Security Musings

Security Musings

Information Security Travel Guide

Stephen Northcutt, an Information Security Researcher, United Airlines 1k, Writer and Instructor, documents the struggles of the travel and hospitality industries as we all face continually increasing energy costs. He and his peers share their travel experiences and give you quick tips and short reviews of the companies they do business with as they travel. If you came across this article because of a Google search, what you want is probably here, just use find with your browser (CTRL - F), it is easier than reading from top to bottom; however, you may get some useful tips if you stick around and read. Each major cluster of trips is documented in a separate file.

Other Related Articles in Information Security Travel Guide

Information Security Travel Guide Edition 15 - Stephen Northcutt

By Stephen Northcutt

In edition 15 of the information security tour guide we begin in Poipu Kauai, we will be attending the HICSS conference, then off island to New Orleans for SANS Security East 2010 and then on to Curacao and back to Richmond VA and finally back to Kauai. We will document the hotels and restaurants we visit. We will also detail the struggles of travel after the Nigerian Islamic terrorist Umar Farouk Abdulmutallab tried to blow up a plane headed for Detroit on Christmas day. We will talk about information security, food, and similar things as well.

[Tuesday, January 5, 2010] HICSS 43 in Poipu Kauai

The Hawaiian International Conference on System Sciences is here on Kauai this year. I will be attending the cyber exercises track tomorrow. So we checked in to the Hyatt tonight to be in position, I want to be down on the floor early tomorrow pressing the flesh and passing out business cards. The Grand Hyatt Kauai Resort & Spa is one of the best hotels on island. Certainly in the top four no matter how you shake it. I have never had a bad experience here, don't usually sleep here, but I love the restaurants, Donderos and Tidepools, and have used the grounds for setting up a photo shoot with help from the GM; in everything they do, they are always very professional. Turns out we have spent enough time in this chain to be Platinum, not sure what that means, but they gave us two hours late check out which will come in handy. And, as a bonus we got to eat at the Red Salt Restaurant at the Koa Kea hotel, which is trying to be the most exclusive hotel on island. My good friend Rudy Bosma from Two Frogs Hugging thinks it is the best restaurant on island. I am not sure I can buy into that, but we had a great time. I had the Diver Scallop and the 7 Spice Ahi, Kathy had the Lobster Croquette and the Opah, both were tasty. However, my water glass went unfilled once, and you can never get my seal of approval as best restaurant when you drop $190, including tips, if they can't keep your water glass full. So, I am keeping my vote for best restaurant on Kauai as the Beach House, with Roy's in tight second place; amazingly enough, all three are located on the South side in Poipu. Maybe I need to move! OK, enough, got to turn in early, tomorrow is a working day full on.

[Friday, January 8, 2010] Getting ready to fly to New Orleans

Last day on Kauai. We have a luncheon at the SANS Kuhio office to celebrate two birthdays. The theme is sandwiches of all things, so we are going to drop by Scotty's and get some BBQ. My parents came in last night, they are going to stay in the house while we travel, wish I could spend more time with them, but this is the way things are. They said their 777 pitched over at landing at LAX, that is the same thing that happened to us on the El Al flight and of course, there was the more serious event at Heathrow. We picked up United 68 in Lihue, flight was on time. However, there was something amiss with United's computer system. When I checked in, the terminal asked me if I was going to IAD ( Dulles), but I am headed for New Orleans. A couple rounds and that got fixed. Then it asked me how I wanted to upgrade to first class. We had upgraded with miles, but it gave me the option of using 500 mile coupons which I jumped on. Kathy and I were unable to get two seats together, but we both had aisles. We ended up in 1 C and D which are the worst seats in first class on a 757, but we were together, good enough.

Airport security is in fact a bit tougher, both Kathy and I were selected for additional screening, and there I was, trying to explain why I carry four laser pointers. You suck, Umar Farouk Abdulmutallab, so does your family. You have made life harder for Christians, Jews, Islamics, Agnostics and Atheists and I apologize to any group I left out. I will probably mail some of my electronics to Richmond from New Orleans. However, I must say the TSA folks seem to be reasonable, it is just a bit slower. We stopped into the Snack Bar at Lihue Airport after clearing security. I had a turkey sandwich on multigrain, $8.79, what a ripoff. One piece of lettuce, four slices of pressed turkey a little piece of cheese that isn't close to the size of the bread; there should be a law against such things.

The service on flight 68 was OK, they didn't bring water during the middle of the flight, but I had my Tiki water bottle. They did bring water several times at the end of the flight, which was welcome because I had wiped out my water bottle. The movie was Cloudy with a chance of Meatballs, an animation about two geeks finding love; it was OK, not great. The red carpet lounge in LAX was a bit jarring. The lady checking people in seemed bent on not letting people into the lounge. She was a loud, large and in-charge African American woman, lots of talk about ""business class international"" and ""you have to pay extra for wireless"". Oh well. The Red Carpet Lounge is changing a bit. They now serve Stash tea. I could not find a green tea so I tried the Orange Starfruit. It does not seem to have any flavor even though I used two tea bags. Kathy says the blueberry is lovely so I may dump out my water bottle and try again. Yup, the Blueberry is MUCH better. The package says caffeine free, but the web site says it has black tea, no worries though, I have a lot of flying left to do. They have moved the mens bathroom and have all new fixtures. We will see how they hold up.

United 966 from LAX to IAD was a delight of a flight. A hearty breakfast, a very attentive crew, smooth air and a perfect landing. I got up to stretch my legs about half way through the flight and everything was white, quite a shock after three weeks in Hawaii. The 777 had a choice of movies, I picked Love Happens. I thought it was very entertaining. Guys, if you owe your honey a chick flick, this is a good one. My favorite line was ""life on 3x5 cards"". We arrived early so we pulled into the D gates Red Carpet lounge and refilled my Tiki water bottle with some Numi Orange White Tea for the next flight. This is almost like an international flight in terms of duration. Next up is flight UA 477.

My newest least favorite fellow passenger is Joseph Hedlund Johnson who wrote a scary note causing Hawaiian Airlines to turn their plane around, causing a massive delay for the people trying to fly to Hawaii.

[Sunday, January 10, 2010] New Orleans French Quarter

We spent all of Friday night and all of Saturday in planes and airports, but here we are. The Sheraton, is well, the Sheraton - right down to the hairball in the shower and the prestained sheets. I would guess they forgot to turn the room, but it had all new towels; welcome to New Orleans and I am happy to be here, thank you very much. We had breakfast in the club lounge, the attendant was just the nicest person, so we tipped her in person (if you leave your tip on the table in New Orleans, it is anybodys guess who will get the money). I have to do a bit of work and then hopefully Kathy and I can hit the art galleries in the French Quarter and maybe get dinner at Brennan's tonight. I put an offer out on Twitter if anyone wants to join us.

I just read a news story about cyber-disarmament. ""The chair of the United Nations committee on disarmament and international security has said there are no plans to meet with the United States to discuss cyber security, contradicting an earlier report by the New York Times. Uruguay's Permanent Representative to the UN Jose Cancela told Xinhua in an exclusive interview on Friday that a January meeting between his committee and the United States is ""not the case."" ""I have not received any request by the U.S. delegation,"" said the chairman. ""We didn't have any request about that."" In December, the New York Times reported that the United States agreed in Geneva to discuss cyber warfare and cyber security with representatives from the United Nations committee on disarmament and international security"" So it appears we have been ignoring discussions on cyber-disarmament for 13 years at this point, all the while getting cut to shreds by (primarily) China, but also Eastern Europe and Russia. Very interesting national strategy. In other news, the ever brilliant Gadi Evron just posted a blog article on the alluring BMW ""You know you're not the first"" ad. Funny thing, infosec professionals are all commenting on it and can't get the tag line right. Still trying to keep an eye on Sarah Palin and her use of grass root networks. This blog entry is interesting, but the comments are a must read. People are so very polarized over Sarah.

Kathy and I went gallery hopping, mostly on Royal Street. We managed to come away with a gold bracelet for Kathy from the 1940s at a very good price. The workmanship is fantastic. I love the artwork in the Royal Street galleries; wish I had more wall space on my house, but we have been very deliberate and no offense to any of the fantastic artists we looked at, but my designs get first priority with limited wall space.

