In what may qualify as a profound understatement, the past year has been challenging for security professionals across the globe.
Much of what infosec professionals do goes unnoticed, except when things go wrong. And 2011 has had no shortage of these black-eye events. Allow me, however, to highlight what many of you out there are doing to keep our personal, proprietary, and confidential data safe from prying eyes.
First I want to acknowledge the efforts of all our opinion column and blog contributors for their unbridled analysis throughout the year. I can’t single out each one, as their names could fill this entire page. One sterling example of these contributions is infosec analyst Matthew Pasucci, who gave a gloves-off assessment of encryption vendors. While much of what we do here at Infosecurity revolves around news and insights, the worth of the opinion part of the equation cannot be understated.
A special thanks goes to all the researchers out there, including Charlie Miller and Sergey Glazunov, who responsibly disclose application and hardware flaws to vendors. By doing so, they allow us all the opportunity to remain safe when patches are issued. Equally important is a tip of the cap to researchers who refuse to let discovered bugs languish, and take the extra time and effort to publicize this when uncooperative vendors drag their feet on security updates. Some call this irresponsible disclosure, but I would respond by asking, who is really being irresponsible in these cases?
Peiter ‘Mudge’ Zatko, program manager at DARPA, deserves recognition for his attempt to build a bridge between hacker/researchers and the intelligence community by creating the Cyber Fast Track initiative he unveiled this past summer. The program attempts to remove some of the government red tape so that smaller groups of researchers can obtain US Department of Defense funding on cybersecurity research in weeks instead of months.
Also, a thank you goes out to Moxie Marlinspike, whose research and innovations continue to challenge the status quo in internet security and encryption. His efforts are a microcosm of the positive work that goes on every day among researchers in the industry. A business-as-usual approach rarely works in the ever-changing world of information security, so kudos to those who – like Marlinspike – go out every day and question whether or not there is a more effective way to accomplish our objectives.
I would also like to recognize the efforts of people like Hord Tipton and Julie Peeler of the non-profit (ISC)2. This year saw the establishment of the (ISC)² Foundation, with the expressed mission of delivering security education and awareness programs to audiences outside the current pool of security professionals. As the foundation’s director, Peeler will spearhead efforts to bring infosec experts into elementary and middle-school classrooms to teach children how to stay safe online.
Then there are people (like Paul Simmonds in the UK) who dedicate much of their free time and lend expertise to developing industry-wide standards for issues such as cloud security. Simmonds, a former CISO at ICI and AstraZeneca, is just one of many who selflessly contribute to the accumulating body of knowledge that well-informed security professionals rely on.
As these lines draw closer to the bottom of the page, I can almost hear the orchestra beginning to play me off, as I experience what Oscar recipients must feel when they go over time. I promise no tears or political parting shots from this end. Final special thanks are reserved for Eleanor, Steve Gold, Fred Donovan, and all the staff at Elsevier and Reed Exhibitions that have made it possible to tell your stories throughout the year.
So if I missed your contribution to the industry, please don’t hold it against me. Instead, feel free to email and tell me all about it. Unlike some journalists, I just love a good success story.