Timing is Everything

Whether you have a professional, prosumer, entry level or phone based camera, you know that there is a slight delay in from the pressing of the shutter to the actual image being recorded.  This is the timing, the groove, the “it” factor.  When you have reached the point that your intimate knowledge of the equipment is so adept that your timing is instinctive.

Consider the impact of the photo of a batter hitting a baseball.  We have all seen images where we don’t know if the ball is coming toward the batter or the batter has just hit it

In this shot we can see the ball compressing against the bat.bat

The message is that the batter has connected and that ball will soon be travelling very far.

This is a more compelling image.

Or Beyonce when she is gorgeous at a concert.

The eyes are connecting with the viewer,

The hair catching the wind from the fans below

She looks powerful and in control in this image.

But concert photography is VERY difficult to do correctly.

Because the smallest expression can become magnified and in interpreted.


While this is not the most flattering of images, she is a performer and became a victim of unfortunate timing.

If you have ever seen any singer/performer these days, they are putting on elaborate shows and this one picture has led to much unfair criticism of her performances.

Then there are times that the image tells the story of you know what is just about to occur and it needs no caption or setup.

Water all over and a ball in the face.


There are web sites devoted to just showing these images.


The pictures tell the story.

The point I’m trying to make is that the gear doesn’t matter.  Your knowledge of the gear does.




Or just go to Google images and enter this text “right before an accident”


An outlet


I’m writing this more for an outlet than anything else.  I’m an IT Guy with over 30 years in the field.  I earned an B.S. in Computer Science, an MA in Information Systems Management and certificates of (ITIL, CISSP, and CISA), so I have a general understanding of what I ‘m talking about.  Early on I had to make a choice between a creative or technical path.  I chose the technical, but always stayed in touch with the creative.  Today I don’t regret the choices I’ve made, just question them as in “What the heck was I thinking”?

Today I work for a fortune 100 company with specific responsibilities in IT Security and regulatory compliance, specifically with NIST and other federal agencies.  My function is sort of Rosetta stone of translation.  Translate Fed-Speak into policies, procedures and action.

I hate the modern-day auditing function.  It is not helpful at all and effectively allows summary judgements to be levied by without reproach.  The management functions are punitive and fearful that passing an audit is all they really care about.  Business management are scared and generally feel that having a box checked as ‘complete’ is some magic shield from which no harm will come.

My own opinion is that the Internal Audit function should be a partner to the business and act in a consultant capacity instead of judge, jury and executioner.   They should be the teacher and the strategic leader from which new and better cyber security initiatives rise from.  That’s what I do.


Before 2002 every Federal agency had their own IT staff, policies, procedures.  It was a huge waste of money but it worked at the time.  In 2002, the FISMA (Federal Information Security Act) was signed into law.  This authorized the branch of the Department of Commerce known as the National Institute of Standards and Technology as the sole source of US Federal computer security guidelines.  This wasn’t something that was created overnight, NIST developed computer security guidelines since the 1970’s.  The law was the way that the US went from a patchwork of independent practices to one way to do it.  This quietly did somethign that was rarely done before.  It streamlined a government process.

Within NIST, there are many departments and divisions.  The one that I am going to write about is the “Computer Security Division”.  Keep in mind that you will not learn something super secret here, just how to do things better.  Within the Computer Security Division there is the Computer Security Resource Center which I have linked to their website.  This is where we will continue from the next time.