Okay, "cure" might be a bit optimistic, but permit me to relate to you the events of the last two days:
I took my family out to Old Chicago. Now, I have not been avoiding restaurants which have hot food because I don't ever want to be "that person". You know, the one where you have to watch what you serve because he doesn't eat fish (which I don't), doesn't eat Chinese (which I don't), doesn't eat meat (which I do!), or has some other dietary restrictions which always seem to be imposed on those around him.
Buuuut, after trying to get my family to go to Three Margaritas or another fine Mexican restaurant (knowing I'd have to probably eat off the kids menu), we decided on Old Chicago. For those who are unfamiliar with it, it's an awesome pizza-and-beer joint.
I ordered their "Double Deckeroni" pepperoni pizza. No big deal.
I took my first bite, and *hot*. Yes, it was too hot to be spiced with Italian spices. I knew right away there were some peppers in it which would cause me a massive headache, but I also know that it only takes a few drops, so I was screwed already.
So I finished that piece.
Then I asked the waittress what is in it. She responded "Oh, they sprinkle quite a bit of Frank's Red Hot in there...".
Crap. Well, that explained it. (The menu only says that it has a "spicy sauce", not that it's Frank's or Bruce's or whatever).
This time, unlike any other, I was determined to head off the impending doom. I immediately took 2 Benadryl. Every 4 hours afterwards for 36 hours I took 2 more. (This exceeded the daily recommendation, I should mention).
HOWEVER, now it has been over 40 hours and I have had no headache! Typically one would start from 4 to 20 hours later.
Now, the trade-off is that Benadryl puts me to sleep. Soooo, I'm not going to be adding red peppers back into my diet, but I now at least know that if I slip up then I am not doomed to a dozen hours of "holy @%@%$ my head hurts".
Now, dare I say it, I need to test this twice more. Once to set off a headache again with a known food, and NOT treat it, and then set off yet ANOTHER but treat it as I did this one.
I hope this info helps someone.
Sunday, February 22, 2009
Thursday, February 12, 2009
Capsaicin Headaches, Take 3
Okay, now we're at 4 1/2 months. I've seen an allergist (who is supposed to be an expert at allergies and intolerances) and MAN was that worthless.
Me: I've had headaches on and off for the last 6 years or so, all year round. Over the last year they increased in frequency to almost daily. Then, in October when I stopped eating capsaicin, they disappeared overnight.
Doc: Hmmm. Since they disappeared at the end of allergy season I don't think it's capsaicin. It's probably your grass allergy.
Me: Did you catch the fact that it's been going on for SIX FRIGGIN YEARS????
Anyway, a few interesting tidbits...
Now, when I *do* have something hot (to test it) I now have NO tolerance for hot sauce! Man, even the lamest, mildest seasoning is hot to me.
My impression is also that my intolerance is getting significantly worse. Early on (November), I was able to have 4 drops of Cholula sauce on Mac and Cheese to no effect. It would take a bit more for me to get a mild headache. Now, the dreaded 4 drops and I'm in significant (though not quite debilitating) pain about 4 hours later. In fact, I'm going to test this weekend to see if the trivial amount of capsaicin in Doritos is causing me a problem...
*sigh*, I miss my burritos, but not my headaches. Soon, though, I'm going to try to test it after I take a few allergy meds (which I don't take regularly right now). maybe if I load up on Zantac or Benadryl before I eat it will help. Of course, this will only work if it's an ALLERGY, not an INTOLERANCE.
Me: I've had headaches on and off for the last 6 years or so, all year round. Over the last year they increased in frequency to almost daily. Then, in October when I stopped eating capsaicin, they disappeared overnight.
Doc: Hmmm. Since they disappeared at the end of allergy season I don't think it's capsaicin. It's probably your grass allergy.
Me: Did you catch the fact that it's been going on for SIX FRIGGIN YEARS????
Anyway, a few interesting tidbits...
