Well, my professor and friend Luis "Sucuri" Togno has done it again. With very little discretionary time on his hands, he has somehow managed to find time to help Brazilian Jiu-Jitsu practioners around the world by creating a YouTube channel which demonstrates world-class techniques. The Alliance of Charlotte channel can be found here.
For those in the Charlotte, NC area looking for a rewarding and challenging experience in martial arts, highly encourage you to consider Alliance. Alliance of Charlotte's website is located in the SouthPark area, over by Angry Ale's and The Press Box.
Even if you are unsure of whether the academy is right for you, Sucuri offers a 30-day free trial.
Sunday, December 14, 2008
Sunday, December 7, 2008
Tuscan Whole Milk
Quite possibly the best milk ever created. If you don't believe me, check out the Amazon.com reviews...
http://www.amazon.com/Tuscan-Whole-Milk-Gallon-128/dp/B00032G1S0
http://www.amazon.com/Tuscan-Whole-Milk-Gallon-128/dp/B00032G1S0
Monday, November 17, 2008
North Carolina BJJ State Championships
Over the weekend, Team Alliance participated in the North Carolina Brazilian Jiu-Jitsu State Championships. Overall, I think the team did pretty well, taking yet another State team title. One of the highlights of the tournament for me was when a Team Alliance member was down 6-0 in points with a minute left, when he pulled this gem of a move to submit his opponent:
It was the first time I had ever seen a flying triangle in real competition, and the circumstances by which it was executed was truly amazing. Congratulations to all of my teammates on an impressive display of skill and dedication.
It was the first time I had ever seen a flying triangle in real competition, and the circumstances by which it was executed was truly amazing. Congratulations to all of my teammates on an impressive display of skill and dedication.
Sunday, November 2, 2008
Good to Great?
It is truly going to be a sad day for many Circuit City employees around the United States, as Circuit City has apparently decided to close 155 stores and withdraw from 12 markets.
Recently, I completed reading the book Good to Great by Jim Collins. Between the time I began reading it, and tonight, I have seen several of the companies profiled in this book do a complete 180. Companies, such as Fannie Mae, Circuit City, Kroger, etc. were highlighted in Jim's books. Now, I am not questioning the power of the analysis of Jim's team, and the facts do not lie about their performance. The point I am trying to make is that something happened to these companies that made them stop being great.
Are we in an age whereby large, monolithic organizations can simply steamroll the competition? The images of Walmart, Best Buy, and Bank of America spreading their business model across the landscape like a swarm of locusts. Landing where they wish, devouring all of the vegetation, and leaving permanent scarring across rural America.
I am not naive, and I understand that at this point, cost is a very important consideration for consumers. However, it makes me wonder how much these monolithic organizations are capturing, compiling, and ultimately leaving vulnerable for hackers and other mal-intended organizations.
To put it in perspective, consider the role that Microsoft plays in the world of personal computing. From my perspective -- and for the sake of this argument -- Microsoft is playing the same role that a Walmart or Best Buy is playing. However, ironically as it sounds, we do not hear the same pleas for choice as we do when we think of retail organizations. There is an entire community of people that choose the open source community for their computing needs. While the attractiveness of low cost is one factor, this is not the true motivation for many of the open source projects out there.
I could go on and on about this topic, the social impacts of the "locust swarm"; however, what I am truly searching for is a follow up book from Jim Collins that takes the same approach as his book Good to Great to perform a post mortem on the original 11 companies to see how the leadership and management has changed.
Recently, I completed reading the book Good to Great by Jim Collins. Between the time I began reading it, and tonight, I have seen several of the companies profiled in this book do a complete 180. Companies, such as Fannie Mae, Circuit City, Kroger, etc. were highlighted in Jim's books. Now, I am not questioning the power of the analysis of Jim's team, and the facts do not lie about their performance. The point I am trying to make is that something happened to these companies that made them stop being great.
Are we in an age whereby large, monolithic organizations can simply steamroll the competition? The images of Walmart, Best Buy, and Bank of America spreading their business model across the landscape like a swarm of locusts. Landing where they wish, devouring all of the vegetation, and leaving permanent scarring across rural America.
