From the “Sucks To Be Me” Department…
Based upon feedback from attendees at Blackhat, my talk, "The Four Horsemen of the
Virtualization Security Apocalypse," went over well and I really had a lot of
fun delivering it. It’s had a TON of coverage.
Despite the positive feedback from folks, it seems the foreboding narrative of the apocalypse has carried over into the real world due to a rather unfortunate journalistic misinterpretation of the facts.
It’s only fair to state that I have been critical in the past of others in our line of work who have complained of their inability to control the output of their direct interviews with the press and analysts as misquotes and misunderstandings arise.
Perhaps this is a little karmic payback for my outspokenness, as after my talk at Blackhat, I have now enjoyed the fruits of journalistic distortion firsthand. It’s important to note that this was not the result of a direct interview, but rather the inaccurate reporting of a reporter sitting in the audience of my talk. I was never contacted with questions or asked for clarification or review.
Many of the points I made in my presentation were reflected upon poorly and my perspective butchered, but one specific item is causing me some serious grief in a professional capacity. It cast a rather crappy pall on the rest of my Blackhat and Defcon experience (more on that later.)
One of the "Four Horsemen" which represents a critical issue in virtualization security is that of the hidden costs involved in virtualizing security. The point I made, and the language I used to consistently describe it multiple times appears below:
To be perfectly clear, what I obviously said was that "virtualizing security will not save you money, it will cost you more."
What Ellen Messmer reported in her Network World article was that I said "Virtualization will not save you money, it will cost you more.”
Now, this may not seem like much of a difference, but it’s a profoundly impacting dissimilarity.
It’s a dangerous rephrase that has now caused significant pain for me that I’m going to have to deal with once I return from vacation. It’s been picked up and re-printed/adapted so many times without validation that I can’t keep count any longer.
You see, I work as the security architect for the division of a company who is maniacally focused on designing, deploying and supporting heavily-virtualized realtime infrastructure for our customers. One of the (obvious) value propositions of virtualization/RTI is cost savings/reduction/avoidance which I specifically referenced during my presentation as a well-established fact and reasonable motivation for virtualization.
You can probably imagine the surprise of folks when they read Ellen’s article which is written in a way that directly contradicts our corporate messaging and the value proposition offered to our clients. It reflects rather poorly on me and my company.
And just to be clear, my scorn was not directed at the "network industry" or the "virtualization industry" as reported in the article; the context of my entire talk was the security industry, a point sorely missed.
This article reads like the output result of a bad game of "telephone."
I intend to contact Ellen Messmer and ask for a retraction as well as corrections of multiple other mistakes in the article, but as we all know, there’s no real retraction on the Internet. All I can offer is my presentation, the video recording of it and the recollection of the 500+ others that were in the audience when I presented (including numerous other reporters.)
The only other thing left to do is to sheepishly admit that despite the fact that this was not an interview that I or anyone else could control or influence for correctness, Joanna Rutkowska was essentially correct in her assertion during our last debate that you cannot control the press, despite best efforts.
Even though I’ve never had a problem of this degree in the almost 15 years of doing this sort of thing, I humbly submit to her on that point.
/Hoff
Ouch, that is one hell of a misquote. Amazing what one word can do.
Welcome to the real world =)
Also can you send me your slides or post them – sadly I was stuck in a monsoon during BH
Hi Christofer — my name's Angela Gunn and I write for Computerworld, one of Network World's sister publications. (I'm also the person who grabbed a copy of the NWW story for use on our site.) I've gotten in touch with Ellen and the other writers bylined on that piece and I'm hoping to hear back from them soon; it can't turn back time (and I apologize for getting a Cher song stuck in your head now, on top of everything else) but let's see if the situation can be improved…
Thanks, Angela. I'm currently at Universal Studios being attacked by a shark, abused by flesh-eating scarab beetles, and being extorted for $6 sodas…just like at Blackhat 😉 I thank you for your efforts and hope that Ellen or her editors will reach out to me as I'm not in a position to hunt for her contact info.
Hoff
Man, she needs to fix that obvious a discrepancy. Network World is normally very very stand-up about that type of thing so I doubt you will have a problem.
Keep us posted and when they do retract it or change it, it might make sense to leave the misquote as is with a strike-through with the retraction put right in front of or beside it in a different bolder font. That way when things get linked ad nauseam that pops right up along with the problem text. In your case a straight retraction may work though because your issue is more customer-focused and you may just need to point to the corrected passage.
–D
Man, she needs to fix that obvious a discrepancy. Network World is normally very very stand-up about that type of thing so I doubt you will have a problem.
Keep us posted and when they do retract it or change it, it might make sense to leave the misquote as is with a strike-through with the retraction put right in front of or beside it in a different bolder font. That way when things get linked ad nauseam that pops right up along with the problem text. In your case a straight retraction may work though because your issue is more customer-focused and you may just need to point to the corrected passage.
–D
Hoff,
My condolences for this unfortunate situation. I'm afraid the "free press" in this day and time is more about ratings than accuracy. Plus, there are far to many non-technical reporter types covering non-technical events now.
And there is always the possibility our reporter in question just didn't care.
JamesNT