Monthly Archives: February 2012

History, Security

“Only the one who dies, truly lives”

Leave a comment

One afternoon in 1990 as I rode in a dusty, bumpy bus over the Himalayas an elderly man told me extracts from his life story. He had rented a scooter in the early 1950s and rode the 10,000 km from India to England, through the Middle East. In England he went to medical school and became a successful doctor.

I asked how he handled his fears through rough terrain and bad weather and he just smiled. “Ahhh, where you see Pakistan today and the dirt roads through Afghanistan…there was no pavement…they were like a dream. It was great to be alive,” he said as he described to me with wistful eyes how a fearless boy could make his way to anywhere in the world back then with only a small engine on two wheels.

It sounded like he was doing in his youth what he thought should come naturally to humans. Sitting next to me in the safety of a bus made him seem uncomfortable or sad; a metal cage on four wheels obviously depressed him. He brightened up again when he described plans to run up the hills to the north of Pokhara in the middle of day.

Mad dogs and Englishmen out in the midday sun” I thought to myself when I next saw him. He was covered in sweat huffing and puffing his way down from the foot of the Annapurna Mountains.

I myself had climbed with difficulty earlier that day through the cool pre-dawn darkness of thick brush and narrow dirt ledges to the Summit of Sarangkot. And I expected to face solace after overcoming my fear and obstacles to reach the top. Instead a group of children had run up ahead of me and played in the warm morning sun as if it were any street or park anywhere in the world. They laughed and yelled “Coke one dollar”. Here is the photo I took of my welcome party.

The little girl is demonstrating how to drink the bottle. Here she is again after I gave her a piggy-back ride and walked with them down to their village.

The old man’s stories, his views on risk, and life in the Himalayas came to mind recently when I saw the trailer for a new documentary called The Highest Pass.

The movie follows a modern motorcycle journey on the highest road in the world. Seven Americans with modern safety equipment and supplies, led by a Yogi named Anand Mehrotra, set out to find and face risk decisions outside their normal comfort zone — from high-altitude and steep, icy cliffs to chaotic Indian traffic.

Anand…bears the burden of a Vedic prophecy that predicts he will die in his late twenties in an accident. He is that age now, yet leads with a fearlessness and wisdom that reminds us that “Only the one who dies, truly lives.”

It looks like a movie about outsiders learning to trust insiders on new perspectives and how to manage risk.

Security

PA-DSS Program Guide v2.0

Leave a comment

The PA-DSS Program Guide v2.0 and Attestation of Validation (AOV) v2.01 have been released by the SSC with changes that impact the preparation of Reports of Validation (ROVs). Version 1.0 expires on April 1, 2012 at which point 2.0 “becomes mandatory”.

The change list shows updates in the following areas:

  • Roles and responsibilities
  • Process flow diagrams
  • Fee structure
  • Annual validation process
  • Minor change acceptance
  • Payment application types
  • Expiration cycle (3 yr)

Payment application type 06, “POS Specialized,” mentions the increasingly popular mobile apps.

Point of sale software which can be used by merchants for specialized transmission methods, such as Bluetooth, Category 1 or 2 mobile, VOIP, etc.

Food, Security

Breach Analysis: Grizzly Bear Edition

Leave a comment

The Woodland Park Zoo in Seattle last year hosted a safety demonstration called the Bear Affair and Big Howl for Wolves:

This annual event features a campground set up in our bear exhibit in the zoo’s Northern Trail. Bears are released into the campground to demonstrate the results of poorly planned campsites, plus a demonstration on how to create a bear-safe campsite and promote safe interactions between humans and bears in the wild. Plus learn about another native predator, gray wolves!

First clue that you might be in danger? You just pitched a tent inside the bear exhibit at a zoo.

Example of a “Non-Safe Campsite”:

Bear eats tent

Security

VMware PEX 2012: Security and Compliance

Leave a comment

This weekend begins the 2012 Partner Exchange (PEX) conference for VMware (Twitter hashtag #VMwarePEX). The Catalog of all sessions is available online.

VMware PEX 2012

I will be there and hope to see you. Here is a quick list of all the dedicated security and compliance presentations:

  • Ravi Kumar, Eric Horschman – (CIM1250) Selling the VMware Advantage for Business Continuity and Security
  • Rob Randell, Jeff Szastak – (CIM1248) Using vShield and vCenter Configuration Manager to Achieve Better Than Physical Security for Business Critical Applications
  • Jeremiah Cornelius, Scott Sloan – (TEX1517) Security Partner Opportunity and Enablement for Partners in the New Data Center
  • Ana Seijas – (CIM1275) Securing the Virtual Infrastructure – Preparing for the Cloud
  • Wen Yu, Simon Mijolovic – (EUC1478) Tips, tricks and lessons learned in designing a vDaaS (virtual desktop as a service) with end to end secure multi-tenancy
  • Ravi Kumar, Ibrahim Rahmani – (CIM1372) Panel Discussion – Partner’s Best practices in Selling and Delivering Virtual Security
  • George Gerchow, Davi Ottenheimer – (TEX1543) Compliance Audit Validated Industry Specific Architectures
  • Grant Suzuki – (CIM1349) VMware vShield App Security Deep Dive
  • Ben Del Vento – (CIM1409) Compliance and Security: A holistic approach from the bottom up
  • Alka Gupta – (EUC1504) VMware Horizon App Managerâ„¢ – a user-centric management service for securely accessing private and public cloud applications from inside an Enterprise
  • George Gerchow, Davi Ottenheimer – (CIM1526) Achieving a Trusted Cloud – vCM, VIN, vShield Technical Overview

And if you are attending the VMware Customer Council please consider joining our session on Sunday at 10am, where we will discuss the latest progress and development in compliance automation for virtual and cloud environments. I will be there to answer questions about SCAP and the new hardening guide for vSphere5.