Sisyphus's Stone

Monitoring ECS Scheduled Tasks

Mon, 18 Jan 2021 00:00:00 +0000

Supporting a number of $DAYJOB projects are an ever increasing number of small-to-midsize tasks performing various bits of processing. These tasks are deployed as Dockerized workloads running on AWS ECS. ECS scheduling is basic, but pretty solid and we’ve encountered few issues, but odd flukes, network outages, and random errors can occur. We needed to get visibility into whether tasks were running as scheduled and, most importantly, get alerted when tasks error. I’ve finally implemented a pattern with which I’m mostly satisfied to get that visibility without subjecting everyone to constant alerts.

Reducing Friction Between MacOS and Windows Keyboard Layouts

Sun, 03 Jan 2021 00:00:00 +0000

I’m a big fan of my daskeyboard mechanical keyboard, using the built in KVM on my monitor to switch between my MacBook and my Windows desktop throughout the day. This works smoothly apart from the loss of muscle memory for touch typing, particularly around the cmd and ctrl keys, which are switched between the two OSes. As good old ctrl+[zxcv] is a major part of the typing life cycle, this drives me bonkers when on Windows as Windows+C brings up Cortana and Windows+V brings up the multi-clipboard functionality, neither of which I use.

Freshening a Terraform Stack - Part I

Sat, 02 Jan 2021 00:00:00 +0000

I’ve recently spent some time going over the configuration of my personal infrastructure (including this blog, various bits of Lambda code, tidyrisk, and whatnot). Between all the changes in the AWS landscape, the rapid rise of GitHub Actions, alternatives to Docker Hub for public container image publishing, and HashiCorp issuing three major Terraform releases over the past 18-24 months, there was a lot of work to be done (and still more to do).

Financial Transparency, Control, and Data Science

Thu, 31 Dec 2020 00:00:00 +0000

As I close out my personal financial ledgers for the year, I once again utter curses towards my firm’s 401(k) provider. Rather than just sitting and subjecting my ever-tolerant spouse to the strange sputtering that comes from my office, I’ll strive to be a bit more productive and describe the challenges I have with Guideline and how these concepts of transparency and control apply to the data science work I perform during business hours.

Rapidly builiding an API on AWS

Wed, 30 Dec 2020 00:00:00 +0000

These last few days of 2020 (cue the chorus: “Get thee Behind Me!”) are a company-wide holiday over at the day job. While I have been trying to break some destructive workaholic patterns, I’ve allowed myself to fiddle with some cloud infrastructure efforts as a sort of methadone for what the normal work week entails. Most recently, that’s involved standing up a proof of concept API for a new data product we’ll be releasing later in the new year.

Collector Returns to CRAN

Mon, 17 Feb 2020 00:00:00 +0000

I’m pleased to report that Collector is now back on CRAN. v0.1.3 is a very minor patch release that brings compatibility (and a hard dependency) on the new syntax associated with tidyr 1.x. Life has been busy these past several months and I hadn’t worked on this code in a while. As I got back up to speed, this comment came to mind: I’ll take it as a sign of growth that practices that were once normal enough to me now sound more like dark R’Lyehian speech.

Notebooks A-Go-Go

Sun, 14 Jul 2019 00:00:00 +0000

I’ve been using RMarkdown notebooks pretty much ever since they were introduced. Being able to weave in code chunks with output and full prose, plus being able to come back to a notebook and have all the output still visible without having to rerun chunks, was a no-brainer for me. It’s been so reflexive a format for me that when I see junior analysts with a html_document output type selection I assume it’s a typo and correct them on what must surely have been an error on there part.

