On my day off I decided to watch Columbiana and heard a very astute line about painting that really made me think. The line was:

“You never finish a painting… You just stop working on it.”

Which itself was paraphrased from a Leonardo da Vinci quote:

“Art is never finished, only abandoned.”

The same can be said about security:

“You never finish security, you just stop working on it.”

The unfortunate reality is that many organizations see security as having a finish line, but that’s just not the case. The only way to ‘finish’ security is to stop working on it.

Please take a moment to fill out my survey on new SIEM development delivery options: http://app.fluidsurveys.com/surveys/andrewsmhay-v/new-siem-requirements/.

It’s free and no personal information will be recorded.

With the RSA Security Conference and Security BSides San Francisco only a week away I thought I’d offer some advice to first time attendees:

1. There are parties every night of the week so it would be a good idea to pace yourself. You need to treat the week like an Olympic event – something I will call the ‘Deconfalon’. Not only are you going to be sitting through talks and networking all day but you’ll also likely be attending parties until all hours of the night (or morning). This type of activity takes a toll on your body and mental health. The last thing you want to do is party too hard on the first night and ruin the next two as a result (I’ve done it, it sucks). There’s no rule that says you have to close the bar or go out for pancakes at 4am. Some people like doing this but I’m no longer one of them as I’m not 19 anymore. Party at your own pace and party responsibly. You’ll enjoy your week more.
2. Water is your best friend.If you’re hell bent on power drinking at after hours Deconfalon events, try having a glass of water after every alcoholic drink. Sure, you’ll have to run to the bathroom a lot but you’ll likely fend off dehydration and a brutal hangover the next morning. Also, just because the booze is free, doesn’t mean that you have to drink out the bar.
3. Eat, pray, love. Well, at least eat. One of the biggest mistakes I usually make during the Deconfalon is to forget to eat. Sure, if you’re press or a speaker there is food provided in the press or speaker room, but with the number of meetings, appointments and talks who really has time? My best advice is to pack some snacks that will fit in your pocket for eating on the run during the conference. Also, make a point of eating as many proper meals as you can. Grab someone and invite them out for a quick bite before heading to the next party or find another person who looks as weary as you and go out for lunch together. Remember, man was not designed to live on appetizers alone.
4. Take some ‘me’ time. Sometimes you just need some time to decompress. Don’t worry what your friends or colleagues might think about you skipping out on a night of parties in favor of a quiet night in. Stressed out during the day? Why not hit a local coffee shop or go for a walk? No one is going to fault you for wanting some personal time. You don’t always have to be ‘on’ at these things.
5. Fake it until you make it. Don’t know anyone at the conferences? Shy? Maybe you’re an introvert? Maybe you know some people through social media like Twitter but are afraid to approach them in real life? One of the worst things you could do at events like these is to sit in the corner in your own little world. Be fun, outgoing and friendly. Smile (but don’t be a grin fucker), practice active listening and, if you see someone standing out on the fringes of the conversation, invite them to join in. You might make a friend for life.
6. Have fun. Look, if you’re not having fun, it’s time to find something else to do. Don’t stick around in a dull conversation or at a party if you’re bored or disinterested. Go find someone else to talk to or find something else to do (like sleep). Similarly, not every conversation has to be about security. A lot of people make the mistake of only talking about work or the practice of security. I assure you, by midweek, this gets very boring. Strike up a conversation about a recent vacation, a new technology purchase or even a new exercise regiment. Show people you’re more than just another security wonk.

Hopefully this helps. See you next week.