Dinner was at Emeril's NOLA. We picked first seating (6 PM). It was an excellent dining experience. For my entree I had the special of the day, a duck confit, arugula, spiced pecans salad. It was excellent. Kathy had the wood fired oysters and the crab and celery root salad. For mains she had the shrimp and grits and I had the garlic encrusted fish with vegetables and potatoes. The fish was amazing, it was almost bland, but the vegetables with it were cooked in the wood fired oven and brought all these smoky flavors. The service was also perfect, an army of starched white linens, from tablecloths to the servers' uniforms.

Food: let's talk about Duck Confit. It is basically shredding all the meat off of a duck, cooking in the duck fat with salt and some herbs, rosemary and garlic is often chosen. However, every Christmas, I prepare a healthier Duck Confit. I carve the uncooked duck, throw away the skin and fat, add the garlic and rosemary and some celery and parsley to make up for the salt, add just a pinch of sea salt ( if you refrigerate duck confit, it does not have to be uber salted) and cook down IN OLIVE OIL INSTEAD OF DUCK FAT on the stove. I have been doing this for years and no foodie yet has realized I am not poisoning their arteries with duck fat. Then you store the confit for at least two weeks in the fridge. Want to reduce the salt even more? Try celery seed and fennel seed spice with a bit of hot pepper.

This just in, """"I've had a lot of worse landings at Newark before,"" said passenger Paul Lasiuk, 46, of Chicago, who was thankful to be alive after the hair-raising 9:30 a.m. landing."" What happened? ""A United Airlines jet made a lopsided landing at Newark Airport Sunday, miraculously skidding to a safe stop on the runway after one of its wheels failed to deploy."" Great NY Daily story, great emergency management on the part of United Airlines. The biggest tip in the article I hope I never have to use: ""You have to use everything you have available, either nose wheel, steering or flight controls to try and keep the airplane on the runway,"" Feith said. ""The last thing you want it to do is go off the side of the runway."" You may have guessed, I woke up in the middle of the night and am processing my Google Alerts. Well, I am going to try to fall asleep again soon and this is the jump point: tomorrow the conference begins in earnest and it will be hard to give a full report, but we will do what we can.

[Wednesday, January 13, 2010] Conference mode in New Orleans

We are moving fast. Monday night we ate at Brennan's. Woooo Hooooo is that a pricey place. The appetizer was $14, the entrees were over $40. The food was good, the service was good; Kathy had the Trout Almondine, I had the Trout Nancy. I did not have a ""wow"" feeling, but other than it being overpriced, I enjoyed the experience. Tuesday night we were pressed for time and Palace Cafe was across the street. Because we were seated before 7 P.M. we were able to get our entree, appetizer and dessert at the entree price. Food was good, Kathy had the Turtle Soup, Shrimp, White chocolate bread pudding, I had the Gumbo Ya Ya and mirrored Kathy's meal thereafter. Tonight, I put my body through a bit of abuse. I taught the standard SANS Management 512 Security Leadership Essentials seven hour day, then hosted the COINS event for Greater New Orleans ISACA and InfraGard New Orleans chapter, and then gave the evening keynote. Both my voice and legs were totally shot. We ate in the hotel. It is mostly a sandwich menu, but the Catch of the day was excellent, Kathy and I both had that.

[Friday, January 15, 2010] Packing for Curacao

OK, SANS New Orleans is done, at least from my perspective. I taught my leadership class today. It was a small group, but we had good discussions. Tonight, dinner is going to be our remaining Wholesome Fruit and Nuts, I have no intention of wandering around the city after the Saints game. The traffic outside on Canal Street is not even moving, it appears the street is one big party. Hopefully, it will clear by morning. We leave the Sheraton at 4 A.M. to fly to Curacao on American Airlines. In one sense I feel guilty hitting a resort after the disaster in Haiti, but I am so very tired, getting a chance to do nothing but relax is really appealing. My Verizon connection is so slow that I am going to give up trying to read email after this update is complete.

Watched a very disturbing movie on Showtime after I finished teaching called Lions for Lambs. It was followed by a fairly dumb movie called Superhero; it had a few fun moments, but overall misses the mark. I would suggest you pass and certainly would not buy either movie. HD Moore posted a really interesting site on Twitter, it is a reverse image lookup called TinEye. I just read that Sarah Palin accepted a job with Fox News and seems to be the darling of the Tea Party folks, told ya not to count that lady out.

[Sunday, January 17, 2010] Curacao

0300 wakeup, 0400 pickup, 0600 flight on American Airlines 1068 to Miami. No food places were open in the New Orleans airport; I don't think New Orleans is a morning town. Found some pistachios for Kathy and unsalted cashews for me. Flight was on time and about half full. I am used to United being totally full, but it might have been the New Orleans to Miami route. The airport in Miami is fun, lots of Latin influence and we got a proper breakfast there. AA 1879 to Curacao was on time and again, only half full. American gave us exit row seats on both flights and we really appreciate that. We arrived in Curacao about 2:20 P.M. My first observation, it is hot here; oh, how wonderful to be hot in January and, no surprise, we are 800 miles north of the equator.

There are two parts to clearing Customs, the screening where they process the information card and where you take your bags through the ""nothing to declare"" line. The first part went well, they had a bunch of lines for visitors, but the second line was horrible. There were over two hundred people in line and only one guy working Customs. And they were checking a lot of the bags. Then, a plane would come in from another Caribbean destination and many of those people would fill a luggage cart with eight to ten bags and cut in line. I finally asked one of the many security people standing around doing absolutely nothing if it might be possible to ask new arrivals to get in the queue and she didn't say anything, just looked at me with that patented I am an ex-slave, hate you and say one more thing and I will voodoo you look, and then she walked away to stand there and do absolutely nothing. Still, that is part of the Caribbean experience and I am fairly chilled about it all, the point of this trip is do decompress and relax and getting upset over the depravity of man hardly accomplishes that.

After an hour in the line, more Customs guys showed up and the line started to move. Then at one point they just let us all go, didn't check any of us. My guess is that they were messing up the hotel shuttle schedules because those same shuttles that are waiting for the tourists from the two airlines that arrived almost at the same time, have to get back to their resorts to shuttle more tourists to the outbound flights. The transfer to the hotel was handled by Tropical Tours, the lady was pretty funny. She gave us a paper to fill out and sign; Kathy said her pen was in the bag that the shuttle drivers had just taken and the lady said there would be pens on the shuttle. Even I am not that naive, so Kathy retrieved her pen from her bag. It is a 15 - 20 minute trip to the resort and it was fun to stare out the window at all the mom-and-pop store fronts. When we got to the resort they took our bag and we were in line again. The resort only had one person working check-in and while we had registered directly with the Breezes resort, the people in front of us appeared to have used a travel agent and there was all sorts of paperwork to fill out. Then, a second person came out to check in guests and things started to move. Our room has a nice view of the ocean, it seems comfortable enough, it is not cramped and it has a kitchen which seems odd at an all-inclusive resort where they feed you for free. The balcony for the room is generous, big enough to dance on and it has a lounge chair to chill out and watch the afterglow of the sunset, but we didn't want to hang out in the room when the beach was so close and inviting. They have set a line of rocks to make swimming safer on the beach, reminds me of Lydgate Park. We got in the ocean then laid on those beach lounge chairs and enjoyed the sun. Drinks are included here, but after flying I felt the need to hydrate, so I tried the orange and cranberry juice instead of alcohol. They give you a tiny glass that reminds me of the orange juice glass some restaurants give you for breakfast. So I went back several times, it isn't totally paradise here in all-inclusive land. One of the bars was out of clean cups, so unless you already had a cup, you could not get a drink. Another one, the one closest to our lounge chairs, ran out of chicken for the chicken sandwiches, and then ran out of beer. But they did not run out of orange and cranberry juice, and a couple of those made for a pleasant late afternoon. You need to set reservations for some ( or all? ) of the restaurants here; for tonight I asked for an 8 PM seating at their outdoor beachside BBQ.

