14 Seconds

I'm still a nobody (so I don't really qualify for a full 15 seconds) but I've been getting some media hits lately. Everyone told me, and I believed them to a certain extent, that everything you say can be twisted. I've dealt with many people who do just that and I have always felt that the truth will surface no matter what. Truth is like data. It wants to be free.

I sincerely make every effort to be balanced in my statements/positions and always say the good with the bad. My personal belief is that there's always good to be found. At times when I can't see it immediately, I try to drop the ego or emotion and look a little deeper. Invariably, it's there. With this in mind, I decided to dust off my personal blog and use it as the future platform to correct any misstatements, quotes taken out of context or just add the "whole story" where necessary.

So, let me start with the recent set of articles about various SCADA security topics (http://goo.gl/Kty17http://goo.gl/KcvCh and http://goo.gl/txIDp). It is true, those statements are mine, and I did provide them in email interviews. They're actually pretty close to the mark, but I'd like to add a few of my other statements that were omitted, just for context...

"All of the above (and more) lead to a state where many are forced to operate with aging infrastructure extended beyond its lifespan. Note however, that many staff at municipal utilities are actually remarkably dedicated and resourceful people. They have to be, given the circumstances." 
"The threat is somewhat exaggerated, but it is still very real. The vulnerabilities are underestimated."

Please understand that I'm not casting aspersions on the Municipal Utilities of the world. Some are further along the security maturity path than others, but I have worked with many of them and I find them to be amazing people and amazing organizations.