I am not naive, and I understand that at this point, cost is a very important consideration for consumers. However, it makes me wonder how much these monolithic organizations are capturing, compiling, and ultimately leaving vulnerable for hackers and other mal-intended organizations.
To put it in perspective, consider the role that Microsoft plays in the world of personal computing. From my perspective -- and for the sake of this argument -- Microsoft is playing the same role that a Walmart or Best Buy is playing. However, ironically as it sounds, we do not hear the same pleas for choice as we do when we think of retail organizations. There is an entire community of people that choose the open source community for their computing needs. While the attractiveness of low cost is one factor, this is not the true motivation for many of the open source projects out there.
I could go on and on about this topic, the social impacts of the "locust swarm"; however, what I am truly searching for is a follow up book from Jim Collins that takes the same approach as his book Good to Great to perform a post mortem on the original 11 companies to see how the leadership and management has changed.
Tuesday, October 21, 2008
Training and Dinner With Carlson Gracie Jr.
I just got back from a training seminar led by 4th degree black belt and the "Prince of Jiu-Jitsu", Carlson Gracie Jr.. What an incredible experience and honor! The seminar brought out many students from different academies and several of Charlotte's finest law enforcement officers, most of whom train at Alliance Jiu-Jitsu of Charlotte.
Afterwords, I was invited by my professor, Luis "Sucuri" Togno to go to dinner with he and Carlson Jr. While much of the conversation was in Portuguese, I did have an opportunity to discuss a number of topics related to Jiu-Jitsu. In addition, Sucuri asked me if I would like to go to Brazil with some of the students next year to train. I suppose the hard work and dedication to the art is translating nicely for my instructor, and I truly appreciate what he has already done for me.
All I can say is that I continue to be pleased and excited about the whole experience. For those people who are seeking some solid, tangible real-world martial arts skills and live in Charlotte, I have nothing but positive things to say about Team Alliance of Charlotte, and would highly encourage you to give it a try.
So for those people that are curious how BJJ relates to the security world, let me quickly summarize why I think my experiences in BJJ is relevant to the security world:
BJJ is a gentle art of fighting, and while books like Sun Tzu's Art of War draw parallels to business, management, etc., BJJ is all about leveraging your knowledge with the least amount of perceived effort. I have witnessed first hand the seemingly impossible odds of a 150-pound fighter tear into someone with 50 to 60 pounds. Initially, with a wrestling background, I thought I could outmuscle my training opponents. In the security world, it is not the one that has the high-tech technology running on autopilot that defends the shareholder value, it is the one that has the ability to effortlessly transition from "move to move", a concept known as Defense in Depth. As an ethical hacker, I have been able to circumvent my client's perimeters protected by large, expensive systems, and I have been halted by some inexpensive, modular systems. Therefore, it is all about the leverage, not the muscle in many situations.
I hope the readers of this blog will bear with me when I seemingly go on these tangents. While my primary purpose for blogging is to educate readers regarding information security and technology, it is important to note that we draw conclusions as a result of the culmination of our life's experiences. There will be plenty of time for straight security talk, and I promise I will try to keep the tangents to a minimum, or at least draw the parallels to the spirit of this blog.
Best Regards...
Afterwords, I was invited by my professor, Luis "Sucuri" Togno to go to dinner with he and Carlson Jr. While much of the conversation was in Portuguese, I did have an opportunity to discuss a number of topics related to Jiu-Jitsu. In addition, Sucuri asked me if I would like to go to Brazil with some of the students next year to train. I suppose the hard work and dedication to the art is translating nicely for my instructor, and I truly appreciate what he has already done for me.
All I can say is that I continue to be pleased and excited about the whole experience. For those people who are seeking some solid, tangible real-world martial arts skills and live in Charlotte, I have nothing but positive things to say about Team Alliance of Charlotte, and would highly encourage you to give it a try.
