Tuesday, 6 March 2007

The view from here.

So, here I am, in Spain. I made it. I started as Director of Product Management for Kinamik Data Integrity just a month ago, and so far it's been great fun.

So many times I've asked myself why I'm doing this, and still I don't have a clear answer. I don't speak Spanish, few people here understand me ALL the time, even the English ones, but I had a strange compulsion to go through with it all the same.

A step back: 3 months ago I was happily working in Basingstoke for a UK distributor, minding my own business when I got an email from a foreign chap asking if I'd speak to him about IT Security. I'll always talk about security, given the chance, so off I went to Spain for the weekend, wife in tow to see what I could talk about. A week later I'd accepted a job in Barcelona, hell, it was raining in Basingstoke. But seriously I was impressed by the technology and it just sounded more interesting than selling firewalls.

Back a bit further: A year ago I was working for an IT Security vendor, focusing on encryption and access controls - there aren't a great many of them, but that's as far as I need to go here. We had... issues getting customers. No-one cares about encryption in Europe, more fool them.

So I left, went to the disti, and tried to see where the real fuss was in security. I have to say it wasn't that exciting. People are still buying firewalls, who'd have guessed? Of course the firewalls now have to do everything from stopping traffic to inspecting it to making the sysadmin's toast every morning, especially if he's had to spend the night rebuilding the Exchange server (yes, that still happens too).

People are buying load balancers as their e-commerce networks and application servers are getting overstretched and they have to squeeze every last penny out of their existing architecture. (Some idiots are even buying load balancers before they buy the rest of the e-commerce network to go behind it, then ordering an engineer to go to site and configure it. Giles, you tried, bless you. The culprits, you know who you are, and you got your money back!)

But is anyone buying anything that really matters?

In a word, no. In 2, not really. Not enough. Nowhere near. Take your pick.

I am horrified that in the biggest disti in the UK the absolute lack of high end security kit we sold. The reluctance of anyone at high levels to invest until after the horse has bolted is astounding. I've seen it all my career.

And why firewalls? Why load balancers? There are so much better things to spend your money on!

I'll tell you why now, and start doing something about it at the same time. No-one knows quite how futile this behaviour is, that's why. No-one knows exactly what security is or how to do it completely. And I mean no-one. I have an idea, probably better than most, that's why they call me Director here and gave me a CISSP a while ago. But that doesn't mean I know everything, nowhere near. I'm here to tell you what I DO know, where I see security going and to see if you agree. I want your feedback and I want your ideas.

I hope this blog will become somewhere for me to learn, not just disseminate information that I've picked up along the way from my (bloody hot) ivory tower. I'm miles away from home and don't have quite the feedback or the insight into cutting edge projects that I used to, but I don't think I'm really missing anything yet.

Plus it's lovely in Barcelona. Come up and see me some time...

No comments: