February 2016 Archives

Ten Feet Tall and Covered in Mud

Those who know me know that I'm not overly concerned with being liked, per se, so long as I'm not often wrong and not generally thought an idiot. However, by the same token, it's sometimes nice to be wanted, and maybe even appreciated, from time to time. Now more so than in the past, heading into RSA 2016 in a few short weeks, I'm starting to realize that the temporary career boost from my time at Gartner has faded and my dance card for the event is remarkably empty.

This phenomenon of transitioning from "leading analyst firm" to "mere mortal" has been interesting. While I'm now enjoying my new environs, it certainly did not start out that way with the first post-analyst experience. If nothing else, it has certainly confirmed my concerns over the state of the industry, instilled throughout my time as an analyst.

Specifically, it seems that no matter how far we'd like to think we've come as an industry, we're still generally losing ground and - more importantly - losing the battle and the war. A friend and I were just discussing earlier today the abysmal state of things and just how bleeding common it has become to encounter teams and organizations where everyone is running around with their hair on fire, trying to "do something to help," but as often as not simply making things worse.

How did we come to such a point in the industry wherein we're able to stand on the shoulders of giants and still be mired in mud? Paradoxical, to say the least, but also greatly distressing. Are we so far behind in our maturity and technological advancement? Alas, I think it may be true that for every step we take forward as the security industry, we're continually leapfrogged by our adversaries, who neither think linearly, nor have to worry about dealing with an asymmetric environment wherein we must succeed all the time and they must only be lucky once. It hardly seems fair.

Fortunately, I think there's an out, if we're only savvy and brave enough to entreat it. Alas, pricing on various automation tools still seems to be relatively high, and continually targeted at the F250 companies. However, less expensive options, such as Ansible, Puppet, Chef, and even Jenkins (to name a few), increasingly provide a reasonable starting point for security automation and orchestration, not to mention the FOSS tool FIDO from Netflix, as well as the potential for greater market accessibility for Invotas Security Orchestrator, which has been acquired by FireEye.

We'll have to see how things pan out, but I'm cautiously optimistic that we may eventually get our collective heads above water... but only by shifting away from human-dependent paradigms to ones underpinned by creative, proactive automation that scales.

Interviewed by Balabit

I was interviewed in December 2015 by Balabit for their monthly eXPRTLK column, which was published in January 2016. I hope you'll find my responses interesting and, dare I say, insightful. The full story is here:
http://csiblog.balabit.com/blog-posts/exprtlk-benjamin-tomhave

My Other Pages

Support Me

Support EFF


Bloggers' Rights at EFF

Creative Commons License
This blog is licensed under a Creative Commons License.
Powered by Movable Type 5.2.10