An Armored Penguin

There are two kinds of Information Security programs:

(1) Fascist infosecurity department with an "independent reporting sturture", responsible and responding to nobody, disseminating timely shiny reporting of a provably secure infrastructure...that can't actually allow anything to get done.

(2) A pile of folklore that passes for a security policy, gathering mold in the corner of a LAN closet, warmed by the exhaust of a pimped over server busily slinging bot spam.

You, flast, first.last, or fmlast, whatever your uname may be, are born and will die under a name granted according to a convention determined by a practitioner of this art, if not outright named by that same person. Everything in between is, or is not, under their control. You may either chafe under the misery of a meager existence provided by a gestapo, or be blissfully ignorant of your imminent death at some hippie camp. The only middle ground must be a DMZ. But that's an exception by definition, not a lifestyle.

Somewhere between them, sometimes, there is a happy place where people do all the things they need to get their jobs done, in a harbor of actual safety. If any endeavor has a zeitgeist, a QWAN, a zen, a je ne sais quoi, it is the craft of an Information Security Program. It's as exactingly rational, and indeterminately probabilistic, as the place between quantum mechanics and classical physics.

In this land, people are born according to that Way. And birds are impervious. My friend Bradley lives there. I hereby invite you to tune your browser to the crackle of his dispatches from this faraway land.

Almost live. From God's Country. It's the Armored Penguin.