Now, when I *do* have something hot (to test it) I now have NO tolerance for hot sauce! Man, even the lamest, mildest seasoning is hot to me.
My impression is also that my intolerance is getting significantly worse. Early on (November), I was able to have 4 drops of Cholula sauce on Mac and Cheese to no effect. It would take a bit more for me to get a mild headache. Now, the dreaded 4 drops and I'm in significant (though not quite debilitating) pain about 4 hours later. In fact, I'm going to test this weekend to see if the trivial amount of capsaicin in Doritos is causing me a problem...
*sigh*, I miss my burritos, but not my headaches. Soon, though, I'm going to try to test it after I take a few allergy meds (which I don't take regularly right now). maybe if I load up on Zantac or Benadryl before I eat it will help. Of course, this will only work if it's an ALLERGY, not an INTOLERANCE.
Tuesday, December 30, 2008
Capsaicin Headaches, Take 2
Well, now I am at about the 3 month mark in my experiment (eliminating capsaicin from my diet) and I have had a total of 4 headaches in the last three months and all but one were deliberately triggered. This is fascinating to me, as I wonder how many people are suffering the same as I am!
...and I'll tell you what, the idea of taking a capsaicin spray and sticking it up my nose as a "cure" scares the crap outta me. I sure hope it works for other folks who are having a different problem than I, but for me I think I would prolly be in so much pain I would but a bullet through my skull.
Short update, and I'm grateful. I feel SOOOOO much better. 4 months ago I would not have even dared to dream I could be headache free for even so much as two weeks in a row...
...and I'll tell you what, the idea of taking a capsaicin spray and sticking it up my nose as a "cure" scares the crap outta me. I sure hope it works for other folks who are having a different problem than I, but for me I think I would prolly be in so much pain I would but a bullet through my skull.
Short update, and I'm grateful. I feel SOOOOO much better. 4 months ago I would not have even dared to dream I could be headache free for even so much as two weeks in a row...
Tuesday, October 28, 2008
Capsaicin Intolerance
Okay, so this is neither about God, nor is it about security, but it's too important for me to not post, so here goes.
I have had debilitating headaches for years. Probably 6 or 7. They would typically hit one side of my head, often behind the eye, or to the side at the temple. My neck would sometimes hurt as if it were "out of whack". For years I had a "cure." I would take 3 Advil and one red Sudafed pill, then I would lie on my back for 45 minutes. It seemed that, usually, at the 45 minute mark I would feel my sinuses crackle and drain, and my headache would go away.
Recently, about a year ago, this stopped working. I'd still do it, in hopes that it was lessening the pain, but it became a case of having to wait them out. This was unfortunate, as they used to also disappear without treatment overnight. Now, they would last for over 24 hours with alarming regularity. They were also happening much more frequently. What used to be an occasional (every month) occurrence became every week and then many times per week. They weren't always debilitating, but half of the fear was knowing that it *may* turn into a killer suicidal OMFG headache.
I went to the doctor, and we tried Butalbitol. Some luck keeping the killer ones at bay, but I still had headaches, now more often than not (this was over this last summer). When my perscription ran out, I was screwed.
Then something strange happened: Someone at work mentioned allergies. I did some searches, but couldn't find anything that seemed to be what I wanted. Allergies involve an immediate reaction to the stimulus. I had seen no pattern of even vaguely immediate feedback. I would get them just before heading home frequently, no matter what I had (or didn't have) for lunch.
One article, however, mentioned "intolerance" factors. I looked them up, and they seemed focused on things like lactose intolerance and such which manifest as gastrointenstinal problems.
Not me (or, at least, not my primary problem). They *did* have one interesting factor, however; timing. Intolerance issues would regularly be hours to a day and a half later. Still, these didn't point to headaches.
One site (wish I could remember which) had a side note about capsaicin intolerance. You know, that chemical that makes chili peppers hot? One result of this was -- Ta Daaa! -- headaches.
