So as we are about to close out 2012, many of us in the IT Security community look around and try to assess where we were, what we have accomplished this year, and what is next. I’ve been working in IT since the late 90s, with a focus on security for much of that time. Most of my work has been in large private sector companies, with a brief, but very rewarding stint working for the government. To me while much has changed, many of the core issues remain today as they were back then. Our security condition has actually worsened in many cases. While that is up for debate, no one can argue the pace, sophistication, and impact of major cyber events related to nation-sponsored, organized crime, and hacktivism threats has increased exponentially in the last 4-5 years. This new normal has been applicable to the government and defense industrial base for a long time, but really surfaced in the private sector around ~2007. You would assume that with all that increased attention, dollars
My random musings about IT Security whenever I have time to think