Scales Update

Thu, 09 Aug 2018 00:00:00 +0000

The scales package just recevied a shiny new 1.0.0 release, including some nice new scale and suffix parameters. This looks to make some of my value at risk plot easier to get look just so. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 library(scales) dollars <- sample(1:1000) * 10^6 dollar_format(scale = 1*10^-6, suffix = "M", trim = FALSE)(dollars) #> [1] "$ 614M" "$ 877M" "$ 302M" "$ 238M" "$ 862M" "$ 633M" #> [7] "$ 600M" "$ 632M" "$ 926M" "$ 678M" "$ 104M" "$ 200M" #> [13] "$ 153M" "$ 185M" "$ 124M" "$ 474M" "$ 290M" "$ 775M" #> [19] "$ 211M" "$ 280M" "$ 303M" "$ 314M" "$ 868M" "$ 16M" #> [25] "$ 546M" "$ 127M" "$ 709M" "$ 373M" "$ 747M" "$ 999M" #> [31] "$ 938M" "$ 37M" "$ 151M" "$ 665M" "$ 176M" "$ 541M" #> [37] "$ 326M" "$ 771M" "$ 358M" "$ 743M" "$ 296M" "$ 949M" #> [43] "$ 136M" "$ 906M" "$ 57M" "$ 95M" "$ 719M" "$ 666M" #> [49] "$ 765M" "$ 511M" "$ 73M" "$ 652M" "$ 338M" "$ 732M" #> [55] "$ 404M" "$ 502M" "$ 988M" "$ 380M" "$ 201M" "$ 696M" #> [61] "$ 675M" "$ 589M" "$ 352M" "$ 435M" "$ 993M" "$ 643M" #> [67] "$ 432M" "$ 787M" "$ 203M" "$ 226M" "$ 904M" "$ 779M" #> [73] "$ 405M" "$ 85M" "$ 509M" "$ 330M" "$ 740M" "$ 590M" #> [79] "$ 172M" "$ 52M" "$ 309M" "$ 831M" "$ 898M" "$ 437M" #> [85] "$ 671M" "$ 641M" "$ 687M" "$ 568M" "$ 166M" "$ 713M" #> [91] "$ 769M" "$ 424M" "$ 51M" "$ 191M" "$ 458M" "$ 711M" #> [97] "$ 219M" "$ 634M" "$ 936M" "$ 342M" "$ 860M" "$ 539M" #> [103] "$ 149M" "$ 351M" "$ 894M" "$ 947M" "$ 510M" "$ 113M" #> [109] "$ 105M" "$ 685M" "$ 25M" "$ 586M" "$ 492M" "$ 278M" #> [115] "$ 674M" "$ 440M" "$ 969M" "$ 934M" "$ 450M" "$ 607M" #> [121] "$ 801M" "$ 722M" "$ 147M" "$ 486M" "$ 406M" "$ 845M" #> [127] "$ 23M" "$ 691M" "$ 922M" "$ 832M" "$ 227M" "$ 398M" #> [133] "$ 547M" "$ 772M" "$ 348M" "$ 101M" "$ 374M" "$ 750M" #> [139] "$ 545M" "$ 690M" "$ 304M" "$ 257M" "$ 499M" "$ 827M" #> [145] "$ 242M" "$ 773M" "$ 269M" "$ 63M" "$ 206M" "$ 793M" #> [151] "$ 924M" "$ 911M" "$ 31M" "$ 86M" "$ 3M" "$ 835M" #> [157] "$ 640M" "$ 258M" "$ 609M" "$ 628M" "$ 602M" "$ 730M" #> [163] "$ 443M" "$ 727M" "$ 316M" "$ 651M" "$ 578M" "$ 616M" #> [169] "$ 80M" "$ 861M" "$ 523M" "$ 318M" "$ 512M" "$ 100M" #> [175] "$ 93M" "$ 252M" "$ 821M" "$ 322M" "$ 299M" "$ 313M" #> [181] "$ 129M" "$ 948M" "$1,000M" "$ 521M" "$ 187M" "$ 17M" #> [187] "$ 2M" "$ 682M" "$ 205M" "$ 995M" "$ 597M" "$ 908M" #> [193] "$ 494M" "$ 479M" "$ 467M" "$ 123M" "$ 943M" "$ 115M" #> [199] "$ 356M" "$ 41M" "$ 670M" "$ 429M" "$ 70M" "$ 667M" #> [205] "$ 971M" "$ 59M" "$ 841M" "$ 24M" "$ 960M" "$ 997M" #> [211] "$ 761M" "$ 239M" "$ 956M" "$ 295M" "$ 605M" "$ 439M" #> [217] "$ 979M" "$ 715M" "$ 163M" "$ 189M" "$ 382M" "$ 869M" #> [223] "$ 596M" "$ 229M" "$ 844M" "$ 119M" "$ 990M" "$ 863M" #> [229] "$ 638M" "$ 506M" "$ 564M" "$ 27M" "$ 940M" "$ 817M" #> [235] "$ 158M" "$ 46M" "$ 422M" "$ 648M" "$ 294M" "$ 283M" #> [241] "$ 334M" "$ 71M" "$ 660M" "$ 688M" "$ 272M" "$ 337M" #> [247] "$ 122M" "$ 929M" "$ 36M" "$ 310M" "$ 859M" "$ 199M" #> [253] "$ 250M" "$ 216M" "$ 550M" "$ 109M" "$ 809M" "$ 824M" #> [259] "$ 538M" "$ 629M" "$ 416M" "$ 912M" "$ 989M" "$ 392M" #> [265] "$ 477M" "$ 915M" "$ 637M" "$ 221M" "$ 806M" "$ 395M" #> [271] "$ 90M" "$ 536M" "$ 20M" "$ 328M" "$ 174M" "$ 774M" #> [277] "$ 575M" "$ 843M" "$ 963M" "$ 99M" "$ 593M" "$ 365M" #> [283] "$ 504M" "$ 712M" "$ 483M" "$ 165M" "$ 919M" "$ 60M" #> [289] "$ 918M" "$ 780M" "$ 18M" "$ 15M" "$ 347M" "$ 973M" #> [295] "$ 45M" "$ 357M" "$ 615M" "$ 783M" "$ 673M" "$ 171M" #> [301] "$ 433M" "$ 76M" "$ 267M" "$ 284M" "$ 692M" "$ 842M" #> [307] "$ 276M" "$ 106M" "$ 992M" "$ 234M" "$ 58M" "$ 994M" #> [313] "$ 752M" "$ 751M" "$ 13M" "$ 618M" "$ 385M" "$ 781M" #> [319] "$ 519M" "$ 273M" "$ 259M" "$ 157M" "$ 270M" "$ 480M" #> [325] "$ 742M" "$ 275M" "$ 650M" "$ 120M" "$ 181M" "$ 53M" #> [331] "$ 729M" "$ 529M" "$ 350M" "$ 895M" "$ 768M" "$ 896M" #> [337] "$ 175M" "$ 950M" "$ 867M" "$ 720M" "$ 551M" "$ 795M" #> [343] "$ 10M" "$ 372M" "$ 975M" "$ 271M" "$ 110M" "$ 880M" #> [349] "$ 468M" "$ 813M" "$ 503M" "$ 262M" "$ 478M" "$ 710M" #> [355] "$ 802M" "$ 554M" "$ 279M" "$ 714M" "$ 778M" "$ 892M" #> [361] "$ 493M" "$ 897M" "$ 815M" "$ 825M" "$ 812M" "$ 268M" #> [367] "$ 150M" "$ 125M" "$ 126M" "$ 69M" "$ 194M" "$ 884M" #> [373] "$ 476M" "$ 917M" "$ 776M" "$ 823M" "$ 668M" "$ 237M" #> [379] "$ 857M" "$ 525M" "$ 501M" "$ 345M" "$ 508M" "$ 329M" #> [385] "$ 49M" "$ 627M" "$ 430M" "$ 620M" "$ 657M" "$ 400M" #> [391] "$ 953M" "$ 782M" "$ 598M" "$ 982M" "$ 724M" "$ 631M" #> [397] "$ 907M" "$ 573M" "$ 34M" "$ 138M" "$ 274M" "$ 563M" #> [403] "$ 537M" "$ 686M" "$ 130M" "$ 462M" "$ 193M" "$ 939M" #> [409] "$ 87M" "$ 132M" "$ 442M" "$ 808M" "$ 927M" "$ 876M" #> [415] "$ 121M" "$ 955M" "$ 454M" "$ 141M" "$ 1M" "$ 798M" #> [421] "$ 900M" "$ 491M" "$ 734M" "$ 807M" "$ 81M" "$ 333M" #> [427] "$ 152M" "$ 484M" "$ 264M" "$ 186M" "$ 873M" "$ 66M" #> [433] "$ 964M" "$ 42M" "$ 677M" "$ 473M" "$ 434M" "$ 460M" #> [439] "$ 636M" "$ 571M" "$ 88M" "$ 340M" "$ 558M" "$ 332M" #> [445] "$ 108M" "$ 584M" "$ 285M" "$ 394M" "$ 937M" "$ 243M" #> [451] "$ 595M" "$ 820M" "$ 716M" "$ 577M" "$ 387M" "$ 656M" #> [457] "$ 976M" "$ 967M" "$ 29M" "$ 179M" "$ 446M" "$ 791M" #> [463] "$ 79M" "$ 839M" "$ 800M" "$ 495M" "$ 488M" "$ 728M" #> [469] "$ 570M" "$ 518M" "$ 757M" "$ 319M" "$ 858M" "$ 561M" #> [475] "$ 786M" "$ 195M" "$ 738M" "$ 635M" "$ 244M" "$ 230M" #> [481] "$ 875M" "$ 366M" "$ 197M" "$ 