My life is hot food. Most mornings, I would get a breakfast burrito at my local joint and it would be HOT. My wife makes the best green chili in the world. I love the Armadillo, Three Margaritas, Q-Doba, Chipotle and many local Mexican food joints.
I put Cholula, Frank's, Bruce's, and Louisiana style hot sauce on darn near everything except cold cereal.
But I stopped cold turkey a month ago.
No headaches. None. Nada. Zilch.
Damn.
Last Friday (3 and a half weeks into this) I put it to the test: Three steak soft tacos from Chipotle Grill for lunch.
A tickly Friday evening, and a headache all day Saturday. Not a debilitating one (after all, I didn't put hot sauce on them, and I ordered them mild) but the chipotle marinade seems to have been enough to set off a minor headache.
I will give updates, but I wanted to post this as I could find no one else who seemed to share my problem. For someone out there, I hope my discovery will help you, because I was getting near my wits end.
Now I feel great!
-B
I have had debilitating headaches for years. Probably 6 or 7. They would typically hit one side of my head, often behind the eye, or to the side at the temple. My neck would sometimes hurt as if it were "out of whack". For years I had a "cure." I would take 3 Advil and one red Sudafed pill, then I would lie on my back for 45 minutes. It seemed that, usually, at the 45 minute mark I would feel my sinuses crackle and drain, and my headache would go away.
Recently, about a year ago, this stopped working. I'd still do it, in hopes that it was lessening the pain, but it became a case of having to wait them out. This was unfortunate, as they used to also disappear without treatment overnight. Now, they would last for over 24 hours with alarming regularity. They were also happening much more frequently. What used to be an occasional (every month) occurrence became every week and then many times per week. They weren't always debilitating, but half of the fear was knowing that it *may* turn into a killer suicidal OMFG headache.
I went to the doctor, and we tried Butalbitol. Some luck keeping the killer ones at bay, but I still had headaches, now more often than not (this was over this last summer). When my perscription ran out, I was screwed.
Then something strange happened: Someone at work mentioned allergies. I did some searches, but couldn't find anything that seemed to be what I wanted. Allergies involve an immediate reaction to the stimulus. I had seen no pattern of even vaguely immediate feedback. I would get them just before heading home frequently, no matter what I had (or didn't have) for lunch.
One article, however, mentioned "intolerance" factors. I looked them up, and they seemed focused on things like lactose intolerance and such which manifest as gastrointenstinal problems.
Not me (or, at least, not my primary problem). They *did* have one interesting factor, however; timing. Intolerance issues would regularly be hours to a day and a half later. Still, these didn't point to headaches.
One site (wish I could remember which) had a side note about capsaicin intolerance. You know, that chemical that makes chili peppers hot? One result of this was -- Ta Daaa! -- headaches.
My life is hot food. Most mornings, I would get a breakfast burrito at my local joint and it would be HOT. My wife makes the best green chili in the world. I love the Armadillo, Three Margaritas, Q-Doba, Chipotle and many local Mexican food joints.
I put Cholula, Frank's, Bruce's, and Louisiana style hot sauce on darn near everything except cold cereal.
But I stopped cold turkey a month ago.
No headaches. None. Nada. Zilch.
Damn.
Last Friday (3 and a half weeks into this) I put it to the test: Three steak soft tacos from Chipotle Grill for lunch.
A tickly Friday evening, and a headache all day Saturday. Not a debilitating one (after all, I didn't put hot sauce on them, and I ordered them mild) but the chipotle marinade seems to have been enough to set off a minor headache.
I will give updates, but I wanted to post this as I could find no one else who seemed to share my problem. For someone out there, I hope my discovery will help you, because I was getting near my wits end.
Now I feel great!
-B
Thursday, May 29, 2008
Hacking Exposed and Customer Focus
Recently (yesterday) I had the opportunity to chat over a meal with George Kurtz, a Senior Vice President and general manager in charge of McAfee's Risk and Compliance unit. (whew, that's a mouthful). In attendance were a small number of other CSO's (or equivalent) and we listened to George, also a co-founder of Foundstone, the premier vulnerability scanning solution.