So for those people that are curious how BJJ relates to the security world, let me quickly summarize why I think my experiences in BJJ is relevant to the security world:
BJJ is a gentle art of fighting, and while books like Sun Tzu's Art of War draw parallels to business, management, etc., BJJ is all about leveraging your knowledge with the least amount of perceived effort. I have witnessed first hand the seemingly impossible odds of a 150-pound fighter tear into someone with 50 to 60 pounds. Initially, with a wrestling background, I thought I could outmuscle my training opponents. In the security world, it is not the one that has the high-tech technology running on autopilot that defends the shareholder value, it is the one that has the ability to effortlessly transition from "move to move", a concept known as Defense in Depth. As an ethical hacker, I have been able to circumvent my client's perimeters protected by large, expensive systems, and I have been halted by some inexpensive, modular systems. Therefore, it is all about the leverage, not the muscle in many situations.
I hope the readers of this blog will bear with me when I seemingly go on these tangents. While my primary purpose for blogging is to educate readers regarding information security and technology, it is important to note that we draw conclusions as a result of the culmination of our life's experiences. There will be plenty of time for straight security talk, and I promise I will try to keep the tangents to a minimum, or at least draw the parallels to the spirit of this blog.
Best Regards...
Monday, October 20, 2008
Acronym Soup In Security Certifications
A few weeks ago, Shon Harris asked the White Hat Hacking group to comment on the state of the industry from a certification perspective, and in particular, how fractured the industry is with respects to certification bodies (including vendor-neutral versus vendor-heavy).
Here is the snip of my response at the time:
I wanted to throw it out to a wider audience to get some additional perspectives on the whole notion of requiring mentoring, teaching, or volunteer work as a condition of a security credential. It is one thing to have a bunch of acronyms after one's name, and I am not trying to diminish the accomplishments of those that are dedicated enough to obtain many certifications or advance their careers.
However, how would hiring managers feel about the merits of a technical certification(s), versus a more rounded certification which included charity work as a prerequisite?
I would love to hear opinions on this one.
Here is the snip of my response at the time:
Actually, I am skeptical that we will ever have a certification track that will effectively capture the industry. As you mention, vendor-concentrated certifications demonstrate knowledge on a particular platform or product; however, in my opinion, information security is so fluid and nebulous that it is similiar to trying to have an intelligence (adjective, not noun) certification.
From a personal perspective, I have always found it more impressive if someone can teach as well as simply speak facts. Therefore, I would hope that a measure of a practitioner's value to an organization could be viewed, not by a single or suite of certifications, but rather the lifelong pursuit of the advancement of the profession. I think there is a very good parallel to this in practice throughout history today with the various martial arts.
I think ISC(2) and others have dabbled in this approach, but in my opinion, it needs to be refined. If I was holding the "magic wand", I would suggest that everyone study, teach, and contribute to the community through volunteering or charitable contributions to maintain a credential. Ultimately, I believe this would do more for the industry than any certification can provide alone.
Thoughts?
I wanted to throw it out to a wider audience to get some additional perspectives on the whole notion of requiring mentoring, teaching, or volunteer work as a condition of a security credential. It is one thing to have a bunch of acronyms after one's name, and I am not trying to diminish the accomplishments of those that are dedicated enough to obtain many certifications or advance their careers.
However, how would hiring managers feel about the merits of a technical certification(s), versus a more rounded certification which included charity work as a prerequisite?
I would love to hear opinions on this one.
Saturday, October 18, 2008
Is the Election Over Yet?
Without publicly leaning to the left or right, I have to be honest.... I am through with the political advertisements for this election cycle. Everywhere I turn, it is smear and boast, smear and boast. Print ads, radio spots, and television commercials: media overload! There is even a 30-minute infomercial from one of the candidates! I am wondering if these candidates are taking cues from Billy Mays and Tony Little ("YEAH, BABY!")
. Unfortunately, these "in-your-face" ads are effective to a certain degree, which is why they continue en masse.
Would I feel any better if the candidates focused on the issues... I mean REALLY focused on the issues? Probably not. In my opinion, there is no substitute to solid research undertaken in the privacy and comfort of one's own home. Let me draw my own conclusions. Steer me... Yes, preach to me... not so much.
Subscribe to:
Posts (Atom)
Posts