The sunset was awesome, they have dust in the atmosphere and it really adds color as the sun sets. Above the glow on the ocean, there was a bit of blue to the sky, a sliver of the moon, a couple stars and it was dark enough for the lights of the passing cruise ships to pop. They have a Saxaphone Serenade that plays during the early evening a couple times in the week; he is pretty good with just a touch of a Latin influence. Kathy and I enjoyed a couple slow dances. Now, I need to get ready for dinner, they want you to be on time for your reservation.

Dinner at the beachside BBQ was a bit strange. The winds are very strong so your salad literally blows off your plate, but that was OK, Kathy and I figured out the wind direction and made sure that we were upwind of the salad. We both had the fish, I think we also had a choice of ribs and a filet, but I try to pick the healthier choice the majority of the time and make my discretions an exception. The sax player was still playing, so Kathy and I hooked a few more slow dances. It was amazing how few couples got up and danced; two couples and sometimes three. It was mostly foxtrot stuff and you can handle the Latin touches with a toe touch or a shoulder or hip shake, good thing too, my Latin dances are very rusty, maybe Kathy and I can get a lesson.

8 P.M. They were supposed to start ""Limbo and Fire"" but they brought in some low grade night club singer singing against sound tracks, reminded me of all the world of ""Special Music"" at a rural Christian Church. The more she sang, the more the crowd thinned out; finally, she got up out of her chair, but she has zero stage presence. Then they gave up and started playing canned music, a huge improvement. We have a great table out of the wind, so I slipped up to the room to get our laptops. There was an Internet signal that was very strong and I connected to it, but when I brought up a browser, it wanted a code. So I went to the front desk to get the code. After speaking with five persons, four whose eyes glazed over when I said ""wireless"", a lady working the front desk said that Internet was not included at this super-inclusive resort. She had a paper and you can purchase a week of Internet for $35.00, which seems reasonable. Only catch is that you have to buy the card from the gift shop, and it was closed. NOTE to Breezes management: if you want to appeal to the modern generation, be generous with Internet, especially if you call your resort inclusive. I really do not mind paying the money, but not being able to actually purchase Internet makes you look dumb. But, I am still not mad, such illogical processes are a way of life in the Caribbean, feels like I have stepped into Don't Stop The Carnival by Herman Wouk.

10 P.M. People are streaming into the resort with their bags. The night club singer is back on. She started off with a Spanish number that she did pretty well; she was standing up and even moved to the front of her pavilion so the crowd can see her. Well, for one song anyway; performers that think the world owes them an audience leave me shaking my head.

The night ended well. Kathy took a nap about 9 P.M. after she realized we could not get online. At 11:45 P.M. she woke up and was ready to go so we hit their adults-only disco. When we arrived, two couples were dancing, then it was just one, and next thing you know, we had the dance floor to ourselves. The DJ wasn't in to requests, and the bartender would only serve vodka and orange juice, not rum and orange juice which I prefer, but dancing was the capstone of the day. We could have both gone on for another hour, but it has been a while since we have had the opportunity to go clubbing and I was concerned how we might feel the next day in terms of things like back and knees. We crawled into bed and went down hard.

[Monday, January 18, 2010] First full day at Breezes Curacao

No surprise, we slept late, but that is the point of trying to rest. They had finished serving breakfast and lunch was not open, so I grabbed a few Nacho Cheese chips at the beach bar and some popcorn for Kathy to keep our blood sugar up until lunch opened. We signed up for the catamaran ride in the afternoon and both did a bit of writing in the room. We also scheduled a couples massage for 6:00 P.M. As I suspected, we had overdone it just a bit on the dance floor, and this will probably feel good. The price is very reasonable compared to any I have ever heard of in the USA. As lunch opened we got a table, didn't wait for a server; I got us water from the water station and we got in and out of the buffet. Normally, we avoid full sun, but all the umbrellas were taken and they wanted us to stay near the boat so when our turn came they could find us. Turns out that where they wanted us to stay is the topless part of the beach; only a couple people were taking advantage of that opportunity and they were very, very, brown so that must be an important part of their life. We are using Neutrogena Ultra-Sheer 70 SPF. It doesn't blend in super well in the airconditioned hotel room, but once you get in the sun and warmth you can eliminate the aborigine look. However, don't dawdle, when the wind blows there is fine sand blowing and you can borrow a mask and fins from the towel section, but they never seem to have mens size 11 in stock and I am not real excited about using someone elses snorkel, so we just put on swim goggles and checked out the fish. It was my first time swimming in the Caribbean since teaching Sec 401 Security Essentials in Puerto Rico about ten years ago. It was fun, the water is cool but not bad at all, in fact quite refreshing if you are out in the sun. Then, it was our opportunity to go on the catamaran. Open ocean in a catamaran was a lot of fun, we had plenty of wind and the waves were big enough to be exciting, but not so big you are afraid every moment might be your last. Since we were soaked, we went swimming one more time and then headed for the outdoor shower to get the salt off. I purchased Internet access at the gift shop and went down to the beachside bar where there was enough shade to read the screen and empty tables as well. I did end up having one orange juice and rum. Then took a shower before the couples massage. After the shower I noticed a few spots I missed with sunblock, which was a great reminder that if you did not have sunblock, this sun would fry you.

The couples massage was mostly a good experience. We are constrained for time since they insist you show up for dinner on time. They asked me how I wanted to pay and I said credit card since I get miles. The Spa cannot take credit cards, so they sent me to the front desk where they ignored me, ignored me, and ignored me some more. I was second in line, there were three people working at one point, but one was cutting orange bracelets off people and giving them purple ones. The second desk person was looking at a piece of paper. The manager left and went into his office. BTW, in brighter conditions you can see that it is not a mirror, but rather one-way glass. I could see everything he and another lady were doing. Truly amazingly poor service, I have been in well over a hundred hotels and resorts and I have never experienced anything like that. After about fifteen minutes of no service, I went back and asked to pay with cash. I joked to Kathy, Breezes Resort is a place you spend more time in line than online. That said, it was a great massage and just at the right time. They started with our feet and really paid attention to our legs, and the work on the back was very effective. I felt much better for having done it, and so did Kathy.

Tonight's restaurant is Pastaferi and seating is at 8:15 P.M., which is exactly when we arrived only to find ourselves about the twelfth group in line. We got in by 8:30 and the hostess seemed genuinely sorry about the delay. No big deal, while I stood in line, Kathy went to the bar to get us a pre-dinner glass of wine. There was a Spanish family behind us that seemed to very badly want to be in front of us. After we were seated inside the restaurant there was a live piano playing and the music was pretty good. The Antipasti was great, I had the Frutti di Mare as my appetizer and a beef filet as my main, Kathy had the Chicken Parmesan Soup and the entree portion of Frutti di Mare as a main. We shared a chocolate something for dessert. Top quality flavors all around, compliments to the chef, though Kathy and I enhanced out linguini dish with Parmesan cheese from the Antipasti table. There was an odd incident; a Dutchman lost his camera at ""our"" table; he and his wife had been there for the previous seating. So, we got up and looked all around. He came in several times, he was very distressed. Finally, he came back in as we were finished to announce he had found his camera. After dinner we wanted to get some juice, I was a bit dehydrated and I want to minimize the amount of water I drink here, twice it has come out of the spout bright orange. There was a long line at the bar, but we finally got to the front of the line. They were out of cranberry juice. What about red wine? They were out of that too. That seemed to freak out the bartender and with thirty people in line he left the bar and went on a search for red wine. Ten minutes later he comes back with two bottles of red wine, I am guessing that will last a good ten minutes since the bar also supplies the main restaurant, Jimmy's Buffet, for drinks. We really did not want any wine just yet, we are hoping to have the energy to go dancing again if they open the disco, so we carried the glasses back to the room and covered them as last thing at nightcap. This all means that I am still drinking the water.

There is a skilled marimba band playing. We could not get a table by the pool, amazing how many people have tables with 10 chairs but only the two of them, and I am tired of trying to reason with people, so we headed up to the room and opened the door since we can hear them fine even though we cannot see them. I am going to rest and then maybe some dancing later. The disco is supposed to open at 11:00 P.M., but when we showed up at 11:20 it was still not ready to go. They told us we had to wait for drinks, we told them we didn't need drinks to dance, but no, they sent us away for a half hour.