543M" "$ 587M" "$ 482M" #> [487] "$ 942M" "$ 930M" "$ 370M" "$ 413M" "$ 445M" "$ 288M" #> [493] "$ 684M" "$ 925M" "$ 836M" "$ 610M" "$ 253M" "$ 777M" #> [499] "$ 534M" "$ 360M" "$ 148M" "$ 287M" "$ 423M" "$ 941M" #> [505] "$ 856M" "$ 173M" "$ 293M" "$ 155M" "$ 951M" "$ 533M" #> [511] "$ 799M" "$ 944M" "$ 893M" "$ 837M" "$ 902M" "$ 569M" #> [517] "$ 737M" "$ 872M" "$ 465M" "$ 624M" "$ 222M" "$ 746M" #> [523] "$ 794M" "$ 112M" "$ 361M" "$ 426M" "$ 945M" "$ 254M" #> [529] "$ 32M" "$ 177M" "$ 485M" "$ 410M" "$ 346M" "$ 449M" #> [535] "$ 245M" "$ 14M" "$ 723M" "$ 726M" "$ 580M" "$ 214M" #> [541] "$ 47M" "$ 21M" "$ 289M" "$ 320M" "$ 606M" "$ 317M" #> [547] "$ 461M" "$ 748M" "$ 810M" "$ 475M" "$ 959M" "$ 532M" #> [553] "$ 984M" "$ 920M" "$ 38M" "$ 471M" "$ 292M" "$ 489M" #> [559] "$ 647M" "$ 881M" "$ 555M" "$ 414M" "$ 594M" "$ 19M" #> [565] "$ 672M" "$ 646M" "$ 622M" "$ 718M" "$ 388M" "$ 664M" #> [571] "$ 50M" "$ 144M" "$ 98M" "$ 923M" "$ 97M" "$ 745M" #> [577] "$ 247M" "$ 324M" "$ 415M" "$ 7M" "$ 626M" "$ 107M" #> [583] "$ 496M" "$ 852M" "$ 251M" "$ 35M" "$ 256M" "$ 909M" #> [589] "$ 78M" "$ 383M" "$ 190M" "$ 681M" "$ 790M" "$ 402M" #> [595] "$ 210M" "$ 419M" "$ 6M" "$ 223M" "$ 96M" "$ 974M" #> [601] "$ 263M" "$ 962M" "$ 224M" "$ 549M" "$ 339M" "$ 364M" #> [607] "$ 137M" "$ 369M" "$ 736M" "$ 232M" "$ 754M" "$ 565M" #> [613] "$ 386M" "$ 913M" "$ 889M" "$ 513M" "$ 215M" "$ 231M" #> [619] "$ 135M" "$ 418M" "$ 697M" "$ 744M" "$ 639M" "$ 689M" #> [625] "$ 669M" "$ 9M" "$ 412M" "$ 766M" "$ 830M" "$ 958M" #> [631] "$ 706M" "$ 933M" "$ 89M" "$ 421M" "$ 487M" "$ 401M" #> [637] "$ 391M" "$ 72M" "$ 91M" "$ 300M" "$ 725M" "$ 235M" #> [643] "$ 784M" "$ 28M" "$ 970M" "$ 871M" "$ 323M" "$ 39M" #> [649] "$ 981M" "$ 585M" "$ 770M" "$ 498M" "$ 928M" "$ 241M" #> [655] "$ 213M" "$ 932M" "$ 818M" "$ 343M" "$ 901M" "$ 131M" #> [661] "$ 535M" "$ 459M" "$ 431M" "$ 957M" "$ 363M" "$ 707M" #> [667] "$ 305M" "$ 167M" "$ 588M" "$ 965M" "$ 621M" "$ 128M" #> [673] "$ 169M" "$ 698M" "$ 946M" "$ 572M" "$ 788M" "$ 591M" #> [679] "$ 552M" "$ 642M" "$ 914M" "$ 306M" "$ 680M" "$ 507M" #> [685] "$ 617M" "$ 655M" "$ 44M" "$ 767M" "$ 601M" "$ 804M" #> [691] "$ 408M" "$ 833M" "$ 298M" "$ 240M" "$ 457M" "$ 182M" #> [697] "$ 94M" "$ 608M" "$ 43M" "$ 447M" "$ 524M" "$ 679M" #> [703] "$ 661M" "$ 699M" "$ 700M" "$ 567M" "$ 520M" "$ 759M" #> [709] "$ 312M" "$ 531M" "$ 604M" "$ 755M" "$ 381M" "$ 998M" #> [715] "$ 403M" "$ 142M" "$ 30M" "$ 885M" "$ 134M" "$ 183M" #> [721] "$ 721M" "$ 469M" "$ 931M" "$ 704M" "$ 67M" "$ 870M" #> [727] "$ 653M" "$ 11M" "$ 233M" "$ 390M" "$ 654M" "$ 644M" #> [733] "$ 40M" "$ 500M" "$ 760M" "$ 389M" "$ 792M" "$ 228M" #> [739] "$ 522M" "$ 847M" "$ 217M" "$ 853M" "$ 384M" "$ 255M" #> [745] "$ 417M" "$ 466M" "$ 204M" "$ 61M" "$ 286M" "$ 307M" #> [751] "$ 248M" "$ 717M" "$ 117M" "$ 260M" "$ 140M" "$ 763M" #> [757] "$ 811M" "$ 822M" "$ 849M" "$ 987M" "$ 581M" "$ 396M" #> [763] "$ 441M" "$ 966M" "$ 983M" "$ 376M" "$ 542M" "$ 160M" #> [769] "$ 266M" "$ 170M" "$ 354M" "$ 828M" "$ 291M" "$ 603M" #> [775] "$ 311M" "$ 22M" "$ 208M" "$ 566M" "$ 368M" "$ 659M" #> [781] "$ 225M" "$ 865M" "$ 557M" "$ 544M" "$ 797M" "$ 481M" #> [787] "$ 154M" "$ 899M" "$ 562M" "$ 623M" "$ 662M" "$ 335M" #> [793] "$ 5M" "$ 695M" "$ 977M" "$ 349M" "$ 448M" "$ 741M" #> [799] "$ 890M" "$ 762M" "$ 367M" "$ 359M" "$ 56M" "$ 694M" #> [805] "$ 579M" "$ 625M" "$ 527M" "$ 916M" "$ 829M" "$ 62M" #> [811] "$ 407M" "$ 702M" "$ 249M" "$ 156M" "$ 8M" "$ 436M" #> [817] "$ 516M" "$ 444M" "$ 764M" "$ 315M" "$ 819M" "$ 991M" #> [823] "$ 612M" "$ 497M" "$ 980M" "$ 355M" "$ 301M" "$ 362M" #> [829] "$ 903M" "$ 882M" "$ 161M" "$ 198M" "$ 515M" "$ 379M" #> [835] "$ 420M" "$ 972M" "$ 336M" "$ 464M" "$ 582M" "$ 12M" #> [841] "$ 851M" "$ 840M" "$ 246M" "$ 159M" "$ 528M" "$ 180M" #> [847] "$ 33M" "$ 613M" "$ 102M" "$ 103M" "$ 996M" "$ 111M" #> [853] "$ 116M" "$ 611M" "$ 731M" "$ 854M" "$ 676M" "$ 164M" #> [859] "$ 428M" "$ 526M" "$ 630M" "$ 162M" "$ 26M" "$ 393M" #> [865] "$ 888M" "$ 409M" "$ 192M" "$ 846M" "$ 891M" "$ 905M" #> [871] "$ 708M" "$ 282M" "$ 202M" "$ 883M" "$ 649M" "$ 855M" #> [877] "$ 834M" "$ 54M" "$ 758M" "$ 92M" "$ 438M" "$ 935M" #> [883] "$ 344M" "$ 118M" "$ 472M" "$ 756M" "$ 826M" "$ 207M" #> [889] "$ 4M" "$ 470M" "$ 514M" "$ 83M" "$ 559M" "$ 178M" #> [895] "$ 592M" "$ 143M" "$ 663M" "$ 168M" "$ 341M" "$ 139M" #> [901] "$ 331M" "$ 735M" "$ 463M" "$ 145M" "$ 236M" "$ 455M" #> [907] "$ 805M" "$ 378M" "$ 82M" "$ 209M" "$ 878M" "$ 540M" #> [913] "$ 64M" "$ 576M" "$ 693M" "$ 921M" "$ 879M" "$ 490M" #> [919] "$ 74M" "$ 399M" "$ 133M" "$ 48M" "$ 658M" "$ 114M" #> [925] "$ 146M" "$ 556M" "$ 701M" "$ 452M" "$ 281M" "$ 874M" #> [931] "$ 411M" "$ 84M" "$ 850M" "$ 261M" "$ 530M" "$ 321M" #> [937] "$ 816M" "$ 645M" "$ 910M" "$ 212M" "$ 978M" "$ 77M" #> [943] "$ 453M" "$ 739M" "$ 553M" "$ 308M" "$ 277M" "$ 327M" #> [949] "$ 55M" "$ 954M" "$ 560M" "$ 325M" "$ 619M" "$ 68M" #> [955] "$ 397M" "$ 297M" "$ 733M" "$ 785M" "$ 425M" "$ 985M" #> [961] "$ 952M" "$ 353M" "$ 864M" "$ 427M" "$ 196M" "$ 986M" #> [967] "$ 574M" "$ 75M" "$ 703M" "$ 749M" "$ 814M" "$ 753M" #> [973] "$ 65M" "$ 184M" "$ 838M" "$ 517M" "$ 887M" "$ 188M" #> [979] "$ 451M" "$ 683M" "$ 505M" "$ 789M" "$ 803M" "$ 961M" #> [985] "$ 220M" "$ 599M" "$ 886M" "$ 968M" "$ 848M" "$ 705M" #> [991] "$ 375M" "$ 377M" "$ 796M" "$ 218M" "$ 548M" "$ 456M" #> [997] "$ 583M" "$ 265M" "$ 866M" "$ 371M" Created on 2018-08-09 by the reprex package (v0.

