News breaking tonight of the sad passing Monday of Ian Murdock founder of Debian.

It's not wise to speculate nor should anyone start openly discussing the reasons behind his death. Right now concentrate on his achievements. Personally I'm just gutted he never got the chance to demonstrate his brilliance at Docker after joining them so recently.

I can't imagine the personal torture he endured the last few days or to speculate on his state of mind, nor do I want to. More it's the tragic loss of someone who gave so much at a formulaic stage of open source when we were all finding our feet.

What he co-created has lasted and given birth to so many derived versions. His attitude to packaging and release and his influence on others will long be remembered.

Life is fragile. Go hug someone who needs it. You never know the difference it will make. We should right now be thinking of his family and his kids and the pride he had in being a father. Everything else is just noise.

So today rolled over to 1st December which marks the fifth anniversary of coming back to RedHat. I first worked with Red Hat seventeen years ago. Actually it was only a few days ago I was talking to old work colleagues about booth duty at Linuxworld Paris in February 2000. It seems a lifetime ago. Rhys Oxenham my Red Hat colleague then reminded me he was 12 when I was on stage talking about Samba and LinuxHA. I felt incredibly old.

A lifetime spent in Open Source and security has brought me so many friendships. I'm closer to some of my friends in Linux than I am my own family. They know who they are and those relationships are forged in the fires of kernel lists, security vulnerabilities, podcasts and Red Hat Summits.

Long days, long nights, eighteen hour days and making my wife a Linux widow, this year post stroke I've found a work life balance that works for me. Also a massive big shout out personally to Bryan Che. One of the smartest folk I've ever met and a mentor who is so tolerant and actually believes in people. Wish we could clone him.

Working at RedHat is not a job. It's a responsibility to do it right.

A plethora of security articles has appeared in the mainstream IT press over the last few weeks that makes me believe that security is one of the new buzzwords that you can expect to hear a lot more about in 2016. As a security practitioner and someone who has done this for well over fifteen years it's bizarre how something that we do as business as usual is now getting some attention. For over a decade we were the people you didn't talk to, or if you did you did it through gritted teeth knowing we would try to hold you to a better standard or a greater ideal for the common good.

Any and all focus on security best practice is welcome. As we all witness the explosive growth of container based cloud provisioning gather pace it's circumspect to hope that this due diligence around security will filter down through programs in organisations to build in security as a de-facto standard building block and process rather than retro fitted to shore up poor code or poor deployment / management practices.

That's not to say by having the best security folk and best practices you can't get hacked from internal or external threat or fall prey to a security vulnerability. What it does mean is that you have the plan as to how to react, how to behave during an outage, what steps to take during a fix process and how you learn from that experience, growing from it. Sharing that knowledge is even more important in the Open Source space.

Please though don't fall into a trap. Having a CISSP does not make you a security professional. Having a CISSP on board your staff says you have someone who can pass an exam and who has an understanding of how a proprietary network environment and elevated threat levels and reaction capabilities to someone hosing your Cisco / Juniper / (add other vendor kit here) will have on your ability to provide service.

Any qualification that allows it's students to keep qualified by collecting points attending conferences is devalued by stupid brand marketing folk who allow such a practice. I've met some great people who also had CISSPs and I've also met some self styled pen testers, auditors and "security professionals" with CISSPs and other exam qualifications who communally couldn't find their arse with both hands. Those same people also knew how to pass exams but who had never had actual realtime experience in the trenches with developers and operational datacentre folk to get up to speed with emerging threat.

Certification is important. Want to hire good folk or get your CISSP folk up to speed with real life threat from bleeding edge threat actors that impact actual platforms now ? Get them to sign up and study for the CCSK exam. Amazon get their staff to, so do Microsoft and HP and I personally rate the material and the exam and it will allow you to get your staff to be at a point where you have a proper belts and braces ability to deal with threat and react realtime rather than a post mortem. No this isn't an advert for the Cloud Security Alliance or a trolling attack on CISSPs it's a call to arms to employers to look outside the box because sadly the hackers are better qualified than ever before,

So while you're eating your Thanksgiving meal or preparing for a quiet Christmas think about how you can increase your security skills and also maybe think about joining an Open Source project to see how security issues and vulnerabilities are managed in the wild.

Happy Thanksgiving 2015 and have a great time with your families.

Sadly I have to announce that my hetero life mate John-Mark Walker has left Red Hat for pastures new. This pains me because I've known for an age, probably longer than anyone else, that he was leaving and I've had to keep it a secret. It's weird because although he's left Red Hat he and I still carry on as per normal, we've been friends since the term Open Source was coined through the mists and time of companies no longer trading or long since committed to the history of Linux. We've seen it all. I'm three weeks and two days older, two inches taller and can't get away with wearing Salmon Pink jackets like my buddy John Mark.

We've presented radio shows together, trying not to cry with laughter, I've censored him more times than I care to think about, drunk too much beer, visited countries and broken bread with the man so many times. Will I miss him ? Nah. I'll still see him at events, I'll still talk with him almost daily and he's part of my life for the long haul.

I will miss him at Red Hat. Such a shame he was never harnessed properly.

Until then here is a short outtake of a video we shot over two years ago now at a hotel in London. We'd just sat and watched my football team get beaten at Wembley (from a bar in London) and we'd eaten food, drunk beer and then and only then rolled the camera.

Here's John-Mark and I on top form.