January 2013 Archives

Maybe Your "Good Enough" Isn't

A theme I've seen surface lately is this notion that "good enough isn't good enough." My response to this is quite simple: if what you're doing isn't commercially reasonable and legally defensible, then your notion of "good enough" is itself flawed. At the end of the day, businesses should be aiming for "good enough" insomuch as that means doing as much as is reasonable and appropriate without wasting resources.

I would submit that anybody who argues against aiming for "good enough" simply doesn't understand how business operates, nor do they truly understand risk management. Infosec is not some zero-sum game where we can magically defeat all threats, eliminate all vulnerabilities, and go home "winners." Rather, it's a journey, not a destination. Every day we have to account for new threats and new vulnerabilities. However, we should not be focusing exclusively or obsessively on them. Instead, we should be focusing on the business and what it values and has of value.

The Winter Doldrums

My apologies for the lack of consumable content of late. A combination of work, new baby, work, and... well... work have been keeping me otherwise occupied. Rest assured, I have a handful of posts started, but I've just not had the time (or energy) to make tracks on them. Soon, though! :)

The RSA USA Conference has included an "Innovation Sandbox" competition for the past few years. There are always a few interesting new vendors on display, along with several niche players who you can just tell are going to be gobbled up by the big players. Overall, it's an entertaining venue for seeing some emerging technologies.

Now there's good news: The deadline for applying to participate as a vendor in the 2013 Innovation Sandbox has been extended. So, if you're with a tech company providing a unique (dare I say, innovative?:) solution, then there's still time to get involved. You just need to meet a few simply criteria. Note on the first bullet that I've seen companies older than a year presenting 2.x versions (or greater) at previous Innovation Sandbox events, suggesting that they view that criteria a bit flexibly. So, when in doubt, apply! ;)


  • Product in market for less than one year (launched after February 2012)

  • Product has the potential to make a significant impact on the information security space

  • Product can be demonstrated live and on-site at Innovation Sandbox

  • Company has a management team with previous proven success

  • Company must be privately held with less than $5M in booked revenue in 2012

Full details and application is available here:

About this Archive

This page is an archive of entries from January 2013 listed from newest to oldest.

December 2012 is the previous archive.

February 2013 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives


  • about
Powered by Movable Type 6.3.7