here’s Johnny!” Oooo. Btw, that’s my daughter’s fully buried car just left and below the bright light in the picture. We’ll be digging that out tomorrow. 🙂

06 blizzard front door

The stiff wind has created “horizontal snow”, a.k.a. blizzard conditions, and the commute home today was a tough one for so many. The 10pm news showed people sitting in their cars on the exit ramp of US 36 and 104th Ave. Our backyard opens to the north and we’ve seen quite a bit of drifting. If you can pick it out, there are two metal lawn furniture chairs buried up to the middle of their chair backs. That’s a hammock in the middle of the picture. What you can’t see is our fish pond at the bottom of the picture which is completely covered in snow.

06 blizzard backyard

I’ve always enjoyed a good snow storm. There’s something magical about snowfall. It’s especially fun to ski during a good snow storm (not that I have time to ski much anymore). Most envision snow as that light fluffy stuff but if you’ve been around the mid-west much you know what a good wind can do to create snow drifts. Seems like something as small as a tennis ball can be enough to generate a 4 foot drift under the right conditions. Here’s a picture near our front door where snow has drifted about 4 ft. plus snowfall has piled about 20″ on top of a brick wall.

06 blizzard drift

That’s what makes combining strong winds with snow so much more dangerous. Despite the inconveniences of a blizzard (one person at work reported taking 8 hours to go 10 miles on the way home), I always say a prayer that any of those trapped in the storm are safe.

A storm does bring some things back to the basics like spending time with your family. My daughter made cookies this evening and we all sat around watching tv and listened to reports of the weather and travel (or lack of it) around the Denver metro area. Even the dogs decided it’s a good evening to stay inside – not one trip to back door that wasn’t really needed and even then, the turnaround time was quick.

Wherever you are, I hope your are home safe this evening.

Podcasts, Security

Podcast #25 – Michael Farnum

19 Dec , 2006  

podcast microphoneWelcome to podcast #25! What, 25 already? Wow. Yes, it’s true.

This week Michael Farnum joins Alan and me to give us an update on his latest happenings. We discuss his transition to his new job, how he got into blogging (An Information Security Place) and got his paid gig blogging for ComputerWorld, and how he approaches the customer/vendor relationship.

The Converging MinuteIn The Converging Minute segment I discuss Cisco’s announced transition to being a software company and some of the challenges and benefits of doing so. Cisco’s even made some waves about using virtualization too.

This Week In Security Alan and I discuss the information loss of 800,000 student and faculty, Big Yellow – the worm and botnet targeted at Symantec AV products, and the future of vulnerability assessment. 

We have a special podcast planned as a 2006 "year in review" wrap up so stay tuned for our next podcast too. That will likely be posted sometime around the new year.

Thanks for listening and for reading our blogs. Our listener and readership has grown tremendously in ’06 and I appreciate everyone’s support, ideas and contributions to this online community.

As always, please send your comments, ideas and questions to

Listen to podcast #25 at


Asia gets it about open source – do vendors?

13 Dec , 2006  

Use of open source is booming in the Asian market. Evans Data Corporation announced in a study that 70 percent of software developers in Asia use open source software, with the number of developers using open source jumping up by over 40 percent in the last three years.

Dana Blankenhorn gives us a good example of where this is showing up in low end appliances, the Linksys WRT54GL (or should that be the WRT54-GPL?) which is based on a Linux OS. Most of us have known about upgrading Linksys and other appliances to non-manufacture based OSs or running Linux on these devices for some time. Frankly, many of those third-party OSs are much more stable and flexible than the manufacturer’s.

So why don’t the hardware vendor companies make it known that they use Linux on their fixed appliances? Especially when it’s very easy to figure out and tweak or replace the OS yourself? Because they have a closed platform mindset. They use open source software to enable and speed development – that part they get.

But they don’t get the whole concept that open means – open. Let users get under the hood if they want to. Let them tweak, poke, and tune to our heart’s content. That will win over customers who find open source their platform of choice. Not everyone is going to do that but many would be very excited to find a vendor that embraced such an approach.

So, keep your fingers crossed – it will happen soon enough. I don’t think we’ll have to wait too much longer.


Enough”tops in 2006″already

12 Dec , 2006  

workaholicI couldn’t subject readers to a whole ‘nother post about story ideas for “tops in 2006”. Sometimes I just can’t let things go until it’s too late.

So, I just updated my previous post. Some new ideas, some changes to existing ones. You’ll have to figure out if it was worth updating let alone worth reading it again.

