It has been a while... My apologies.

I know, I know... it has been a long time since I posted to this blog. It is truly unfortunate that there is not 25 or 26 hours in a day. Truth be told, things are heating up substantially at work. With this, coupled with my doctoral coursework, being a dad and a husband, time is pretty valuable for me to decompress. However, no excuses. I will get back into the swing of things and find some time to post to this blog.

With that, I may as well check in with how I am seeing the information security profession and the things I am coming into contact with (or avoiding intentionally).

1) Data Loss Prevention is a much bigger problem than most companies realize. While this may not come as a newsflash to some, peers and organizations that I have come into contact with are starving for justifications; yet, are probably grossly underestimating the time, budget, and strategy needed to effectively manage data before it leaves the cloud.

2) Is anyone else waiting for the next big virus to stem from the shortening of URLs ala Twitter and Facebook?

3) It should be interesting to see the adoption of Windows 7 in the corporate world. A colleague of mine recently made the statement that Microsoft may be in financial trouble if Windows 7 does not succeed. To a certain extent, I think he is correct. We are 3-5 years removed from anything truly innovative, and from the sidelines, it does appear that Microsoft is too busy regaining footing in the web browser and desktop operating systems space. Maybe they should think about...

4) Varonis. In working with the Data Loss Prevention suite directly, what Varonis is bringing to the market is truly innovative. In my humble opinion, I am not convinced that they scale to the enterprise level, but they are getting there.

5) Finally (for tonight at least), I think the security industry is still lacking a fundamental strategy for its customers. With the economy being in such a tumultuous state, every move should be calculated, justified, and brought into the wider context for our business partners. I still, to this day, believe that metrics are such a fundamental construct for justification of efforts and setting the vision. Yet I am completely surprised that organizations are still overcommitting and under-delivering on metrics that would allow the executives with the money to make a common sense call to arms.