We also bounced some ideas back and forth and generally shared information like good stewards of our respective enterprises.
So, keep in mind that McAfee is a vendor. They sell products and services. I found it fascinating that one of the most common themes to the questions was not technology, rather it was something relating to the "human" side of information security. Question such as: how can we justify headcount? who dictates policy? how do we show value to management?
I find this interesting for two reasons.
One: security people often tend to be caricatures of other IT folks. Even more "black cave" oriented, less social, creepy, etc...etc... and yet this group had the presence of mind to recognize that, though we would prefer to be "tools" to be wielded by others (to paraphrase a coworker, who hates the "political" side of security), we recognize the need to interact, "sell", and justify. These ubergeeks recognize the human side.
Two: McAfee is an odd company to ask these kinds of questions of. These questions would clearly fall "outside the scope" of any implementation. Still...I think they were well founded and well targeted. After all, McAfee is, in the end, interested in selling us their solution just as we are interested in selling management our "solution" as CSOs. George gave an example of something they did for a customer which wouldn't fall under "best practices", but did fall under the scope of "serving" the customer. They chose to accept the risk, a concept that amateur IS professionals still seem to struggle with.
For all that we discussed, I received a good lesson on identifying, understanding, servicing and even measuring our "customers". My customers are the HR and legal departments, as well as the business units who rely on me to keep them safe while keeping them running. The "A" in the CIA model (Confidentiality, Integrity, Availability). Though it's redundant, I like to add "U" for "utility". Sure the data is there, but can our customers *use* it?
So, although I tend to be merciless with vendors (I was one, once, and I *still* have no sympathy for them!) I learned that these guys see the breadth of security implementations that I do not, and they may actually have a good idea or two.
Even if it's outside their product line.
PS...thanks to Sam Van Ryder for reminding me why I like to do this stuff.
We also bounced some ideas back and forth and generally shared information like good stewards of our respective enterprises.
So, keep in mind that McAfee is a vendor. They sell products and services. I found it fascinating that one of the most common themes to the questions was not technology, rather it was something relating to the "human" side of information security. Question such as: how can we justify headcount? who dictates policy? how do we show value to management?
I find this interesting for two reasons.
One: security people often tend to be caricatures of other IT folks. Even more "black cave" oriented, less social, creepy, etc...etc... and yet this group had the presence of mind to recognize that, though we would prefer to be "tools" to be wielded by others (to paraphrase a coworker, who hates the "political" side of security), we recognize the need to interact, "sell", and justify. These ubergeeks recognize the human side.
Two: McAfee is an odd company to ask these kinds of questions of. These questions would clearly fall "outside the scope" of any implementation. Still...I think they were well founded and well targeted. After all, McAfee is, in the end, interested in selling us their solution just as we are interested in selling management our "solution" as CSOs. George gave an example of something they did for a customer which wouldn't fall under "best practices", but did fall under the scope of "serving" the customer. They chose to accept the risk, a concept that amateur IS professionals still seem to struggle with.
For all that we discussed, I received a good lesson on identifying, understanding, servicing and even measuring our "customers". My customers are the HR and legal departments, as well as the business units who rely on me to keep them safe while keeping them running. The "A" in the CIA model (Confidentiality, Integrity, Availability). Though it's redundant, I like to add "U" for "utility". Sure the data is there, but can our customers *use* it?
So, although I tend to be merciless with vendors (I was one, once, and I *still* have no sympathy for them!) I learned that these guys see the breadth of security implementations that I do not, and they may actually have a good idea or two.
Even if it's outside their product line.
PS...thanks to Sam Van Ryder for reminding me why I like to do this stuff.