NOTE to the folks that run Breezes, there are enough signs that if you do not engage in your business, you are going to mismanage your business into bankruptcy: if most of your customers are over 30, then waiting till midnight to open the disco means it is not an attraction. If it is not an attraction, it is simply an expense to you and I have a strong sense you have fairly high expenses. And sure enough, here it is 12:33 A,M. and Kathy and I are back and only one other couple showed up, they did a slow dance high school style and went to consummate their relationship ( ask us how we know, actually ask about half the resort how we know, that couple has been a bit public, and that is OK, they are young and this is a resort ). It was nice having the disco to ourself, this time no DJ, but they had canned Latin music and not too loud, and as I said earlier, we are out of practice with Latin, so that was fun. We did have a bartender and both gulped down three orange juices with a splash of dark rum to stay hydrated. Dancing and alcohol is a funny thing, if you are doing precision stuff like dance steps, alcohol messes you up, at least messes me up, but if you want to think you are a great dancer, alcohol is perfect. Long ago, I made my personal choice not to pursue dance and I am not claiming to be a good dancer, but want to be above the high school don't-know-any- steps-and-trying-to-dance-is-painful level; besides, it is a fun thing one can do with one's spouse/life partner, etc. Kathy and I wanted to do some skills drills since once again we had the floor to ourselves, so we put off the alcohol till later; just because it is included does not mean it is helpful. When we threw in the towel dance-wise we were more sleepytime tired than physical exertion exhausted, so we asked for one strong drink apiece to drink on the way to our room; dancing can bump up the adrenaline and it is sleepytime, and we do need rest. Kathy is going down first tonight, she is already in bed, so I will need to shut off the lights and go outside to the balcony to reflect. g'night.

[Tuesday, January 19, 2010] Chilling at the resort

We slept a bit late, but up in plenty of time for breakfast. We played shuffleboard for a while, borrowed the pedalboat (doing that is harder than I would have guessed in the ocean), played some pool (we are both terrible). We also made today our giftshop day. In my opinion the prices were very reasonable for a resort gift shop. After peak tanning hours we went for a long swim, watching the fish which is always fun. Swimming makes me hungry so I popped over to the beachfront bar for some grilled fish and a glass of orange juice. We also set up activities for tomorrow and Thursday, snorkeling various parts of the island. It was a quiet day, didn't do much, but enjoyed having some peace and quiet and got in the best swim of 2010.

After supper they had some jazz musicians out by the main pool. About thirty Canadians had banded together and put some tables together closest to the stage. It was quiet jazz and they were shouting, shouting, shouting. Then three ladies asked if they could sit at our table, a grandmother, mother and daughter. Then the mother started shouting from our table to the Canadian conglomerate. She was the loudest woman I have ever heard and she could keep it up indefinitely. Finally, after twenty minutes I yelled myself, ""Stop, take your chairs and go join them, then you will not have to shout."" I had a splitting headache. Apparently, the daughter was 17, as in it was her birthday, and several of the 50 and 60 year old Canadian men were trying to talk her into flashing her breasts for their camera phones. The daughter did not seem to appreciate that. Neither did I, I was very close to harrumphing (I am very good at harrumphing and I come by it honestly), but there was no need to go active.

At that point we decided to come back up to the room. I to blog and Kathy to catch up on her email. My opinion at this point about Breezes: It is not perfect for doggone sure, but there is VOG in Hawaii and Kathy and I got in our best swim in months, and in some sense, that is all that matters. So yes, I would give this another try. The only thing that has really offended me so far was the Internet access. I do not mind paying $35.00 a week, that is reasonable, but to not be able to pay it, that is one place these brothers need to get their Caribbean mindset fixed. That means moving the payment from the gift shop to the front desk and actually paying attention to someone that shows up to the front desk and waits there for fifteen minutes.

Out in the resort it is drunk tourist Karaoke night, so we are in our room, Kathy is using the Internet code and will probably crash in a half hour. Plan tomorrow is to get a swim, rest, then eat and go snorkeling on the reef with a boat trip.

[Wednesday, January 20, 2010] Water Sports at Curacao

As advertised, we took a swim in the morning. For the first time in my life I understand how people drown by losing it in the ocean. All of life before this I have been able to swim, essentially, for an hour or more. Kathy and I were swimming ocean legs, essentially point to point and during the second one I reached the point I could not do the crawl anymore, too tired. Not a problem, I switched to sidestroke and made it to the next point just fine, though slower. Then we had some lunch and got ready for the afternoon boat trip snorkel. It was your basic dive boat, bench seats, tanks stacked in racks, all full when we started, big diesel engines to get the divers to the spot quickly. It was a bit rough and the diesel fumes where blowing back into the boat, I was afraid I was going to turn green, but we made it. It was a nice spot, some great coral, plenty schools of fish, there was one all rock area so the turbidity was low and you could really see stuff. We snorkeled till our body temperature was getting low, the shivers can be a clue. Before we left we had brewed hot Good Earth tea, what a luxury when we got out of the water.

I got online some, two swims in one day will take it out of you, but I feel very relaxed. Answered some email including a very interesting question about an upcoming course I am teaching Mgt421: Leadership and Management Competencies. A potential customer had seen the ad and wondered if it was a CEO bootcamp. I replied that it is not, it focuses on the basic skills you need to manage and lead. After email, I needed to do a bit of stock trading so I caught up on that. They had the manager's reception at 5:30 so we wandered over. Generous buffet, but tonight we have reservations at the Japanese restaurant, Munasan, and I do not want to ruin my appetite. They also served a cocktail; I almost never drink hard liquor but they handed me a ""Curacao Lover"" which is some sort of coconut rum drink. It is very good and I see how it would be very easy to overindulge. Two of those after swimming and I would be sawing logs when it would be time to visit the restaurant.

I can't get over how multicultural it is here. English, at least at the trade level, is spoken by most people, but you hear a lot of Dutch, Papiamento and German. Americans are definitely a minority. That is kind of fun, and hopefully I will learn to see the world from a slightly broader perspective.

[Thursday, January 21, 2010] Last full day at Curacao

0600 wakeup, we are spending the day on a boat going to Little Curacao. Great boat trip, really enjoyed it. The snorkeling is fine, though the water was pushy and the current was straight out to sea so you needed to keep your wits about you. The lunch was fabulous, best snorkel cruise lunch I have ever had; the crew was friendly and the pace unhurried. And, they are about $20.00 cheaper than the competition. If you ever find yourself in Curacao, this should be on your list even if you do not like snorkeling they will boat you to the island, we swam. There are grass huts to get out of the sun and they brought snacks. On island call 767-9988, or visit the web for

Tonight at the Breezes resort was Boulevard night. All of the restaurants open up their fares buffet style. It was very enjoyable and a truly talented gentleman with a tenor sax is the entertainment, and he is a good singer as well. Kathy is catching up on her email and I am catching up on my blog. Looking ahead to tomorrow, we catch the bus out of here at 12:30 and I am glad, because I feel ready to get back to work, but it was nice to really chill.

Final thoughts on Curacao and Breezes. Before I go on, here is a disclaimer: if you are an information security tour guide reader, I am assuming you might be similar to me. Highly technical, greater than forty hour work weeks are standard, and you are a bit above the median income level. First things first: Caribbean logic rules here, so you need to be able to relax and roll with it. Also, Curacao is going to be going independent from the Netherlands as I understand it, and that could be a major change, and it could be a change for the worse. If you remember that hateful stare in customs, there may be a tendency to staff government agencies other than by experience and aptitude; however, that is only conjecture. Who knows, it might be an honest, caring and capable government that sets a model for the rest of us. However, you can go to the bank on one thing that will not change: in my research for this trip, I found Curacao as one of the warmest destinations in the Caribbean in January and February. No joke, this resort is crawling with Canadians, and please do not get me wrong, I have always loved my neighbors to the north, sadly they are working on their Ugly Canadian act, as in Ugly American act. If you have had it with shoveling snow, consider Curacao.

