Wednesday, August 8, 2012

The Agile Security Manifesto

I may have to break out my 'old man pants' on this blog post.

Awhile back, over on the Sourcefire corporate blog, we put out what we called the "Agile Security Manifesto".  A series of 12 or so blog posts that detailed what we (Sourcefire corporate) really meant by our Agile Security message.

When I started working with Snort, this would have been around 2001, I was in the military and I believed that what I was doing, protecting networks, was my little corner of the Army sphere.  I believed that my goal was to protect everything that I could the best that I could, and so I tried to use the tools and develop the methodologies that allowed me and my team to do that.  Here it is 2012, and I still believe that.

I read the blog posts that various people at Sourcefire wrote on the corporate blog and I liked them.  Heck, even Matt Olney liked them over on the VRT blog.  Anytime you can show the VRT something we can get behind, I'm betting 99.9 times out of 100, it isn't going to be tied to marketing.  But for Matt it was different, and it's different for me too.

Internally we put these twelve blog posts into a PDF and we sent it around for people to read and to share with people.  I asked our VP of Corporate Communications if I could put it out on the Snort blog.  Not behind a Marketing signup, just out there, free for download so that people could read what is so near and dear to the core of what and who Sourcefire is.

This PDF reads like a mission statement to me.  Even if people people aren't using our products, or even if people have no intention of buying our products, this PDF inspired me and makes me want to move forward and invent the next great thing.  It makes me want to dedicate time to making sure that my customers remain secure from as many threats as we can protect them from.

Tech people hate to be marketed to, they love a solution, they love an outlook, they like to believe there is a light at the end of the tunnel.  People generally want to be believe that what they are doing is making a difference.  At least I do.

When I write detection and the next day I receive a ton of feedback via support and email asking for feedback on some rule that I just wrote and shipped and suddenly is catching some new attack strain, I see the results of my work.  The VRT thrives on this.  We love to see that what we are doing isn't just going out into the ether.  We like to see what we are doing is making a difference.

This blog post series is what we are about, what we believe, and what we are striving for, and now, it's available for download here: