Tuesday, December 20, 2011

Blog Roll 2011

It’s that time of year when we gift and re-gift.  And the perfect opportunity to re-post, re-purpose and re-use my 2011 blog entries.  If you missed any of the approximately 50 blogs, 11 audio whitepapers or 47 videos, here they are wrapped in one simple entry.  I read somewhere that lists in blogs are good. 

Have a Safe and Happy New Year.

And a couple special holiday themed entries from years past.


Technorati Tags: blog, social media, 2011, f5, statistics, big-ip, web traffic, digital media, mobile device, analytics, video

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Thursday, December 15, 2011

F5 Security Vignette Series

Over the last couple weeks, we’ve been rolling out a series of short Security Vignette videos about various IT security challenges.  We’ve posted them to the F5News blog account but also wanted to share in case you missed them.  If we were going to sum up the role of security in corporate IT today we'd have to say it's to "be prepared." This series looks at many of those security concerns which can be addressed proactively, before they are exploited or become a fire drill.

  • clip_image002 F5 Security Vignette: Proactive Security - The F5 Security Vignette series looks at various security concerns, vulnerabilities and attacks which can cause headaches for Corporate IT and the business integrity overall. This video covers SSL Certificates.
  • clip_image002[1] F5 Security Vignette: DNSSEC Wrapping - The dirty little secret of the Internet is how insecure DNS really is. The good news is, there's a solution -- DNSSEC. It secures the DNS query and response process.
  • clip_image002[2] F5 Security Vignette: Hacktivism Attack – DDoS and other targeted attacks.
  • clip_image002[3] F5 Security Vignette: SSL Renegotiation - The premise of the SSL Renegotiation DOS attack is simple: "An SSL/TLS handshake requires at least 10 times more processing power on the server than on the client". If a client machine and server machine were equal in RSA processing power, the client could overwhelm the server by sending ten times as many SSL handshake requests as the server could service. The counter measure against the attacks was to write an iRule to limit renegotiation requests to 5 per minute per session.
  • clip_image002[4] F5 Security Vignette: Credit Card iRule - The consequences of exposing hundreds of thousands of customer credit card numbers is unthinkable. Fines, lawsuits, damaged brand -- the effects can be catastrophic. Even if it was accidental, the effect would be the same.
  • clip_image002[5] F5 Security Vignette: Apache HTTP RANGE Vulnerability - When we hear about an Apache vulnerability, it gets our attention. In this case the issue was the way Apache handles HTTP RANGE headers, which are used to request individual sub-ranges of a given response, instead of the entire response. The problem is that responding to an HTTP RANGE request is computationally expensive. A simple iRule fixes this.
  • clip_image002[5] F5 Security Vignette: iHealth - Security is a never ending battle. The bad guys advance, we counter, they cross over ... you're just never done.  To give our side an edge we do a lot of research.
  • clip_image004 Security is our Job
  • clip_image006  F5 YouTube Feed


Technorati Tags: F5, cyber security, predictions, 2012, Pete Silva, security, mobile, vulnerabilities, crime, social media, hacks, internet, identity theft, F5 News, security, web application security, apache, HTTP, threat mitigation, video

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Monday, December 12, 2011

2012 IT Staffing Crisis?

After just proclaiming, a mere four days ago in The Top 10, Top Predictions for 2012, that I wouldn’t predict anything for 2012 and simply would repurpose other’s predictions, I offer this prognosis.

An area I have been thinking about recently is the availability of IT personnel, or lack thereof in 2012.  It began with a conversation with a F5 colleague and a simple premise:  Information Technology personnel seem to be in demand.  We have read stories to this effect, and even anecdotally realized that times are not that bad for IT careers, despite the financial crisis. Sure, many were laid off from failing startups or collapsing banks a couple years ago, but many seemed to get new jobs rather quickly, and many of us get a few job solicitations every month.

In researching the real statistics on IT unemployment (from Help Desk to System Admins to Developers to Business Analysts), we realized how much of an understatement the premise was:

Dice.com, May, 2011:  3.8% IT unemployment - 65% of hiring managers anticipated hiring more technology professions in 2H 2011, and 49% said they were paying more in salary this year than last year.

Bureau of Labor Statistics, June 2011: 3.3% IT unemployment – Expects IT employment to grow ‘much faster than the average of all occupations’ through 2018. 

Bureau of Labor Statistics, July 9th, 2011: 3.3% IT unemployment - Information Security Analyst unemployment: ZERO.  Network Architect unemployment:  0.2%

Consider that the economy has not really recovered from the crash, and that many companies downsized or went out of business altogether.  5% unemployment is generally considered to be "full employment"; 3.3% is typically unhealthy for business growth.  When our economy gets through this difficult period, where are companies going to find IT workers?  But more specific, what does this mean? 