Now, Breezes. You will definitely spend more time in line than online at Breezes. People will cut in front of you and order five beers, two mint juleps, one strawberry and two pina coladas when you are only trying to get a tiny cup of red wine to drink with your meal. But, if you have the right attitude, three or four nights at Breezes can help you take the high energy focus down just a notch. The stay was good for me and Kathy. I am looking forward to a final swim tomorrow morning and I know I have my work cut out for me to get back to a level of ocean readiness that I ought to have. However, unless you have oodles of disposable income, think about using the inclusive resort for what it is, if you start doing a lot of outside activities like we did today, you lose money.

[Freaky Friday, January 22, 2010] Curacao, Miami, Richmond VA

As I write this I am in the Miami Airport. The American Airlines flight was on time, the movie was Love Happens for the fifth time on a flight so I played the Sudoku in the flight magazine. I had actually never done that, it is kind of fun. I finished the easy puzzle and was working on the intermediate when we landed. The flight was about 60% full. American was kind enough to give us exit row seats. We fly in less than an hour. Miami airport concourse E seems to have a shortage of sit down restaurants, power plugs and bathrooms, but it is not a heavy travel day, so it was all fine. Hopefully all will go well and we will be home a bit after midnight.

[Sunday, January 24, 2010] Richmond VA

American Airlines got us to Richmond and Hunter met us at the airport. We stayed up late talking and so we slept late Saturday. Need to get up earlier tomorrow, both to attend church and also to get ready for next week, this is going to be an intense week. We went to Short Pump to Target and then Trader Joe's, it was wall to wall cars, both parking lots were completely full. I think Richmond must be pulling out of the recession, maybe I can give the BBB a call and get their opinion. Prices at Trader Joe's have jumped up since I was last there. There are still some great deals, but there are also some very pricey items. I remember people complaining about the last price increase, the result is you tend to visit the store less often and need to be careful about what you purchase.

Sunday we visited the Richmond Vineyard church; the people there were really friendly, and they have the coffee and bagel thing down pat. There were very few cars on the road so we headed on to a Walmart Super Center, Kathy invited her mom to visit for lunch so we picked up some supplies. Like Trader Joe's, Walmart Super Centers have some incredible prices and also amazing selection. I was amazed at one point, there were five different types of cornmeal. We are only here for a couple of weeks, so I tried to be careful in what we selected. Haven't posted a recipe in a long time, here is a really easy one:

Trader Joe's Seafood Tortellini

1 package Trader Joe's Seafood Mix
1 jar Trader Joe's Marinara Pasta Sauce
1/3 jar Trader Giotto's Pesto alla Genovese (Basil Pesto)
2 Cups dry tortellini
2 stalks celery
Handful of Micro-carrots
1/3 Trader Joe's low sodium free range chicken stock (about 10 liquid ounces)
pre-ground garlic

Into a sauce pan, empty the pasta sauce, pesto, chicken stock, add a splash of red wine, garlic. Next chop the celery and add it to the stock as well as the seafood mix. About twelve minutes before serving add the tortellini and chopped carrots. I also add some oregano and thyme. As soon as the pasta is cooked, but still al dente, pull the food. If you think you have more food than you are going to eat in one sitting, you may want to serve in a flat pan so it cools fast, otherwise the pasta will turn to mush. When you serve as a leftover you will probably need to add some more tomato sauce.

[Monday, January 25, 2010] Fast and furious work day

Whew! Appointments running into still more appointments and you try to answer your email and make progress on projects as well. If you are a Cisco person, or hire Cisco people, you should know there has been a significant change in the CCNP, I give you the gist below, but here is a link to the full press release.

  • The previous version of the CCNP required four exams: BSCI, BCMSN, ONT and ISCW. The revised certification now requires three 120-minute exams:
    • ROUTE #642-902 Implementing Cisco IP Routing
    • SWITCH #642-813—Implementing Cisco IP Switched Networks
    • TSHOOT #642-832——Troubleshooting and Maintaining Cisco IP
  • The new CCNP courses and e-learning materials are available now. The exams will be available in March/April 2010.
  • CCNP is the second most popular Cisco Certification, after CCNA.

Rejoice with me! Kathy and I started our own investment program and I took a few of the suggestions from The Motley Fool Million Dollar Portfolio. Laugh all you want, but I checked on it last night and we had almost doubled our money including SNS (Steak and Shake) which the MDP had recommended selling since they felt it was overpriced. I sold almost everything last night and used the money to purchase bond funds, BND, HSTRX and TGMNX. I know people recommend buying actual bonds over bond funds and we did that with the European Investment Bank offering as well.

My last meeting today was the passing point study lessons learned for the GIAC GSLC certification. It used to be that we defined passing as 70% on all GIAC exams. However, ANSI 17024 says you have to define passing statistically. It was interesting once, I do not know that I would want to do it again, but you take the exam then you rank each question as to whether a minimally certified person that is a security manager would know that piece of information. It is all part of being ANSI certified, but very high concentration, detail oriented work, 60 minutes on the phone with the cream of the cybersecurity cult! These guys and gals are amazing. However, one thing Alan Paller trained me to do is always look for the metrics, you can't manage what you can't measure.

[Wednesday, January 27, 2010] Flying through the week

Yesterday I drove up to Fredericksburg VA to the SANS NOC. We are in the design phase for the next generation data center. Some really cool stuff like 10G networking and Dell BladesMWARE ESX everywhere. I took David to lunch at Romas Pizza 203 Lansdowne Rd. I had the Chicken Piccata and David has some sort of sub that looked big enough to feed an army. The chicken was good, but too salty, spent the rest of the day feeling dehydrated. On the way out, I noticed a local beer on tap, Fred Red Beer. David knew the guy behind the microbrewery and told me a bit of his story. Said his goal is to get the beer into every restaurant in Fredericksburg VA.

[Friday, January 29, 2010] Fabulous Friday

Drove up to the NOC again yesterday, so far the I95 gods have favored me and I have been able to travel smoothly. Took David to lunch again at Romas Pizza. Not a good experience, poor service, the roast beef sandwich was too salty. Will try to find an alternative going forward. Noticed two jobs for GIAC ( or other) certified people today. A Security Engineer in Falls Church VA and a web app security person. Is this a state change? Doesn't matter which security certification you have, but you need to have at least one? Will watch for that.

Jeff should be here in a few minutes and we are going to invest a few more hours in making the GSLC cert as high quality as possible. Please do not misread me, it is high quality, but the Pareto principle applies here. We have to put massive amounts of effort for every new increase in quality. However, the cool thing is that we are willing to do that.

[Saturday, January 30, 2010] Snowed in - Richmond VA

Whew, I like Hawaii better than Virginia. It has been snowing since 4 AM and it is still coming down. The kids next door came out an hour before to run around in the snow. A few four wheel drive vehicles have zipped by including one with a blinking yellow light, but no signage indicating it was state or county, and it went out of control on the turn and smacked the curb. Kathy is sleeping, I am catching up on some work. Made the Barilla whole wheat spaghetti for lunch with some scallops, that hit the spot and the pasta handles pretty good for whole wheat.

I listened to the President Obama Q&A with the house Republicans and then decided to re-visit to the State of the Union. I learned one thing that I did not know, the looming Medicare, Medicaid crisis. I was very surprised when I heard the President say that the looming Social Security crisis is manageable. Both the Republican gentleman who chairs the budget committee and President Obama seemed to agree that Medicare is a 30 trillion dollar looming issue. Heritage posted some stats back in 2004 based largely on the Prescription Drug act of 2003 saying that by 2019 Medicare would consume 24% of all federal taxes. Parapundit believes the liability is 60 trillion. Entrepreneur Magazine wrote an article tracking millions and then billions of cost shifts. Apparently the shift occurred in 2005, that the Medicare program cost more than the money deducted from paychecks of workers covered. I also think that President Obama is correct in addressing the mean spirit of Congress, that keeps both parties from helping the American people.

Why did I watch the State of the Union Again? President Obama's shot on the Supreme Court's lobbying decision is unprecedented. I surely do not know whether Obama or the Supreme Court is right, but this sounds like something we are going to need to track. I certainly do agree that we do not want foreign powers to be able to lobby US lawmakers, history shows very clearly they have a fondness for money, power and gifts that can exceed their fondness for doing the right thing for the people of the USA.

