Alex Hutton

My 5 Things

Tue, 08 Sep 2009 17:35:00 -0400

Ed Bellis tagged me. Jerk :-)

So here goes:

1.) I spent my 1-12 years outside of Charlottesville, Virginia. And coming out here to Purcellville, I realize that I like the country.

2.) I’m a political independent. This tends to surprise people with whom I align on one or two issues and then find that I don’t tote their party line. Why am I independent? What are the chances that one parties positions on every.single.issue is correct? What are the chances that sometimes, situations dictate that our policies lean one way or the other only to be reversed when the domestic or foreign policy landscape changes? What are the chances that, really, it doesn’t matter who you vote for because there’s a non-elected bureaucratic class that actually creates the majority of public policy for their interest and the interest of longevity and power for the agency they serve?

3.) Similarly, I’m not an atheist or agnostic, but acknowledge the difference between uncertainty and doubt in belief/faith.

4.) My music collection could quite possibly be the most Caucasian 60gb you might encounter. There’s also more classical, be-bop, and latin than most people would suppose. It’s not constructed that way with intention, or to say that it’s not diverse in the genetic make-up of the artists represented, it’s just that when I think about it, the hip-hop/rap I do have is, like, 17 years old or more. Actually, while you probably didn’t know that about me, you probably could have guessed.

5.) If I had to do it all over again, I would be an architect. Or a landscape architect. In fact, I’d be very happy and content doing manual labor for a living.’

6.) There is no sixth thing.

"“Backpack, you need to know everything we’re going to need for the trip, despite my not..."

Sat, 29 Aug 2009 12:40:00 -0400

“

“Backpack, you need to know everything we’re going to need for the trip, despite my not telling you where we’re going until we’ve already left.

Boots, you’re going to do all work and never get to provide any input.

I’ll just make a list of the three problems you’re going to solve, and hire Tico the contracting squirrel to drive us around….

Then, once it’s complete, I’ll dance, take the credit, and ask each of what you liked best during the wrap-up call.”

”

- Chandler Howell on Dora The Explorer as Project Manager.

Exploration in (New) Media Center Building

Sun, 07 Jun 2009 14:16:11 -0400

So we’ll be moving to a rural area of Virginia in a couple of weeks, and as part of trying to figure out what utilities to move and when, I decided to revisit how we, as a family, will entertain ourselves. Our family of five includes my wife, myself, my two sons (age 7 & 11), & my 17 month old daughter.

Currently, we have basic cable from Time Warner, with Road Runner basic service. I have a series 2 Tivo With a DvD recorder and a Wii. I’m paying about $100 per month for cable, Internet, & TiVo.

The boys mainly want to see baseball, Star Wars clone wars, and they play Wii. My daughter couldn’t care less about TV, but loves it when we play Wii fit. My wife enjoys reality TV, mainly on CBS/NBC, but also some programming on Bravo & FoodTV. We both enjoy baseball, and I enjoy Tennis programming. We don’t really watch too many movies, and when we do, they usually are classics rather than last years releases.

There is no Cable at the new place in Virginia. But there is serious Wireless (not Satellite) Internet. Like 1.5 mbps low-latency Internet. So rather than just buy a bunhc of things that DirecTV or Dish Network was going to charge me for, I figured I’d take a look at the various new options in programming that are available.

I thought it would be great to stop using DVDs and to stream music and video and so forth all around and just generally see if I could build a new media solution that fits our basic needs, and perhaps spoils us in simplicity and even price over the long term.

Not having a need to really use this blog space for work stuff, and finding a total lack of real experience and review in all the online stuff during my research, I thought I’d make a diary of it here.

Facebook <-> Tumblr Link

Wed, 13 May 2009 18:01:54 -0400

So with me not blogging at RiskAnalys.is anymore, I thought I’d try to figure out what I should do about this website. So far, I’ve linked Tumblr (this site) to my Facebook account.

They *seem* to be serving a similar purpose. Honestly, I think I’d like an OS X app to blog more here about stuff that is more than twitter, and not risk management related.

Pair of Jacks

Thu, 30 Apr 2009 08:18:03 -0400

Pair of Jacks:

Please join me in welcoming Jack Freund as a contributor to this blog. Jack is a certified FAIR analyst and has a boatload of experience in the information security profession. Welcome Jack!

It’s a FAIR Pandemic…

Thu, 30 Apr 2009 08:18:03 -0400

It’s a FAIR Pandemic…:

RMI welcomes Jack Freund to the RiskAnalys.is blog…

Once again the 24-hour news cycle is buffeting us with “information” about the new risk that will surely end us all. I’ve received several…

Aggregate analysis (or measuring the surface area of Long Island)

Sat, 18 Apr 2009 20:03:58 -0400

Aggregate analysis (or measuring the surface area of Long Island):

One of the questions I commonly encounter is “How do you take something like FAIR and apply it to a big problem, like measuring the aggregate risk within an entire organization?” In order to keep…

Load of Tosh?

