herrman_sk

jerry , 16 hours ago to random

Today is my last day at IBM.

I joined Netrex in February 1999 as a Unix admin

In late 1999 Internet Security Security Systems bought Netrex, largely for its managed services business.

In October 2006, when I was the director of IT, IBM bought ISS largely for its managed services business.

I was given lots of opportunities at IBM. Twice I found myself in the wrong place at the wrong time and was on a list to be let go, but other parts of IBM decided to pick me up. I once resigned to take a job at Deloitte, and at the time my manager told me that didn’t work for anyone and made it worth my while to stay. For many years, I led an incident response function for the strategic outsourcing business, which was later spun off to be what is now Kyndryl. I learned a LOT. I learned so much, in fact, that I decided to start a podcast in 2012, partly to make myself smarter, and partly in hopes that I could help the industry avoid the mistakes I was seeing our clients make on a near daily basis. I have deep scars from all the big security events of the 2010’s - heartbleed, shellshock, wannacry, notpetya, and many others.

In 2019, I was leading an internal practice around cyber regulations (in addition to the IR role) and ended up helping the cloud business out of a sticky situation. Unbeknownst to me, cloud had been looking to replace their CISO, and in March 2020, they offered me the job. My first big test was leading Cloud through Covid.

I had the extreme privilege to lead a team of 184 remarkably talented professionals. We did some cool things, but I regret the long list of things that didn’t get done.

As well published in the news, IBM took a hard line on return to office, particularly for executives. They gave people like me a choice: relocate to a key site (Atlanta was not one of them) and work from the office 3 days a week (with tight attendance tracking), or be let go. I have been working from home full time since shortly after IBM bought ISS in 2006 - nearly 18 years. I spend about 1/3 of my time at my beach place, which I was not willing to part with. Plus, I fundamentally disagree with the return to office approach and with how people have been treated, so I opted to “let it happen”, and so today is the day IBM terminates me.

I’ve saved up enough money that I can take a break for a while. It’s been 32 years since I’ve had more than a week off work, and at least 20 since I’ve had any sort of vacation that wasn’t disrupted by urgent meetings, crises, and so on. I’m going to spend some time with my family, especially my extremely patient wife, in ways that I haven’t been able to.

I have a very long list of things I’ll be doing during this downtime. I intend to get back into podcasting; I am going to write some including maybe a book; I am going to focus more on the fediverse instances I manage to ensure they are enduring; I am going to way too many baseball games with my wife (she is a mega baseball fan); and I am going to take way too many pictures and hopefully find some creative ways to make money with those pics.

TL;DR: today is the end of a long journey for me, and the start of a new one. And it’s a good day.

jerry , 1 day ago to random

My manager had a regularly scheduled all hands meeting, which included a lot of people. He ambushed me (in a good way) with a tribute to me. It started out with the intro music to the def sec podcast and a slide with some funny things I instituted/commonly said at work. There was a parade of people saying nice things and then he asked me to say some words. I held it together for about 30 seconds and then, me an oversized, over the hill seasoned vice president of a Fortune 500 company, broke down crying in front of several hundred people.

Anyhow, I hope your Thursday is good.

jerry , 3 days ago to random

I’ve had the privilege of meeting face to face with leaders on my team this week - they travelled in from all over for a final meeting before I leave. I’ve never met several of them in person.

I have to say that if I had the chance to work in an office with these people, I’d do it in a second. (I am getting the boot for not wanting to relocate and work out of an office full time, so this is a little painful to say)

herrman_sk , 6 days ago to random

RIP Ginger... This is the most sad #caturday of them all. 😿

jerry , 19 days ago to random

Looks like Infosec.exchange blew past the 3 million post mark this weekend. The number of active users is going down, but the people here are still quite active ❤️

jerry , 21 days ago to random

I wonder how many security programs are designed around meeting the expectation of auditors, vs designed to protect the environment which is then inspected by auditors 🤔

jerry , 1 month ago to random

I get 1password from from work... now that I am being kicked out, I need to figure out if I want to stay with 1Password... (and pay for it) 🤔

herrman_sk , 1 month ago to random

Hello hive mind of the fediverse...

As #Drupal7 is going to definitely die soon, I'm looking for simple and #secure blogging system to replace it and to host my #blog. After those years I see a plethora of #PHP based options.

As I've realised #Drupal/#WordPress grade #CMS is an overkill for my needs, it can be something more simple, less complex. Wysiwyg editor and automatic updates possibilities would be more than enough...

What are your favourite solutions?

pluralistic , 3 months ago to random

Another characteristically brilliant Kashmir Hill story for The New York Times reveals another characteristically terrible fact about modern life: your car secretly records fine-grained telemetry about your driving and sells it to data-brokers, who sell it to insurers, who use it as a pretext to gouge you on premiums:

https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html

1/