I am concerned the nation is headed for a train wreck. In addition to Social Security and Medicare, the national debt is out of control. And many uneducated people are going to believe this is the fault of Obama when the next election comes. If Voinovich had not broken ranks, the latest debt ceiling vote would have failed, according to, ""Republicans uniformly derided the bill, though they routinely supplied votes for eight previous increases totaling $5.4 trillion under President George W. Bush."" You can't blame democrats or republicans they are both equally guilty, but the people that are most at fault are the people over thirty years of age that know, or at least guess they are selling out the next generation, but as long as their Social Security check keeps coming, as long as they live longer than Medicare they do not care.

My Sony 1080p TV and Samsung BlueRay player from Crutchfield Electronics died tonight. They have a perfect record at this point. Every system I have purchased from Crutchfield has failed. Again and again. I do not blame them, I really do not, they host products from folks like Sony and Samsung. So this is some star crossed scenario and I have to give them credit for having customer support, I cannot imagine what it would be like to have the same system die if I bought it from Best Buy. That said, I am amazed at the failure rate. Both my Hawaii and Virginia systems from Crutchfield are down. And even when they replace for free, it is not free to diagnose the problem, send the part back, reinstall the new part. And please do not get me wrong, Crutchfield is not the culprit, I like Crutchfield, for the world to be better, Sony and Samsung need to deliver home electronics that actually work for more than four weeks, but what a hassle.

[Sunday, January 31, 2010] Digging Out of the Snow

Started shoveling at 9:30 A.M. Hunter got back from Church and helped a bit. Then when we were under control, we drove to Norma's. Oh my. She has a fairly long driveway and it is on a bit of a steep hill. Hunter and I started at the bottom and got up about ten feet. That way we were able to get the truck off the road. Hunter really dug in, he was just powering through the snow and I was concentrating on getting the packed snow and ice off the driveway. Glad we started when we did. At first we had some good sunshine, but when the sun was getting a bit lower in the sky the house next door was blocking it and the driveway was turning to ice. By then we were halfway up the driveway where the sun was still on it. When we made it to the garage which is flat we had to transfer the snow about fifteen feet. Then Hunter went into overdrive and he was literally throwing snow from the garage to the edge of the driveway. I kept concentrating on getting to bare driveway. I have blisters and I know I will be very sore tomorrow and my back can feel a bit abused, but the sun should make Norma's driveway drivable tomorrow.

Then we went to Avatar at Short Pump. I was so tired it felt great sitting in that comfortable chair. I loved the movie and we got to see it in 3D. We took Norma home and had a late supper.

[Monday, February 1, 2010] At work in Richmond VA

Pounded out the next ExecuBytes. Better late than later.

[Tuesday, February 2, 2010] Back up to Fredericksburg

I am working from the NOC today. Got a note from Kenneth Belva, he is starting a new blog, here is his note:

In addition to, I started a new writing venture at

The aim of my new blog is to have a running account of the life as an infosec professional. While has a serious tone, is more personal, casual in nature, covers the daily infosec grind as well as thoughts and ideas that have not been developed into full-length articles. So, it's more about things I come across rather than specific topics.

Please subscribe to my RSS feed (or newsletter) and my twitter stream. Here are the details:
RSS Feed:

If you have an RSS feed / twitter account you would like me to follow, please reply to this email with the words ""Follow Me"" in the subject and the relevant information. I'll be glad to put you in my RSS reader and follow you on twitter. Thanks for following me on and I sincerely hope you enjoy my new content on Any help announcing my new venture at to your constituents would be appreciated.

Left the NOC a bit early, the weather map looked scary, but things worked out. It was sleeting when we got back to Richmond, but it quickly turned to rain. Made a killer lasagna, the Walmart Supercenter here carries ground beef that is minimally processed and 96% fat free. It is a bit difficult to cook with that little fat, but I tossed in some sliced portabella mushrooms, garlic, and a jar of pasta sauce and big handful of parsley and that seemed to make things work out well. For the cheese section we had half a carton of cottage cheese, I added an egg, some Mozzarella and spinach. You have to be careful substituting cottage cheese for ricotta, it lets a lot of water loose as it cooks, but I cooked the lasagna noodles very al dente to compensate and they handled the liquid in the dish.

[Wednesday, February 3, 2010] Working in Richmond

I wanted to get caught up on email, especially the CDFS ( Forensics professionalization ) emails. So, I put a lot of focus on that. But I was taking a break looking at Twitter and I saw @UnitedAirlines posted about the coming storm and that you should check to see if your flight was canceled and that you could reschedule without penalty. I sent the URL to Diane who worked magic and got us moved up from Friday to Thursday. We had been planning to spend the evening with family, but instead our focus became packing and closing down the apartment.

We are also thinking about going solar in Richmond. The tax credits are attractive, who doesn't want to be green, but it is also a hedge against inflation. The company we think we are going with was willing to meet with us at 8 P.M. ( throwing in dinner did not hurt). Kathy wrote the check for the down payment so they could order the panels.

[Thursday, February 4, 2010] Heading back to Hawaii

James Limousine service arrived promptly at 4:45 A.M. The Richmond airport was easy to manage, there was no line at the United counter. We also breezed through security giving us time to get some food at Cheeseburger Cheeseburger, I had some Turkey sandwich on stale bread. If you are going to charge exorbitant prices for food, please supply decent food. We were on United Express 8006 and we scored exit row seats, the flight left on time, good thing, it was a tight connection. Twenty minutes later, we arrived at Dulles. We needed to go from the commuter plane part of the airport to C gates and this was my first time to ride the new trains. You used to pick up these really odd tall buses, but now they have trains like so many of the airports in Florida and we just had time to walk into the Red Carpet Lounge to get our tickets for the last leg, United could not print them in Richmond because of an aircraft change.

When we got to our gate they were already boarding. There must have been some sort of tour from China and there was a huge line, but we stepped onto the Red Carpet and they processed us right away. Since the tickets were changed yesterday, I did not expect to make business class, but we did and it was awesome. Flight 83 was what United calls a Premium 767, and we had the lay back seats. Oh happy me, I caught up on the three hours of sleep I missed getting up at 3:45 A.M. and then watched an interesting movie called Whipit about a girl coming of age by participating in a roller derby. The movie is not pretentious and I thoroughly enjoyed it. It was actually my second choice, I tried to watch The Fugitive first, but just could not get into the story even though I enjoyed it the first time I saw it.

We took off on time and landed at LAX with two hours to kill. We were in the 70s gates and decided to get a bite to eat in the food court. The salad and sandwich at La Brea Bakery caught Kathy's eye. I was a bit turned off by the prices, I had already had one $10.00 turkey sandwich so I waived off and went to the Mexican place, I think it is called Baja Salsa. I got the fish taco combo. I will warn you the fish is fried, but it was excellent, they have a tangy sauce they put on the tacos, and their spicy salsa doesn't burn, but you can certainly feel it.. I decided to get a press for my cast iron pan so I can easily make tacos at home. We headed to the Red Carpet Lounge to do email for an hour and then off to catch our plane, good old UA69, I have been on that flight a number of times.

It was a crew I have flown with before, a bunch of older, heavyset blondes that have had their sense of customer service jaded by the things they have been exposed to and the cutbacks United has made over the past few years. It was nothing horrible, little things like one flight attendant was trying to get a blanket for someone in the back and she was looking in the overhead bins and instead of positioning herself either in front of or in the rear of my seat she stood directly where I was sitting so her body was pressing on to mine, no big deal but it is an invasion of personal space. When they took the lunch order they got to us and said we have one Mahi Mahi and the other choice is Chicken. Again, no big deal, but you do not usually do that to a Hundred Thousand Mile flier, much less two of them seated together. I realize I must sound petty, but my job as your information security travel guide is to journal the changes in the world of travel. But, what was most interesting was the fake smile. Another customer picked up on it and mentioned her smile seemed permanant and she replied she had received surgery to keep her smile like the Joker. Wow! Again, nothing was horrible, but you can certainly see they do not fully enjoy their jobs.