Wednesday, May 28, 2008
CISSP
Okay, so after years of putting of taking the CISSP examination (read: trying to get someone else to pay for it) I finally scheduled my exam and took it in April. There are plenty of posts about it, and I don't want to duplicate what others have said, so I'll just put in this small bit:
If you can regularly pass the FreePracticeTest exams online with an 80 or higher, then you are most of the way there. I don't think I ran into a single question on FreePracticeTests(FPT) that was on the actual exam, but they give a *great* fell for what to expect. This means, however, that just learning the answers to FPT won't do you any good.
In my case, I had 10+ years of dedicated info security experience by the time I took the test, plus years of consulting and SA/SE work prior to that, so there was little on there to surprise me. What I did was go out and buy Shon Harris' excellent book and read the chapter titles to see what areas I seemed lacking in (based on the FPT). Really, I only had one weakness, and that was the Orange book stuff, so I read that chapter a few days before the test.
The night before the test I read each of the "quick tips" sections (there is one at the end of each chapter starting with chapter 3 or 4) which are a few pages of...um...quick tips.
That's it. Finished answering well before the 3 hour mark, and finished my double-and triple checking shortly after the 3 hour mark. (I only rechecked questions I wasn't 100% sure about, which was somewhere on the order of 50 or so out of the 250...and in some cases other questions on the test gave these answers.)
One of my peeves is when you are experienced in your field but you have no idea how well that experience will translate to a test. In my case, at least, a half-score of years in IT security seemed to translate well, as I passed my first try.
Good luck to you, if such is in your future!
Oh, and it *did* feel grueling! I was wiped out afterwards. :-)
If you can regularly pass the FreePracticeTest exams online with an 80 or higher, then you are most of the way there. I don't think I ran into a single question on FreePracticeTests(FPT) that was on the actual exam, but they give a *great* fell for what to expect. This means, however, that just learning the answers to FPT won't do you any good.
In my case, I had 10+ years of dedicated info security experience by the time I took the test, plus years of consulting and SA/SE work prior to that, so there was little on there to surprise me. What I did was go out and buy Shon Harris' excellent book and read the chapter titles to see what areas I seemed lacking in (based on the FPT). Really, I only had one weakness, and that was the Orange book stuff, so I read that chapter a few days before the test.
The night before the test I read each of the "quick tips" sections (there is one at the end of each chapter starting with chapter 3 or 4) which are a few pages of...um...quick tips.
That's it. Finished answering well before the 3 hour mark, and finished my double-and triple checking shortly after the 3 hour mark. (I only rechecked questions I wasn't 100% sure about, which was somewhere on the order of 50 or so out of the 250...and in some cases other questions on the test gave these answers.)
One of my peeves is when you are experienced in your field but you have no idea how well that experience will translate to a test. In my case, at least, a half-score of years in IT security seemed to translate well, as I passed my first try.
Good luck to you, if such is in your future!
Oh, and it *did* feel grueling! I was wiped out afterwards. :-)
Monday, February 11, 2008
Security Incident Cost BS
Sometimes the obvious isn't. Apparently.
An organization I'm familiar with recently had a small "virus" outbreak. It wasn't really a virus, but I'll call it that for simplicity. This "virus", though it infected over a score of computers, was largely held at bay due to defense-in-depth. It couldn't communicate with the outside world because of our firewalls and some local policy stuff on the workstations, but it *did* infect them in such a way that McAfee couldn't find them. It took an analysis of firewall logs to track the compromised systems down.
All well and good. Nothing new.
Now, we have an estimate of how much this incident "cost" the organization. I was peripheral to the cost calculation, but it seemed based on a simple I-CAMP model (here's a good article on it from 2002) where you take the time people put into remediating the issue, and multiply by their wage. Thus, 5 administrators who each put in 10 hours at $50/hour would show a cost of (# of administrators) X (# of hours) X (hourly wage) or 5 X 10 * $50 = $2500.
(Yes, I know, very simplified as each administrator was receiving the same pay...I'm lazy, what can I say).
Now, David in the article above goes to great length to defend this formula (granted it was in 2002, so he may have recanted...I don't know) and even goes beyond it to state how hard it is to calculate losses such as reputation, revenue and insurance deductables.