Mon, 23 Mar 2009 09:20:53 -0400

Load of Tosh?:

Long time no post… My sincere apologies, and I hope someone out there is still interested. I guess I needed a little prodding, which Stuart King so kindly provided. I’ve provided a response on…

Alex

Wed, 25 Feb 2009 07:38:51 -0500

Alex:

Those of you who are familiar with this blog probably recognize Alex Hutton as THE voice of RMI and FAIR, and for good reason. For over two years now, Alex has earned a reputation as a spirited and…

Sweet Giveaway: Personal Honey Point License

Thu, 05 Feb 2009 10:20:46 -0500

Sweet Giveaway: Personal Honey Point License:

I have Five licenses for MicroSolved’s Personal Honeypoint Honeypot product to give away. I’m using the OSX version right now at a coffee shop. From what Brent Huston tells me, you can even…

Potpurri: Ponemon, Payment Professionals, Perimeters, & Pete Lindstrom

Wed, 04 Feb 2009 15:20:00 -0500

Potpurri: Ponemon, Payment Professionals, Perimeters, & Pete Lindstrom:

Today’s blog post is a quick catch up post on several fronts.

I LIKE PROFESSIONAL ASSOCIATIONS

First, Chris Hayes, David Mortman and I had the honor of being bought dinner by Mike Dahn. …

A BRIEF ARGUMENT FOR PCI DSS (OR ALEX’S 5S’S FOR LEAN INFORMATION SECURITY MANAGEMENT)

Tue, 27 Jan 2009 10:04:12 -0500

A BRIEF ARGUMENT FOR PCI DSS (OR ALEX’S 5S’S FOR LEAN INFORMATION SECURITY MANAGEMENT):

real quick: It might be worth noting that I wrote this the weekend before Heartland was announced.

So I was reading this excellent article on Taiichi Ohno and the Toyota Production System over…

The Source of PCI DSS “Failure”

Fri, 23 Jan 2009 12:47:49 -0500

The Source of PCI DSS “Failure”:

This is somewhat of a follow up from my post on changing our attitude towards how we might best protect consumers that use credit cards.

In FAIR, there are three types of contact that drive the…

Maturity & Measurement Redux

Wed, 21 Jan 2009 11:44:26 -0500

Maturity & Measurement Redux:

My friend Mike Rothman had some fun things to say about this post I made last year in his recent insight. Love ya Mike, but I have to respond in kind.

“I’ve used the saying, “when all you have…

Using The Compliance Stick Actually Weakens You

Thu, 15 Jan 2009 08:26:20 -0500

Using The Compliance Stick Actually Weakens You:

Anton is the “PCI Guy” (sorry, not sure of his real title) at Qualys. If you haven’t seen them yet, he’s got some pretty ranty posts about PCI up. Which are awesome. In his most recent post he…

A Couple of Links on Risk & Decision Making

Tue, 13 Jan 2009 11:03:00 -0500

A Couple of Links on Risk & Decision Making:

First, I wanted to point you over to Chris’ Risktical blog. He’ll be doing a FAIR analysis over there that looks interesting. It’s nice that Chris is dedicating his time on this, given the…

Thoughts on ISO 27005

Tue, 06 Jan 2009 13:31:25 -0500

Thoughts on ISO 27005:

First, many readers sent us the New York Times/Slashdot “Risk Management” link. Thank you!

The beginning of a reasoned response was written by Aleks on Andrew Gelman’s blog (…

Moving Towards A Mature Security Organization Using A Measured Approach to Risk Management

Mon, 22 Dec 2008 14:12:25 -0500

Moving Towards A Mature Security Organization Using A Measured Approach to Risk Management:

Over the past couple years of blogging, I’ve found that about once or twice a month I’ll write a really long blog post on a subject, only to scrap it before publication. It might be because my…

Fun From FAIR Training

Fri, 12 Dec 2008 15:06:32 -0500

Fun From FAIR Training:

Sorry for the slow week. We had two sets of training that went (we thought) really, really well.

One of the things we do is ask learners to bring in scenarios that they want to run through FAIR….

Penetration Testing Not Dead, Probably Just Pining for the Fjord

Mon, 08 Dec 2008 10:34:04 -0500

Penetration Testing Not Dead, Probably Just Pining for the Fjord:

Bill Brenner has an article in CSO magazine in which “Fortify Co-Founder and Chief Scientist Brian Chess says:

“2009 will mark the end of pen tests as we know them.”

…