[Friday, February 5, 2010] Back on Kauai

WoooHooo, it is great to be back on island. We woke up to see the sun rise from the ocean and then I made eggdrop oatmeal for breakfast.

Feta Eggdrop Oatmeal

Proper amount of water and oatmeal for the size dish you want to create, salt to taste ( remember feta cheese is salty, be conservative)
Spice with ground celery seed, ground fennel, black pepper, garlic is optional, not everyone appreciates it at breakfast
When the oatmeal is almost finished, drop an egg in and stir, be sure to break up the yolk, then drop a second egg
Just before serving, add a heaping tablespoon of feta cheese, stir once.

IP V4, IP V6

I recevied a note from Johannes Ullrich about IPv6 and IPv4 address space, I heard they had allocated Net 1, which is a strong indicator we are running out of address space:

Yes. running out of IPv4 addresses is the ""killer feature"" of IPv6. There are other features, but for most of them there are at least workarounds for IPv4 (e.g. ""Mobile IP"").

If and when we run out of IPv4 space is a big controversy. 90% of IPv4 space is assigned, and ARIN just started handing out addresses in which is a problematic netblock (frequently used in examples. When they first turned it on to test, they got a lot of junk due to default configured devices for or )

If you assume a linear model of IPv4 address exhaustion, we got 2 years left. But it is probably fair to assume that as the IPv4 address space becomes smaller, they are going to slow down allocation. Also, there are still a good number of those old /8's left that are assigned but not used. So, maybe it will last 4 years? But even if it lasts another 4 years, it is a difficult transition and one would hope that people about now start planning for it. Comcast will roll out IPv6 to cable modem customers later this year, YouTube started supporting it couple weeks ago, so it's on its way. And, a lot of people think they are not running IPv6 when they actually are. I teach a security class, IPv6 Essentials, that covers a lot of this.

SANS Bootcamp 2010

Once a year we run a conference bootcamp style. That means day sessions and night sessions. If you are limited to only one course per year, this may be the best use of your training dollar, it is additional training in the evening. You have to work harder, many of the courses run till 7 P.M. SANS Bootcamp runs April 6 - 13 at the Hyatt in Reston which is a great property.

[Monday, February 8, 2010] What a glorious weekend!

Glad we listened to @Unitedairlines and got off the mainland. I am suffering a bit of allergy from the VOG, but it is not terminal. Saturday I bought a Wii and two games, Sports Resort and Just Dance. took a bit of time to set it up, did not seem to be compatible with the 1080p Sony Bravia so we set it up in the exercise room. I guess it takes time to see if you are going to play with a new toy, but I am optimistic. I would like to get a Wii Balance Board at some point.

Yesterday after church, we harvested seedless lemons from the farm and while most people were watching SuperBowl 2010, we went swimming at Lydgate Park. I swam 9 laps with fins and a couple more without. This makes me feel much better; I think knowing that I did not have to be concerned with currents that sweep one out to sea like Little Curacao makes swimming in the ocean more enjoyable. There is still considerable plant matter in the floor of the lagoon and a lot of fish died from the flood of downed trees, but Lydgate is on the road to recovery.

Sarah Palin Watch

According to CNN, ""Former Alaska Gov. Sarah Palin says she would consider a run for president in 2012 if the situation was right for her family and the nation. In an interview recorded Saturday and broadcast on ""FOX News Sunday,"" Palin said she would run ""if I believed that that is the right thing to do for our country and for the Palin family."""" According to the NY Times, she is campaigning for Rick Perry in Houston, it will be interesting to see what the impact of that is. In other news, we learn yet again that if you live in a glass house don't throw stones, according to the Montreal Gazette, ""After joking that U.S. President Barack Obama was little more than a ""charismatic guy with a teleprompter"" during last weekend's Tea Party convention, the former Alaska governor was caught on camera peeking at crib notes scrawled on the palm of her hand to help answer audience questions. By Monday, Palin's 'palm points' video had gone viral on the Internet as critics cited them as evidence that the GOP's 2008 vice-presidential nominee remains unprepared for a 2012 White House bid."" Personally, we do not see anything wrong with using a Palm Pilot, but after claiming President Obama was nothing without a teleprompter, this is not ideal. Nevertheless, facts will not change anyone's mind. The people that love her will still love her and the people that don't still won't. It will be interesting to see how this plays out. Remember, our primary interest is to see what her Internet star power does for her career. So far she still seems to be in the national eye.

[Friday, February 12, 2010] Living on Kauai

Wednesday Kathy and I went to see Nine. The ad says if you liked Chicago, you will love Nine. Ha! We walked out in the middle of the movie. Star studded pointless film. Keep it. We ate at the Brick Oven, I love their Whole Wheat veggie pizza. The VOG is fairly bad on Kauai this week, but I have a nasal spray that is an antihisimine, Pantanase, and it keeps the VOG from bugging me. I don't like using allopathic medicine, but all the herbal stuff I tried didn't help. Really busy week at SANS.

[Monday, February 15, 2010] Still on Kauai

The trades are still absent, the good news is the ocean is still and great for boating. We had a big weekend. I finished the updates to Management 421 Leadership Competencies. What I finished doing last week was crosswalking the various government leadership competencies such as NIH, who have a great competency dictionary and Defense Logistics Agency. There are about a dozen of these posted on the web and easy to find. Of course, there are differences between them. But, it seemed like a good idea to find consensus to the extent possible. Leadership is fairly squishy, how do you define it? Our assertion is that leadership is defined by competencies or skills that are taught or reinforced in a number of ways in the program and many of them are taught in MGT 421 Leadership.

An example that you commonly find in most of these lists is the competency ""Leading Change"". Clearly, if you are a leader, you have to manage change so that makes sense. But each of these lists are different. How do we know that we have the right competencies for both the course and the college? Turns out, Dr. Ellen Joyce did her thesis on competencies and compared a number of companies and U.S. govt approaches and clearly invested a lot of effort into this. In addition to my own work, I took her comparison of the govt approaches and did a crosswalk between competencies at least two govt agencies have in common and the course, and added placeholders in my course for the ones we do not have. I had hoped to finish that part of the update last week, but ran out of time. So, I finally got it all finished on Saturday. Also, the last two times I have taught the leadership course, one thing that really bothered me is that the human nature section (Maslow, Herzberg, McGregor, Vroom) is taught at the end of the day; think it will flow better if we teach human nature first. That way the students have that information to build on as we hit the competencies. It is still a one day course, fairly packed, but a one day course.

After I turned my course in it was time to get ready to go to Gaylord's, the Willcox Foundation was putting on a fundraiser and being wise, they know food and wine are the heart of fundraisers. First course was Kabocha Pumpkin Ravioli with Chevre from Kunana Dairy, paired with Chardonnay from Freemark Abbey, Napa, 2007; the Ravioli was really my favorite course.

Next was a salad with fern shoots and heart of palm. I like the ""Backyard tangerine vinaigrette"" and think I will try to duplicate that. I did not think the dressing went well with the raw onions. This was paired with a Sauvignon Blanc, Matanzas Creek, Napa 2007. Interesting wine, but for the label you might think you were drinking a Chardonnay from New Zealand. They do a bit of the aging in oak barrels and I think that is a good move.

The main was Filet Mignon with a local prawn on top. It was tolerable after I dragged the meat out of the Hibiscus Demi Glace, it was sweet and did not work for me, but others seemed to like it. I will say the flavor of the miso-marinated prawn was pretty good. The wine was a Malbec, La Posta, Pizzella Family, Mendoza 2007. My favorite wine of the night, but I was the driver so I did not finish it, looking back, I should have taken one sip of the Chardonnay and called that done. Finally for dessert, Gaylord's Chocolate-Chocolate Bar, yummy! The dessert wine was a late harvest Roussanne, Bonny Doon, Monterey 2006, I only took one sip, and it was pleasant. The service at Gaylords was perfect and my son used to work there so a couple people came up to say hi.