I think that operating expenses is going to be an increasingly difficult problem for everyone, in every industry.  Besides paying serious money to lure IT people away from other companies, employers are going to start paying serious money to protect the IT resources they already have.  When you are an IT manager, every system you consider for implementation has two costs – the upfront cost, and how much of a resource it will take to manage it, the classic CapEx and OpEx.  If you produce a solution that does not require additional headcount to manage, or actually reduces headcount, you can save OpEx for a lot of companies.  Even if ProductX costs $100k, that's only the price of one IT guy for one year.  And that price is going up day by day.

iApps in BIG-IP v11 is a great step toward reducing OpEx, and evening the bar of who and what knowledge is needed to deploy our solution.  Evening the bar of what skill set is needed is vitally important, because most companies can at least find some System Admins (2.8% unemployment) but may not find a Network Architect or InfoSec guy to implement the apps on the BIG-IP.  The WhiteHat integration with BIG-IP ASM is similarly great, especially to those who implement the solution.   Many organizations are unable to devote enough resources to managing a WAF, plus they can't find the InfoSec personnel anyway since their unemployment rate is ZERO and has been for a few years.  The integration allows those with minimal security experience the ability to build a solid web application security policy.  Often, simply feeling comfortable with an appliance is all that’s needed for IT staff to give it attention.

The coming or currently unfolding (?) IT HR crisis will matter to many organizations over the next few years.  Interestingly, while I was writing this, a tweet arrived asking, @wimremes: random thought : do you (still) rely on recruiters or do you use your own network to find the right people for a job?’  I’m really not sure exactly how it will play out but simply something to think about.



Technorati Tags: F5, cyber security, predictions, 2012, Pete Silva, security, mobile, labor, jobs, social media, staffing, employment, internet, identity theft

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Thursday, December 8, 2011

The Top 10, Top Predictions for 2012

Around this time of year, almost everyone and their brother put out their annual predictions for the coming year.  So instead of coming up with my own, I figured I’d simply regurgitate what many others are expecting to happen. 

Certainly not an exhaustive list of all the various 2012 predictions including the doomsday and non-doomsday claims but a good swath of what the experts believe is coming.  Wonder if anyone predicted that Targeted attacks increased four-fold in 2011.


Technorati Tags: F5, cyber security, predictions, 2012, Pete Silva, security, mobile, vulnerabilities, crime, social media, hacks, the tube, internet, identity theft

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Wednesday, December 7, 2011

Pearl Harbor, Punchbowl and my Grandparents

(Originally posted December 07, 2009)

In honor of Pearl Harbor day, I want to share a bit of history you might not know about.  This has nothing to do with technology, security or our awesome BIG-IP solutions but felt compelled to honor both my grandparents and service men/women everywhere today.  I am Hawaiian (1/8th, direct from Kekaulike line), was born there and most of my ancestors lived there while it was still a Monarchy.  My great(s) and present grandparents all were born and raised and some witnessed the destruction that day.  A shell even landed in my grandmother’s backyard while they were at church that Sunday!  Both my grandfathers played a significant role in the days and weeks following the bombing.  One of my grandfathers was a carpenter and lived in Pauoa Valley (O’ahu) which is situated right next to Punchbowl, National Cemetery of the Pacific.  While many equate Honolulu with Diamond Head (or Leahi – Brow of the Tuna – to Hawaiians), Punchbowl is also an old volcano crater that helped create the island.  When my grandfather was a kid they used to play there and he spoke of many fun times running around inside Punchbowl as a youngster. 

600_full_punchbowl1 When Pearl Harbor was hit, many locals were called (and wanted) to help, as you can imagine.  As my grandfather tells it, they needed a place to temporarily put those who had died and Punchbowl was both the closest (about 15 miles), had the space and was known as the ‘Hill of Sacrifice’ to the ancient Hawaiians so it had historical significance.  Being a carpenter and living less than a mile from Punchbowl, he was part of the team that built the wooden caskets for the fallen.  As the days went on and suitable re-locations were not available, they decided to start properly laying to rest those who had perished – right there at Punchbowl, including an uncle of mine.  The Pearl Harbor victims were among the first to be buried there, 776 of them.  About 8 years later, they officially dedicated it as the National Memorial Cemetery of the Pacific – it’s the Arlington for the Pacific Fleet.  Those who have served in the Pacific Fleet actually have their choice of Virginia or Hawaii as their final resting place, as I understand.

My other grandfather, who happened to be a Honolulu Detective at the time, was born in Yokohama (although not Japanese) and had learned Japanese while attending school there.  He moved to the Hawaiian Islands with his parents when he was still a teenager and grew up on the Big Island.  Since he understood Japanese, the US Government had him guard the Japanese consulate when the US declared war.  He really didn’t like the assignment since he had become friends with staff due to being a local police officer and had fond memories of being Japan.  After the attack, there were curfews and blackouts, and my grandfather had to make sure there was still a little illumination but nothing too bright at the consulate.  One evening as he was coving an exposed light bulb with a mimeograph carbon copy he pulled from the garbage, he noticed the backwards Japanese characters of a letter.  As he looked closer, it contained information of about the locations of ships and other munitions stationed at Pearl Harbor, which became a key piece of evidence as they started to piece together what happened.

As the years roll on and those who witnessed the Pearl Harbor attack become memories themselves, I offer these few short stories to the great Internet to file, store and recall whenever someone wonders about all the little back stories of this significant event in our history.


Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]