Evaluator MLA Now on CRAN

Mon, 16 Apr 2018 10:27:45 -0700

It’s been a quiet week here at Lake Woebegone…wait, that’s not right. While outward signs may have been quiet, there are many goings on up in here the data-fueled republic of Cascadia. Not the least of which is the release of Evaluator V0.2.3 to CRAN. This version contains a large number of changes and improvements since the v0.1.x series. Apart from a whole new test infrastructure and many many code improvements as a result of said testing, this is the official release of the Multi-Level Analysis (MLA) functionality that has been under development for the past several months.

Evaluator v0.1.1 Update

Tue, 21 Nov 2017 11:54:00 -0800

Yesterday Evaluator v0.1.1 was released to CRAN. This is a minor update to this OpenFAIR-based toolkit for quantitative risk management. Highlights among the 45 commits since the last CRAN release include: A major rework of all of the vignettes, making it much easier to get started! Improved dependency management Reduced the number of packages needed at install time Better prompting on all optional packages when running the optional reports Renamed summarize_all to the more descriptive summarize_to_disk

Quick Update - Getting Pushy with Pushover

Wed, 12 Apr 2017 07:00:00 -0700

My Zillow estimate tracking process has been ticking along in the background, but checking email for a possible update (remembering that notices only come when a change in home valuation occurs) gets a little obsessive. Since this topic has been front of mind recently, I wanted to find a way to get a more aggressive push notification on any changes. I’ve had Brian Connelly’s nifty blog post on pushoverr in my review queue for a while, so I thought I’d give Pushovera try.

My Personal Web Privacy Choices

Mon, 10 Apr 2017 07:00:00 -0700

The recent article by Brian Krebs on using VPNs for securing personal internet traffic comes on the heels of fresh and continued government action to strip individual privacy rights and further corporate profit interests. I’ve switched over to using a VPN service almost full time. There are a number of guides on how to increase your personal privacy and I encourage all readers to survey these how to documents as even technical savvy folks can use a refresher on the current options and threat models.

