Monday, December 10, 2007

The crystal (now with no lead!) ball of security predictions..

Seems like everyone is predicting what the future will bring for security... I read with interest what Schneier has to say, looking out ten years (wonder why 10 is such a magic number?). Lots to get worried about. But of all the predictions, the one I got concerned about is abstraction of core skills - "..people getting by with just knowledge of Powerpoint" (must admit I do my fair share of ppt!).

I think better awareness and knowledge is the best antidote against threats and it is scary to think that we are losing our focus on core technology and assuming that some other "smart" person is on the lookout. The rest of the predictions may or may not come true, but I think we will find ways to overcome them. Some reactively and some proactively.

I also read Rich Mogull's framework for predictions - I see this to be similar for all IT investments, not just for security.
1. Hard dollar investments since I am losing money or can' make money
2. Somewhat hard dollars since my customer is losing money or I may lose money.
3. Soft dollars - some costs may be avoided and I might be able to make more money.

No comments: