We did it. We beat the Mayans. Welcome to 2013.
Read less, do more. That is my New Year’s Resolution. It might sound cynical or uninformed. After all, a good book can tell you a good deal about anything. Moreover, I have been and continue to be a proponent of continued learning. And yet I think it is time to put down the books and get to work.
There are many reasons.
The first reason is the wide gulf between reading about a thing and doing a thing. That first dawned on me while shivering in the mountains, wearing wet clothes and lacking sufficient food. Hey, I read about hiking! Why is this so hard? A more recent example was an OWASP hacker challenge that I completed on cross-site scripting. I read about cross-site-scripting. I know this. It took me three hours. I mentioned it to the founder of OWASP Detroit who, after much prodding, revealed how long it took him. Five minutes. The difference between doing and reading is wide and deep.
The second reason is found in the old saying: writers write. They don’t read books about writing. They don’t attend workshops about writing. They don’t talk about writing. You can readily identify a group of people in writing or any field who are procrastinating by reading, talking, planning, preparing. But not doing. Writers write. Coders code. Security professionals secure.
I have therefore queued up some exciting projects for this year. (Read that Wolfgang exciting, not normal exciting, which is an entirely different form of excitement.)
Professionally, my team and I are architecting and purchasing equipment for our third generation of private cloud computing. We are also revamping our business intelligence platform and adding self-service features.
Personally, I have two development projects in the queue. I released #incog last year for covert channels and steganography. This year, I will release an update adding new channels and a PowerShell interface. I am also working on a hacker capture-the-flag toolset called Botori. I plan to release Botori mid-year along with several example CTF challenges.
Collaboratively, I have been invited to work on the PoshSec project. PoshSec is a PowerShell Information Security project started by Will Steele, who sadly passed away this past Christmas from terminal cancer. The project lead is Matt Johnson, and other members of the team include Rich Cassara. I look forward to working with these sharp people and contributing to Will Steele’s legacy.
As I said, I will be doing more in 2013. There is lots to do and little time. But before wrapping up this article, let’s take a look back.
2012: A Year in Review
- This blog celebrated its tenth anniversary. The website saw its highest readership to date: 35,361 unique visitors and 46,853 page views in 2012.
- I did two case studies: a Microsoft case study on my firm’s second generation private cloud, and another case study on our new reporting SaaS.
- I was mentioned in the press a few times on topics like cloud computing, risk management, and DevOps.
- I spoke at a few different conferences and user groups on topics like — you guessed it! — cloud computing, risk management, and DevOps. I also did a handful of talks on covert channels and steganography.
- I volunteered for BSides Detroit and collaborated on everything from sponsors to speakers, as well as recording a 23-episode podcast series for the conference.
- I was recognized with an InfoWorld 2012 Technology Leadership Award for my firm’s private cloud and DevOps initiatives.
- And I read a lot of books.
Done. Now, onward!