Managing Windows Workstations with Chef and Chocolatey

Fri, 07 Apr 2017 07:00:00 -0700

Early this year I had an “opportunity” to replace my desktop mini-tower (bonus tip - making unauthorized heat spreader modifications to SDRAM chips can lead to instability and eventual system failures). I was very much not looking forward to the click-click-next-accept-click-fest that typically comes with re-installing a bunch of client applications and the resulting system reconfiguration. This seemed like the time to bite the bullet and try that most challenging of tasks - configuration management for a Windows workstation.

Automating Home Valuation Tracking with AWS Lambda

Thu, 06 Apr 2017 09:08:00 -0700

Part of my monthly financial reconciliation involves pulling down the latest sale and rental valuation estimates of my house from Zillow. Living in one of the more dynamic real estate markets in the US means there’s change in these estimates on a frequent basis. I’ve evolved this process slowly over time to be easier to use and more data rich. What first started out as a manual lookup on the Zillow site along with some stare-and-compare summaries became a PowerShell cmdlet using the Zillow API to grab all the relevant numbers and neatly format them.

Data Science Finger Painting

Sat, 01 Apr 2017 08:04:00 -0700

Last night I attended the kick off for the Seattle Data for Democracy hackathon. With the proliferation of terrific open data sources such as the Seattle Open Data site, I was looking forward to meeting fellow politically-enthused data practitioners. The chance to employ data-driven exploration, analysis, and communication at a larger scale than my own one-off projects is exciting. Unfortunately, what I experienced were well-intentioned folks falling into the trap of Morozov’s technological solutionism and had to pull the eject lever once my fears were confirmed.

Friday Night Grab Bag

Fri, 06 Jan 2017 19:58:00 -0800

A few bits and bobs this evening. The structure of putting out a post each night is good practice, but a bit exhausting. With just a bit of luck I should be able to devote some time this weekend to get back to more developed topics. For now, some links and thoughts that have been tumbling through my head. YubiKey for Windows Hello I’m a bit late to the YubiKey party.

Language - Someone Set Us Up the F Bomb

Thu, 05 Jan 2017 21:18:00 -0800

Today I dropped in and out of a Slack conversation that was chewing over the use of expletives in professional language, particularly in the infosec community. The conversation went along what are now predictable paths, with some arguing that being offended by strong language showed an overly sensitive disposition. I, along with several others, took an alternative stance that while you may choose (or feel forced to) use expletives in a professional setting, that inability/unwillingnes to avoid words that some find objectionable means that your message will not be heard by some.

Sympathy for the Enterprise

Wed, 04 Jan 2017 20:26:00 -0800

I started off the new year engaged on a project to assist a cloud-oriented service provider with some risk analysis, with a large side of compliance obligations. Going over this organization’s environment and looking at the substantial efforts they had already made, I was struck with just how different enterprises are in terms of their compliance challenges. While many software-developing companies and cloud-based organizations have to contend with managing a sprawl of micro-services, dissolved network boundaries that would strike fear into an on-premise firewall engineer’s heart, and a deployment speeds that singe the eyebrows of big company change control boards, the cards are often stacked in favor of these young Turks.

Getting the Commit Bit - Jupyter/IPython Cookbook

Tue, 03 Jan 2017 08:56:00 -0800

Much of my work over the past few weeks has involved updating infrastructure or otherwise paying down bits of accumulated technical debt. It seems every goal I’ve been aiming towards has a half dozen dependencies that have to first be addressed before I can get to the “real work.” Not an uncommon scenario, I know, but no less frustrating when you are staring down deadlines. One of these annoying blockers has been getting my development Jupyter (nee IPython) notebook environments updated.

Cyber Risk Indices

Mon, 02 Jan 2017 12:16:00 -0800

As part of my running program, I’ve been diving into and attempting to decipher the bewildering array of metrics that are tossed around. Terms such as VDOT, CTL, ATL, TSS, Suffer Score, and the like have been preoccupying much of my interest over the past several days. Many of these metrics attempt to compress a number of different measures of performance into a single number which an athlete can use to evaluate themselves.

New Year's Resolutions

Sun, 01 Jan 2017 11:45:00 -0800

We’ve finally closed the books on 2016 and the rude beast of 2017 has slouched its way to Bethlehem. While I’m not one for making big professional nor personal predictions, I do enjoy taking pause at this time of year to think about what I’d like to accomplish over the next 12 months and get some clarity on intent. I find that thinking of the big themes I want to pursue is often enough to shape the coming year in ways that complex plans fail to accomplish.

Home Ownership and Infosec Risk Management

Thu, 08 Dec 2016 07:00:00 -0800

A little over two years ago, my partner and I moved from a condo to a single family home. While we’ve enjoyed many aspects of owning a home, there have certainly been challenges. In short order we repaired a shattered sewer connection, put on a full new roof and gutters, replaced the water heater, conducted major insulation and window work…well, you get the idea. Throughout all of this I’ve had a running thread in the back of my mind about the parallels between owning an older home (ours just passed 100 years in age) and information security.

Managing Instance-backed AWS Images

Wed, 07 Dec 2016 07:00:00 -0800

Recently, to support a client I needed to roll a custom Amazon Machine Image (AMI) development environment with a specific configuration of RStudio Server and assorted packages. While I needed to update this environment with the latest security fixes and package changes, with a relatively short total project time, it wasn’t worth spinning up additional infrastructure and investing time to create a Jenkins-driven automatic build pipeline. In this post, I’ll go over some of the alternative design choices I made in building and using this environment.

First Impressions - R on SQL Server and Visual Studio

Tue, 06 Dec 2016 07:00:00 -0800

I’m a bit of an odd ball among many of my data science and devops colleagues for running Windows as my primary desktop OS. While my earliest experiences were on Apple systems, many of the organizations I’ve been a part of are traditional Windows shops. Understanding the challenges and opportunities these organizations face in applying data-driven practices to Windows-based technology stacks is incredibly valuable to me. In recent years, Microsoft themselves has embraced and adopted (née“extend”) many of the practices that first came from Unix shops.

re:Invent 2016 - Virtual Recap

Mon, 05 Dec 2016 07:00:00 -0800

AWS’s annual customer conference took place last week in Vegas. As the big shock and awe event for new feature releases and bringing the user community together, re:Invent has grown to be a huge affair with attendance over 35,000 this year. That’s over three times the attendance at BlackHat and closing in on 40,000 numbers of RSA. My own tendencies run towards the smaller venues, where I can spend more time interacting with both speakers and attendees while keeping my FOMO at manageable levels.