Hello? Sounds like a good use for this.
Do any of these people actually have jobs? I've been involved in countless insidents, and you know what? I've rarely received an unbudgeted dime for my involvement, and yet I know that I am *always* calculated into the "cost" of the incident.
When I was at (insert telecom company here), we had the Code Red outbreak, and my hours were figured into the cost. Guess what? I was doing my job. Oh, and those things that didn't get done because I was working on Code Red? Oh, THERE WEREN'T ANY, because I still had to get them done. Thank heavens I got paid overti....oh, yeah I didn't. I just had to do my flogging job.
And somehow this was wrapped into an incident cost. Was it used to justify more headcount (which would have made sense and turned it into a real cost)? Nope. Just a great number to flash around.
Now, I'm not a Kevin Mitnick fan (nor am I a detractor...I just don't give much of a rip) but for all of the "losses" his exploits caused there was a great similarity to the "losses" we had sustained from Code Red.
Not a single SEC filing showing actual loss.
Don't get me started on "losses" regarding governmental incidents. Governments (local, state, federal, etc) have captive audiences, so they aren't worried about "revenue loss". When they can show me costs associated with unbudgeted items (snowplow rental, contract employees, or overtime paid to employees) associated with an incident, then I'll believe them.
Otherwise, it's just a bunch of people working a little harder at their jobs.
An organization I'm familiar with recently had a small "virus" outbreak. It wasn't really a virus, but I'll call it that for simplicity. This "virus", though it infected over a score of computers, was largely held at bay due to defense-in-depth. It couldn't communicate with the outside world because of our firewalls and some local policy stuff on the workstations, but it *did* infect them in such a way that McAfee couldn't find them. It took an analysis of firewall logs to track the compromised systems down.
All well and good. Nothing new.
Now, we have an estimate of how much this incident "cost" the organization. I was peripheral to the cost calculation, but it seemed based on a simple I-CAMP model (here's a good article on it from 2002) where you take the time people put into remediating the issue, and multiply by their wage. Thus, 5 administrators who each put in 10 hours at $50/hour would show a cost of (# of administrators) X (# of hours) X (hourly wage) or 5 X 10 * $50 = $2500.
(Yes, I know, very simplified as each administrator was receiving the same pay...I'm lazy, what can I say).
Now, David in the article above goes to great length to defend this formula (granted it was in 2002, so he may have recanted...I don't know) and even goes beyond it to state how hard it is to calculate losses such as reputation, revenue and insurance deductables.
Hello? Sounds like a good use for this.
Do any of these people actually have jobs? I've been involved in countless insidents, and you know what? I've rarely received an unbudgeted dime for my involvement, and yet I know that I am *always* calculated into the "cost" of the incident.
When I was at (insert telecom company here), we had the Code Red outbreak, and my hours were figured into the cost. Guess what? I was doing my job. Oh, and those things that didn't get done because I was working on Code Red? Oh, THERE WEREN'T ANY, because I still had to get them done. Thank heavens I got paid overti....oh, yeah I didn't. I just had to do my flogging job.
And somehow this was wrapped into an incident cost. Was it used to justify more headcount (which would have made sense and turned it into a real cost)? Nope. Just a great number to flash around.
Now, I'm not a Kevin Mitnick fan (nor am I a detractor...I just don't give much of a rip) but for all of the "losses" his exploits caused there was a great similarity to the "losses" we had sustained from Code Red.
Not a single SEC filing showing actual loss.
Don't get me started on "losses" regarding governmental incidents. Governments (local, state, federal, etc) have captive audiences, so they aren't worried about "revenue loss". When they can show me costs associated with unbudgeted items (snowplow rental, contract employees, or overtime paid to employees) associated with an incident, then I'll believe them.
Otherwise, it's just a bunch of people working a little harder at their jobs.
Subscribe to:
Posts (Atom)