Sunday, after church we went to the Valentines Day Croquet match, I did not win, but Kathy bats a mean ball. I read an analysis of Sarah Palin by Joe Klein that I think is fairly insightful. Here are two snippets: ""But I will not deride. Because brilliance must be respected, especially when it involves marketing in an era when image almost always passes for substance."" I tend to agree, she really is brilliant. ""Palin hits the same mystic chords as Clinton. A woman who goes to war against the 19-year-old boy who knocked up her daughter and then posed for Playgirl is far more comprehensible to most Americans than deficit spending is."" I visited her web page on Facebook, she has 1,370,344 fans. She also has 81,000 something people following her in Twitter, which may not sound like much but that is in only 3 months time. According to the Telegraph, McCain has asked her to help him campaign for his Senate seat. She apparently had a big weekend in Florida with some book signings, speeches and a trip to the Daytona 500. So, it is interesting to see how things are shaping up, one poll puts President Obama at 44% approval, another 51%. The Republican party really has some work to do, she is the biggest conservative star and yet one poll says 71% of Americans do not think she is qualified to be President.

[Tuesday, February 16, 2010] No wind, flat ocean Kauai

I wish the trades would come back, they have been gone the entire time I have been on island this time. The VOG now has stuff forming in my lungs, but the tradeoff is an incredibly flat ocean; what a day to go kayaking or spear fishing. I seem to be developing a drug resistance to the Pantanase already so it does not protect me from the VOG and need to take more of it, but I think it will get me through the rest of my time on Kauai. Went swimming yesterday at Lydgate Park. Forgot it was President's Day. The park was really crowded. Lydgate already has a problem with a high bacteria count, but if you pack the ocean with people, you know some of those folks are going to relieve themselves in the water, especially since the bathrooms at Lydgate are crowded and dirty. Also, there was something stinging in the water, but still got a twenty minute finning in, we didn't swim, it seemed prudent to keep our heads out of the water. We need to find a better place to go swimming today. Probably we will go in front of the Pono Kai Resort, there is no lifeguard, but we are two people and we will have fins. There is an area where you can do laps of about 300 yards where it is all sand, in lower tide you don't want to mess with reef.

SANS Boston is live as a web page. This will be August 2 - 8, 2010 and the Hyatt is an awesome location. I am the marketing chair so I need to make some noise about this event. The main talking points off the top of my head:

  • Top scoring instructors including three faculty fellows
  • August is the best month to visit Boston, it is warm and the flowers are blooming
  • The Hyatt is a fantastic conference hotel and the room price is a great deal
  • Internet access included in the hotel room rate
  • Location is next to Boston Common and Chinatown so the restaurants are plentiful and wonderful, try Shabu Zen, Peach Farm, UFood Grill, Durgin Park
  • Fanueil Hall is within a mile, this part of Boston is safe for walking at night

[Friday, February 19, 2010] Time on Kauai rapidly coming to a close

The weather is still crazy, still windy, very cool, lots of people running around in sweatshirts and the like. Another one of our home electronics that we purchased from Crutchfield died. I do not blame Crutchfield, we live close to the beach, but this was very high end stuff. Kathy and I have two new plans to get operational. One is to see if Apple makes a home entertainment system that uses an iPod, call me a Luddite, but that is not where my head is leaning. The other is just to buy a complete home entertainment system from Kmart, Walmart, or Costco and simply ditch it when it dies. My sense is that is the winning proposition.

Kathy and I had a lovely swim at the beach in front of Pono Kai. It was the oddest assortment of beach people I have seen in a long time, usually there are maybe two or three people on the entire section. Today, there was someone every 20 feet. And most of them were lovely women in their twenties; alone. We did have a classic multi-generation family and a wonderful lady in her sixties with a one piece racing suit and bathing cap who took her Australian Shepard swimming with her.

We had Steve Rex, Anna and Nathan over for dinner. I did a pupu plate with a Shrimp Burger and a piece of sea bass from New Zealand on top, smoked scallops from my Chimera, and mini Quesadillas. Then my mom brought up a green salad with pears. The first main was tortellini with lamb and a red wine reduction, the lamb was smoked over charcoal. We also had squash from our farm. Next a baked pasta dish; this was the highlight, I used spiced chicken and for the cheese chose the Dubliner, which Costco carries. For dessert we combined several fruits from the farm. It was good to spend some time with them.

[Monday, February 22, 2010] A fantastic weekend

Saturday, we went to Costco to get a video camera to do my Boston 2010 marketing chair stuff. I was going to get a flip, but the Canon was so much more advanced I changed up and got that. Later, got another great swim. We are going sailing tomorrow with Rudy and Shonda so I dropped by the store to get supplies to make lasagna. I am not going to bore you with a lasagna recipe, but where a lot of people go wrong is to use straight Ricotta Cheese. I mix it with eggs and I also spice it with garlic, black pepper, and basil, a considerable amount of basil, and I usually add some Romano Cheese. Make that part of the dish exciting and you will have a better lasagna. I also got a haircut. She cut off more than I wanted, but I look neat and I am headed for a military crowd shortly.

Sunday we went to church, Calvary Chapels teach through the Bible, they are not topical. We are on 1 Corinthians 7, marriage instructions and, well, to quote my mother, it was the most explicit sermon she had heard. I think Pastor Rex did it well, there are some areas that many people do not teach on that are very important. Teen age pregnancy or even post teen age pregnancy messes people's future up pretty drastically. Marriage is a huge decision and if you get it wrong, it will cost you. So, you need to lay it out. After church, we went sailing with Rudy and Shonda. What a great day. The ocean was flat, nobody got sick. Plenty of whales for everyone. Rudy now has a hydrophone so you can listen to them, that was fairly cool. There were lots of strong guys who knew something about sailing, I did nothing, not that I am strong or know anything about sailing. I got a little bit too much sun, but I am headed for the mainland and Germany, and it seemed OK. We did not anchor to have supper, so I gave Rudy the lasagna; I hope they enjoy it.

I fed my parents after we got home since we did not eat supper on the boat. I redid the leftover tortellini dish from Friday with some Ricotta and also Feta cheese. Also whipped up an Orange Chicken from the breast part of a Costco chicken. After dinner I slipped into the office for a peek at the unanswered email that came in over the weekend. I am very conscious I lead at least three lives. One is here on Kauai, I think it is the best life. Another is when we are in Richmond VA, we may not have the beach, but we have family and it is a good life. Finally there is the on-the-road life. It has some remarkable pluses too, but it is draining At this second, I am not looking forward to the next 30 day trip, but that will be the focus of the Information Security Travel Guide Edition 16.

I read a very interesting OP ED by Ron Fournier, titled: Analysis: Untruths have consequences in politics. Whether you lean Republican or Democrat, you do not want your vote to be based on lies and mistruths. Ron is fairly balanced; he shines his light of truth on both liberals and conservatives, but he nails Mitt Romney to the wall. Look, don't get mad at me, I am just the messenger, check the facts out for yourself, but if you decide Mr. Fournier is correct, do not vote for Romney, we do not need a pathological liar as President, fair enough? And to keep this balanced, President Obama has some explaining to do on whether or not we are still torturing captured prisoners. Let your yes mean yes and your no mean no; how much more simple can we make it? This blog will never ask you to choose Republican or Democrat, liberal or conservative, but I will ask you to vote responsibly. To go beyond the paid ads on television. Please take the time to read the OP ED. Please do a bit of research. And vote for the candidate or party or ideology you feel is best for the country, your state or county. Mr. Fournier makes the point very well that there is a price to lies as an individual or a party's approach to politics:

""Such distortion and dishonesty cause Americans to be increasingly skeptical of - even cynical about - their political institutions and leaders. Once people lose faith in the political system, they're less likely to vote, less willing to pay taxes to support government-run programs, less motivated to run for office themselves and - sociologists say - they're even less likely to get involved in their own communities.""

Monday after work we took a walk. I wish I had some way to describe what it was like. It was a very low tide, people were walking where you normally have to swim with spears looking for tako (octopus). A lot of the reef was exposed and the birds were enjoying an all-you-can-eat sashimi bar. The air was very clear and still. The humpback whales were leaping out of the water, Kathy and I watched them for over an hour and they were nonstop. I had worked very hard on Monday jamming out the Strategic Planning documents for the college, and it was nice to get a break. I really do lead several different lives, but the life I lead on Kauai is a very nice one. And with this, we close this edition of the infosec travel guide. See you on our next set of adventures.