Meetup Recap - Pre-Thanksgiving Feast

Mon, 21 Nov 2016 09:13:00 -0800

Thanksgiving is rapidly approaching in the US (as is a sense of Armageddon, for that matter). Far from slowing down, last week was a flurry of activity for me, with four days of back to back meetups on a diverse variety of subjects. A recap each of the meetups and some of the major points is included below for your reading pleasure. To mangle Twain, I regret that this summary is not more concise, but I am pressed for time.

Constraining AWS Costs with Lambda

Wed, 16 Nov 2016 09:48:00 -0800

In my last post, I detailed setting up a simple web page powered with AWS Cognito to make predictions against an AWS Machine Learning hosted model. While the UX on that page is not exactly delightful, it is functional. Since this is running under my own personal account structure, I want to ensure that costs for running a solution exposed to entire internet are managed. Costs for AWS ML are relatively minor, with the current toy OSHA model costing approximately one cent an hour to run and each individual prediction cost 1/100th of a cent.

Experimentation with AWS Machine Learning and Cognito Services

Sun, 13 Nov 2016 16:16:00 -0800

My spousal unit’s workplace recently launched an internal data challenge focused on a public OSHA data set. As a side project, I’ve casually explored the data, mostly as a means to provide any tips I could to my partner as well as an opportunity to explore parts of the AWS stack (which my wife’s workplace is heavily promoting) which I’ve not yet directly used. One such service is AWS Machine Learning (AWS ML).

About

Thu, 05 May 2016 21:48:51 -0700

This is a “hello world” example website for the blogdown package. The theme was forked from @jrutheiser/hugo-lithium-theme and modified by Yihui Xie.

Meetup Recap - Value Stream Mapping

Wed, 02 Mar 2016 15:04:00 -0800

I’ve long been interested in Lean methodology, with my organization being a leader in adopting Toyota management principles in healthcare settings. While the technologies around DevOps methodologies are a treat to work with, the application of Lean principles in traditional enterprises both challenges and entices me. Having just given Humble, Molesky, and O’Reilly’s Lean Enterprise a initial read, I was excited by the announcement that the Seattle DevOps Meetup would be featuring Microsoft’s David Tesar presenting on Value Stream Mapping (VSM).

A Lambda-Driven Log Router

Wed, 24 Feb 2016 07:00:00 -0800

Without regular maintenance, software stacks, like people, tend to spread out and get lumpy as they age. When running processes on AWS, staying still can be especially painful as the Amazon platform features evolve rapidly. While this rarely breaks stable features, I recommend keeping an eye on the direction the services you use are evolving in and that you avoid getting too comfortable with one particular way of doing things as the One True Way.

Meetup Recap - AWS Aurora

Tue, 23 Feb 2016 04:07:00 -0800

The local Seattle area has an active Meetup scene. As I live and work near downtown, I’m fortunate to be able to participate in meetups on a variety of topics. I’ve been remiss in blogging about them and will attempt to do mini-posts of summaries going forward, starting with last night’s AWS Meetup covering Amazon’s Aurora database service. We were fortunate to have both a customer and an AWS perspective on Amazon’s re-imagined MySQL-based database.

The AWS Triple Crown - DevOps Engineer, Solutions Architect, and Developer

Sun, 21 Feb 2016 10:36:00 -0800

This weekend I completed the final of the five certificationsoffered by AWS, finishing up with the rather grueling DevOps Engineer Professional exam. While my comments back in this earlier post still apply, I wanted to complete this series. There are few resources available on the DevOps Engineer Professional exam (and yes, I cringe a bit each time I have to write “devops” right next to “certified”). While the ACloudGuruclass is due to be released Real Soon Now(tm), a few preliminary notes may still be of help.

Connecting Tableau to AWS CloudWatch

Thu, 11 Feb 2016 07:00:00 -0800

One of the many improvements in our recently re-deployed ELK stack is the use of CloudWatch to store performance metrics of our Logstash pipeline. Event rates for our shippers and indexers, buffer lengths, and host information are now all in a common platform without having to maintain a separate time series system. To track how the system is performing over time, we have a CloudWatch Dashboard that displays many of these key metrics.

Loading up with Docker on Windows

Sun, 07 Feb 2016 11:03:00 -0800

If you attend many DevOps oriented meetups, it’s hard to avoid people people waxing rhapsodic about containerization strategies with Docker and similar technologies. The concept of having small, self-contained environments (rather like Go for operating systems) that can be readily provisioned and deprovisioned is exciting. With most of our production workloads running on short-lived EC2 instances, I haven’t had the cluster of longer lived compute hosts on which containerized micro-services made sense.

Monitoring Logins on AWS Instances

Sun, 31 Jan 2016 20:47:00 -0800

Catching up on the unexpected flurry of new Liquidmatrix Security Digest episodes, I was excited to hear a mention of tying in SSH login alerts to Slack. Having tweeted about a similar setup a couple weeks ago, I hadn’t gotten around to writing our solution up. Seeing another approach was a great motivation to burnish up my code a bit for general release. Hopefully seeing different patterns for solving what seems to be a common pattern will be helpful for others.

A Micro-Post On Bullshit

Wed, 27 Jan 2016 08:42:00 -0800

This week I’ve had the opportunity to wander the UC Berkeley campus and neighborhood. Strolling down streets such as Euclid, Oxford, and Hawthorne on such a beautiful campus had me in a philosophical mood when up popped episode 90 of the Data Skeptic podcast with a topic that made my evening. In this episode, Kyle interviews Gordon Pennycock on his recent paper “On the reception and detection of pseudo-profound bullshit”.

Balsamiq and UX Design

Fri, 08 Jan 2016 12:29:00 -0800

Appearances to the contrary, most of my team’s activity has little to do directly with AWS. A case in point is a major rewrite of our primary risk management system, a custom application called Atlas. Atlas has served us well over the past several years and it has given us an excellent view into where our data is stored and processed and the levels of risk associated across our environment.

CyberELK - Forklift Upgrading an Entire Stack

Sun, 03 Jan 2016 12:44:00 -0800

The Elasticsearch ecosystem moves very fast, with a large number of releases coming out in the closing months of 2015. While we have been keeping our install as current as possible, we couldn’t easily move to the newer 2.x branches of both Elasticsearch and Logstash due to AWS OpsWorks being stuck on Chef 11. This was finally resolved at the start of December with the release of Chef 12 for Linux.