Re-read my old post at your own risk.broken pencil

Fine print: same fine print applies


More”tops in 2006″event and story ideas

12 Dec , 2006  

  • you learned that “ARP twiddling” doesn’t require use of a musical instrument?
  • you were offered “one free NAC for every six switches purchased” by some blue box vendor?
  • you told your family you were traveling on business while you really waited on line outside Best Buy for 5 days?
  • you took up weight lifting to make that next blue box forklift upgrade easier?
  • you took three weeks vacation to play Playstation 3 nonstop
  • you played the Pink Floyd Pulse DVD backwards and it made the sound of your last hard drive failure?
  • you just got your first job in security and nothing we talk about on our podcast or blogs makes any sense?
  • you thought WoW (World of Warcraft) was just www misspelled?
  • you banned all use of the word “vendor”?
  • you banned all use of the term “strategic partner” from all v____r meetings?
  • you bought Better Body Piercing For Dummies after watching too many American Chopper reruns while scanning IDS logs?
  • you realized that you hate security and you’re going to look into the N.A.C. organization?
  • you beta tested the new Apple iStupid which copyrights all data on your hard drive and prevents data backup the first time it is connected?
  • you learned that “ARP twiddling” requires something called a patent?
  • you instituted new security polices to reduce the risk of WoW account thefts?
  • you played your Microsoft Vista release candidate CD backwards and it sounded like your Pink Floyd Pulse DVD. Microsoft said it would be fixed in the production release in December?
  • Microsoft announced Pink Floyd Pulse would be the first mp3’s available on the Zune?
  • you upgraded to the WoW expansion pack beta only to find your routers perpetually attempting to level before the official expansion pack release date?
  • after much research you discover that “ARP twiddling” can be accomplished using a single “twiddly-wink”, immediately rush out and patent the new innovation, and overnight corner the market by dominating Gartner’s upper right hand quadrant of the ARP Twiddling Leaders matrix?
  • you discover from a post on a hacker site that hackers have used “twiddly-winks” for years, making your “ARP twiddlying” patent unenforceable due to prior art?
  • you later trademarked ARP Twiddling&trade in case it enjoys a market resurgence?
  • you established a blog named MMORPG Security Best Practices that was really a facade to covertly debate the merits of WoW vs. EQ2?
  • you found a laser pointer that flashes the Batman signal?
  • you know plenty about security and nothing we say on our podcast or blogs makes any sense?
  • you’re not really sure who “we” is any more?

Fine print: see previous fine print.

Editor’s note: I couldn’t leave well enough alone and have been editing this stupid post ever since I first put it up. So yes, it changed since you read it in your rss reader.


What was tops in 2006 for you?

11 Dec , 2006  

father timeAs we get closer to the start of 2007, Alan and I are going to do a year end wrap up podcast on ’06.

We’d like to hear from you about what security or networking event/story during ’06 was most notable for you and why.

Was it:

  • a specific vulnerability or outbreak (or lack of one)?
  • NAC coming onto your project list?
  • figuring out that NAC doesn’t stand for North American Cannibals
  • Vista’s launch?
  • the revelation that the Vista beta had security vulnerabilities?
  • you found and then subscribed to Mitchell’s and Alan’s podcast and blogs?
  • yet another security company was ruined after getting gobbled up by some big behemoth you swore last year never to do business with again?
  • you got torched by Alan on his blog?
  • a gorilla ate your IPS?
  • you unsubscribed from our blogs and podcast?
  • the revelation that some security vulnerability management vendor was really a patching product?
  • you were happy to discover that IPS does not stand for International Prostate Surgeons
  • you were just happy not to get flamed by anybody?

Let us know. We’d love to hear from you and if we get some interesting stories and ideas we’ll be glad to share them on the podcast. Please send your ideas to

Fine print: all stories and ideas submitted cannot be returned to the original owner and become the property of our podcast. We reserve the right to claim authorship, rename characters, change story lines, cast ourselves as the heros or in the most favorable light (whichever is easier), or just make the story uninteresting and completely unrecognizable and then blame the original author. 🙂

Editors note: My Mountain Dew was working over time. Find more 2006 story ideas here.

Podcasts, Security

Podcast #24 – Amrit Williams interview part 2

11 Dec , 2006  

podcast microphoneThis week’s podcast #24 is part 2 of our interview with Amrit Williams, former Gartner analyst and current BigFix CTO. In this part of the interview Amrit talks more about what drew him to Big Fix and where he plans to direct the company. Alan and I also talk about the topic of product awards and whether they are just paid-for marketing by the vendor or legitimate, independent awards by magazines.

In The Converging Minute segment I discuss how virtualization could impact networking and security in similar ways we’ve seen VMware and Xen (open source) change the server market.

This Week In Security covers news about McAfee closing their Citadel acquisition, is the Mirage patent for ARP “twiddling” in NAC worth the paper it was filed on (you can imagine what we have to say about it), and the agent vs. agent-less NAC debate.

Thank you for continuing to listen to the podcast and thank you for all the questions, feedback and suggestions. You can reach Alan or me at

Listen to podcast #24 at