In the spirit of the season... Five information security trends for which I’m thankful this year.
- Organizations that have realized the importance of security. Twenty years ago the only people who cared about information security were the government and… well, that’s about it. These days security has become pervasive through just about all industries. Companies have learned that data worth protecting needs to be protected. I remember that in college my social security number was used as my identifier for everything; schedule, report cards, student ID. A friend of mine went to a college which actually used his SSN as his email address (think: email@example.com). We’ve come a long way, haven’t we?
- A strong and growing community among information security practitioners. While security is a discipline that might lead people to become introverted and closed-off, there is a thriving community who shares security ideas, engages in productive dialog, and pushes the industry forward. We can engage with this community online through blogs, and security focused forums, or locally through security organizations like ISSA, OWASP and ISACA.
- Creative types who continue to push the envelope, developing new ways for us to secure our environment. It seems like every week I hear about a great new technology that will enable companies to become more secure with less effort. Next generation firewalls, new DLP technologies, log management/alerting systems, password management tools, intrusion prevention systems, and more effective anti-virus software are all available (sometimes even at no cost) and allow us security practitioners to sleep more soundly at night.
- New challenges leading to new opportunities. One of the hallmarks of a troubleshooting type is that they see opportunities where other people see problems. And in the information security world we’ve got a ton of opportunities. Things like new web vulnerabilities popping up daily, threats specific to new technologies (like cloud and mobile computing), the rise of organized crime threats which are not looking to make a name for themselves, and would rather stay under the radar bleeding you dry. Add to that the idea of the advanced persistent threat (APT) and the targeted viruses (like Stuxnet) and the security field is going to need great minds developing innovative solutions for a very long time.
- Mostly, I am thankful to be employed in an industry where I get to combine my technical skills with business-first thinking, and strong customer service. Rather than spending all of my time at a server console, I get to enjoy working with my business partners to design and implement practical solutions that fit both the corporate culture and budget of my employer. By working closely with the other IT disciplines I get to be a part of a team that propels a business to success.
Please feel free to share below any trends in InfoSec for which you are thankful this year.
Cross-posted from Enterprise InfoSec Blog from Robb Reck