Stocking Stuffers - Cleaning Up the Work Environment

Thu, 24 Dec 2015 15:37:00 -0800

While I took this Christmas Eve off from work, the spouse still has some office duties to address. This gave me a bit of unexpected free time this morning which I’ve spent cleaning up my development environments and trying out a few utilities from my To Do list. Here are a few links and notes as impromptu stocking stuffers. Hopefully you’ll find more interesting tchotchkes than white elephants here!

Recasting an Analytic Pipeline with Cloud Formation

Sun, 20 Dec 2015 10:09:00 -0800

Our existing vulnerability prioritization process (VulnPryer) pipeline is heavily based on a number of AWS technologies, most notably Data Pipeline and OpsWorks. Both of these services have had numerous updates over 2015, with Data Pipeline getting improved tagging support and OpsWorks rolling out the much anticipated support for Chef 12. My team’s Kanbanboard has had a card to update our flow for these new features for some time. I finally tackled this as what I thought would be a quick project but which quickly became a much more involved learning opportunity.

AWS Solutions Architect - From Zero to 1440

Sun, 15 Nov 2015 14:22:00 -0800

In need of a bit of Csíkszentmihályi flow and distraction, last weekend I completed the AWS Certified Solutions Architect Associate exam, followed today by the professional level examination. A few quick thoughts on the exams and the preparation I performed for them follow. Over the years, I’ve taken pursued more than my fair share of certifications. Back when I was consulting full time, there was an era where your worth to a potential client was measured in the number of technical certifications you could boast.

Creating a RStudio Server Instance on AWS

Thu, 05 Nov 2015 14:34:00 -0800

There’s a rite of passage for every #rstats-using data scientist with Type B tendencies. In this story, our hero(-ine) gets R up and running on a cloud instance and posts a blog entry on their experiences. Far be it for me to eschew the traditions of my predecessors. As part of an internal mentoring I’m doing for some coworkers that are going through the Coursera Data Science program, I recently built a pipeline for creating custom images running on spot instances, using TLS-terminating load balancers, dynamically updating DNS and the network security groups, all with a fully configured RStudio Server.

Getting Jolted With R and Data.gov

Sun, 22 Feb 2015 10:59:00 -0800

Inspired by this post, I took a bit of time to hack together a quick bit of code to display the residential power rates in the 50 most populated metro regions per the US Census Bureau. The results below the cut still need a bit of work – the labels are cut off, there’s an excess of chart junk, etc. – but it was a fun morning project while putting off hitting the trail for a run.

Hello World^WHeroku!

Wed, 10 Dec 2014 21:11:00 -0800

As part of our developing automation pipeline, we’re leveraging Amazon Simple Notification Services (SNS) to send notifications of job completion, failure, and other status messages. SNS provides topics to which endpoints can subscribe. Services can then post messages to these SNS topics for fanning out to all the various subscribers over a variety of different protocols. In our setup, we have two primary topics - one for CloudWatch alarms and one for all Data Pipeline notifications.

VulnPryer Update - Cooking with OpsWorks

Wed, 10 Dec 2014 13:22:00 -0800

A quick update on the state of VulnPryer. After a couple of quiet months, activity has picked back up on this project to improve our vulnerability prioritization efforts. We’re close to wrapping up a long-delayed effort to move the generation of our customized scoring algorithm from a manual Vagrant-driven process to a fully automated and scheduled process running on AWS using Data Pipelines and OpsWorks. At this point we are pulling our data feeds, re-scoring thousands of vulnerabilities through our draft algorithm, and generating a revised data file for downstream ingestion and risk analysis on a daily basis.

Introducing VulnPryer

Wed, 27 Aug 2014 07:30:00 -0700

Vulnerability Management is one of the least sexy areas of information security. For all the improvements in automated patch deployment from vendors the likes of Microsoft and Adobe, my organization still has far more vulnerabilities than we can ever hope to patch. More to the point, we have more vulnerabilities in our environment than we ever should patch. Achieving a zero vulnerability state could only be accomplished through crippling amounts of bureaucracy and overhead that would halt not just innovation but basic operations.

The Many Hands of Full Stack Analysis

Mon, 25 Aug 2014 19:42:00 -0700

The concept of performing full stack data analysis came up in a recent conversation. While I’ve seen the term mentioned a half dozen or so times in recent weeks, I haven’t found a satisfactory definition. Formal definitions are tricky things and are arguably a product of more mature disciplines than the gangly adolescence of information security risk management can easily produce. Instead, I’ll briefly enumerate some of layers that make up the analysis stack at my workplace.

Notes from a Working Class (not-)Hero

Thu, 21 Aug 2014 12:45:00 -0700

During Episode 16 of The Risk Science Podcast the gang chatted about the forthcoming 2014 edition of SIRACon (get your tickets now!). In conversation about the two great keynotes lined up for SIRACon the concept of a “superheros of risk” panel was discussed. I loved the conversation but the topic causes me to channel a bit of “spicy Jay Jacobs.” The vast majority of individuals I’ve encountered in the infosec field have little to no awareness of the evolution towards data-driven security risk management happening among the more superhero populated sectors.

Monkeying Around in the Kitchen

Sun, 27 Jul 2014 08:31:00 -0700

Netflix has received quite a bit of well-deserved praise for their Simian Army set of tools which ensures that their services on Amazon Web Services can survive any unexpected interruption. The Simian Army is an amazing technical artifact of the DevOps culture that makes Netflix such a poster-child for DevOps Unicorn status. As terrific as Chaos Monkey and friends are, as a security risk manager at a traditional enterprise, they’ve not been the most immediately applicable tools.

Scroll Queries in Elasticsearch

Wed, 16 Jul 2014 13:50:00 -0700

While Kibana offers a nice interface to quickly zoom in on activity expressed in logs processed in Logstash and stored within Elasticsearch, there are some situations where having access to the full parsed event stream is a must. For pulling out bulk data, I’ve recently become a fan of Elasticsearch scroll queries. This post will quickly cover the process and sample code to extract events of interest for analysis.

Visualizing Network Traffic Preceeding and Following an IOC

Wed, 09 Jul 2014 13:49:00 -0700

My organization, like many which serves the public, hosts a guest network through which our clients, vendors, etc. can gain largely unfiltered Internet access. Unsurprisingly, there is a good portion of traffic in that environment that falls somewhere on the range of suspicious to outright eye-gougingly bad. While we track some of the worst of what goes on there (using it as a free honeynet of sorts), we don’t have the resources to do response to our own little slice of the general Internet.

Exploring Vulnerability Space

Wed, 02 Jul 2014 12:54:00 -0700

Vulnerabilities. While managing software and infrastructure vulnerabilities isn’t likely to make it onto anyone’s “Top 10 Sexiest InfoSec Projects” countdown (the SANS Critical Security Controls notwithstanding), all organizations have vulnerabilities and all have processes of various levels of (im)maturity for managing them. Given this, it was took me by surprise to see a throwaway Twitter post of mine on the topic attract a bit of attention. I’ll take a moment to describe the analysis project underway at my organization, our goals, and what we’re bringing to bear on this problem.

Unleashing the ELK

Wed, 25 Jun 2014 13:52:00 -0700

For the last several months, I’ve been working with the Elasticsearch-Logstash-Kibana (often referred to as ELK) software stack. The details that drove us to deploy this technology are briefly covered in an internal slidedeck which I’ve posted as a scrubbed version at Slideshare. I’m happy to report that we now have a functioning development environment happily consuming a half gigabyte of compressed perimeter firewall log data a day from which we’ve derived insight which our current SIEM platform has been unable to frame, let alone answer.

So Come On Up to The Lab...

Tue, 25 Mar 2014 14:25:00 -0700

Hello, Frankie Fans. Despite the lack of blog posts, life has been anything but dull here in the now Spring-blustery Pacific Northwest. I’ve had a large number of irons in the fire lately and am itching to get a few of them written up here for display and hopefully enrichment by others. For now, allow me to list a few things that have been going on that are on my list to develop into future posts:

Tableau Style Guide Posted

Sun, 24 Nov 2013 09:40:00 -0800

In this post I mentioned the Tableau style guide that my team was putting together. The Markdown flavor of the guide, along with the PowerPoint deck used to introduce this to our internal Tableau User’s Group, is now available at GitHub. This is very much a work still in progress and one I hope to expand and revise extensively going forward. This work is the condensation of various tips, tricks, and ah ha moments in our experiences in working with Tableau.

A Few Titles from the Shelves

Sun, 24 Nov 2013 09:24:00 -0800

As part of the litany of professional-related activities taking place outside of work hours, I wanted to share a few of the major texts that are currently on my shelves. While all of these are worthy of retaining, I’ve highlighted a few that I’ve recently found myself referring to especially often. All of these are available from various online stores. If this list isn’t enough to keep you occupied, there’s more to be found at the SIRA reading list.

Analyze All The Data

Sun, 10 Nov 2013 17:07:00 -0800

The past few months have been a flurry of activity around the homestead. After doubling down on the MOOC content, I completed both MongoDB’s free course on MongoDB for Developers (teaching the basics of MongoDB via Python) and Coursera’s Computing for Data Analysis (a surprisingly challenging intro to Rstats). I’m currently auditing the Coursera Statistics One program while focusing most of my efforts on Jeff Leek’s Data Analysis course, which is the main subject for this entry.

Field Experiments in Vulnerability Remediation Prioritization

Sat, 14 Sep 2013 15:14:00 -0700

One of the talks I most enjoyed at the 2013 BsidesLV conference was Ed Bellis and Michael Roytman’s “Vulnerability & Exploit Trends:A Deep Look Inside The Data”. Ed and Mike performed a data-driven analysis of the problems presented when vulnerabilities are prioritized based solely upon their CVSS ratings. The Risk I/O argued that using the presence of vulnerabilities in attack frameworks such as Metasploit and the prevalence of vulnerabilities in publicly reported breach events has a much better return on investment than starting at CVSS base scores of 10 and working down a list of issues.

Slaying the XPath Beast (aka Adding Cell Styling via PowerShell)

Thu, 25 Apr 2013 19:42:00 -0700

This week I was fortunate to attend the inaugural PowerShell Summit. Among the various sessions, Jeffrey Hicks presented on conditional HTML formatting with PowerShell. The native mdlet does a nice job converting objects to HTML tables, but has no support for applying custom styles to individual table elements. Jeff called out the clever idea of using ConvertTo-HTML to generate XHTML, then using PoSH to manipulate that as XML. Jeff’s technique uses the standard PoSH object model to apply CSS styles to rows.

DIY DBIR - Building Your Own Data Breach Investigation Report

Wed, 24 Apr 2013 20:51:00 -0700

By now everyone in the infosec community with a pulse has heard about the release of the 2013 Verizon Data Breach Investigation Report. This yearly publication from the Verizon RISK team is always eagerly awaited, reviewed, consumed, digested, and used. The basic taxonomy which allows the authors to digest the massive amount of data (47,000 incidents this year) is the Vocabulary for Event Recording and Incident Sharing (VERIS). While VERIS has been freely available and even rebranded away from any association with the Verizon corporate presence, widespread enterprise adoption seems to remain elusive.

Oscar Wilde and Advanced Persistent Threats

Fri, 29 Jan 2010 12:33:00 -0800

With all of the coverage over the alleged China-sponsored attacks on Google, the topic of Advanced Persistent Threats (APT) has broken out to a much wider dialog within the information security community. Apart from from Richard Bejtlich’s excellent coverage on his blog, the excellent folks on the Security Metrics mailing list have also taken up the topic. Myself, I have yet to work myself into any sort of excitement, or even much of an accelerated pulse, over the worries that my organizations may have to contend with organized industrial espionage or nation-state associated actors.

A Tale of Two Standards

Sun, 24 Jan 2010 16:55:00 -0800

Recent conversations on a certain public incident within the Seattle City government prompted me to revisit the PCI DSS standards. It’s been several years since I interacted with PCI as a primary job responsibility. What a difference a few years has made! The v1.2.1 standard and supporting materials are a delighted to see. While complaints still exist about the program (especially over the value of the QSA/QSV certifications), the collection of implementation guidance, FAQs, and statements as to the goals and intents of both the master and detailed requirements is an invaluable set of work aides.

Sharing Expertise vs. Hoarding Information

Sun, 07 Jun 2009 07:19:00 -0700

I recently received an email invitation to connect with a information security professional on LinkedIN. This individual had a length certification portfolio and a very complete profile, but was not in my geographic area and was someone I had never met or interacted with before. When I connect with someone, that act is a statement that I can do some level of attestation to their background and consider them a personal colleague.