I’m a little late to the game but I thought I’d throw my predictions into the fire.

Social Media Takes a Hit

I wish I had posted this earlier. I had a bad feeling that something would happen to Twitter in 2009 that would make us all take a step back and say “Ummm….”. It didn’t take very long until this became a reality. On Sunday, January 4th numerous sources reported that Twitter accounts were being compromised. From the Zero Day blog:

A cluster of compromised Twitter accounts are sending out person-to-person phishing messages inside the Twitter network. These messages and the target website are similar to standard social network phishing messages, except this time they are very very short.

Even today, there is proof of someone exploiting the Fox News Twitter account and some other high profile accounts.

More and more organizations are including Twitter, and other social media tools, as part of their media relationship plans. It’s unfortunate that more security wasn’t wrapped around this tool from the start.

Training Budgets Get Even Smaller

In my 2008 Predictions I said that training budgets were going to get smaller due to the economic downturn. Even though it looks like we’ve (mostly )made it through the bad spots organizations are not going to be spending money on training like they did 3 or 5 years ago. Everyone is timid right now and they can’t afford to take a chance.

This is, however, a good opportunity for self paced e-learning and self study methods to shine. Organizations and individuals will shy away from the big conferences in favor of alternative training methods.

Do More With Less

You didn’t have NAC last year and you probably won’t have it this year. Budgets will be tight for new security capital expenditures and we security professionals will be asked to take the do more with less approach. It will no longer be a question of “Can we continue to operate without ‘xyz’?” but rather “How long can we continue to operate without ‘xyz’?”

A word of advice. Ensure that your proposals for new purchases include the current cost, any discounts you will receive before a particular date, what it will cost after the discount date, what it will cost over the next 3 years to operate, and what you expect this purchase will save the organization (money, bad publicity, and so on). Expect to fight for every capital expenditure in 2009.

Cyberwar The Biggest Buzzword of 2009

Oh how I hate buzzwords…expect to be force fed the term cyberwar and all of it’s derivatives. The average person is starting to worry about foreign nations and unfriendly organizations attacking the infrastructure of their country. Is the threat real? That depends entirely on who you ask. Personally I think that it is possible to some extent but we’re not quite there yet. Will we get there? Definitely. I believe that every major nation has, or is working towards, a first strike scenario which includes the Internet.

Do you want to play a game? 😛

That’s all I’ve got. Let’s see what happens.

Here is my short list of conferences that I would LOVE to attend in 2009. I have left some off of the list, due to conflicting vacations and such, but I think I have picked most of the prime conferences available to me (please let me know if I’m missing any that you would suggest I attend):

Source Boston 2009

About: SOURCE Boston provides an interactive learning and networking environment allowing all participants and attendees to ask questions, talk to speakers and make the most of the experience. All of our speakers have been hand-selected by our advisory board to ensure presentation quality, effectiveness and content relevance. SOURCE is ideal for high level security professionals who are interested in both the technology and application of computer security, as well as the business practices used within the industry.
Link: http://www.sourceconference.com/index.php?option=com_content&view=article&id=63&Itemid=65
Date(s): Wednesday, March 11th and Thursday, March 12th (2 days)
Location: Boston, MA
Cost: $995 December 1, 2009 – February 28, 2009 ($1195 March 1, 2009 – at door)
CPE Credits: YES

The SANS WhatWorks 2009 Log Management & Analysis Summit

About: The Log Management & Analysis Summit is a user-to-user, non-commercial conference on what works in log management & analysis. It is the only place where you can learn about the strengths and weaknesses of competing technologies, where users will share the lessons they learned about what to log and what to keep and what to report.
Link: http://www.sans.org/logmgtsummit09/
Date(s): Monday, April 6th and Tuesday, April 7th (2 days)
Location: Washington, D.C.
Cost: $1,945
CPE Credits: YES

RSA Conference 2009

About: RSA® Conference 2009 offers enterprise and technical professionals one-stop learning. With targeted classroom sessions, innovative and interactive programs, provocative keynotes and a solutions-filled expo hall, RSA® Conference 2009 is the unbiased third party resource information security professionals rely upon.
Link: http://www.rsaconference.com/2009/US/Home.aspx
Date(s): Monday, April 20th to Friday, April 24th (5 days)
Location: San Francisco, CA
Cost: By January 23, 2009 $2,090 ($1,795 by March 20th, $2,195 after March 20th)
CPE Credits: YES

SANS WhatWorks Summit in Forensics and Incident Response

About: The 2009 SANS What works in Forensics and Incident Response Summit being held in Washington DC on July 9 & 10 gives you access to the state of the art in computer forensic techniques. Top industry leaders, forensics and incident response professionals and vendors will discuss the latest defenses and technologies in a series of highly interactive sessions focused on effective incident response and mitigation, forensic analysis, recovery as a result of a data breach and e-Discovery requests. Expert forensics analysts and law enforcement personnel will share their latest lessons learned from the trenches and the secrets of their forensic approach. And you will leave the Summit armed with answers to your questions as well as new techniques and solutions that you can put to use immediately.
Link: http://www.sans.org/forensics09_summit/
Date(s): Monday, July 6th and Tuesday, July 7th (2 days)
Location: Washington, D.C.
Cost: $1,945
CPE Credits: YES

Black Hat USA 2009

About: The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world – from the corporate and government sectors to academic and even underground researchers. The environment is strictly vendor-neutral and focused on the sharing of practical insights and timely, actionable knowledge. Black Hat remains the best and biggest event of its kind, unique in its ability to define tomorrow’s information security landscape.
Link: http://www.blackhat.com/
Date(s): Wednesday, July 29th to Thursday, July 30th (2 days but training is also available from Friday, July 25th to Tuesday, July 28th)
Location: Las Vegas, NV
Cost: ~$1,350
CPE Credits: YES

SANS Virtualization Security Summit 2009

About: The SANS Virtualization Security Summit brings together industry leaders to help enterprises realize the enormous benefits of virtualization while addressing the new security challenges that it creates. You’ll discuss the latest processes and tools for securing your virtualized systems in open forums designed to bring you together with both industry experts and your peers facing the same day-to-day challenges. Since securing an enterprise doesn’t have a “one size fits all” solution, you’ll be able to get answers to your organization’s individual requirements in detailed Q&A sessions. If you’re considering deploying virtualization, or increasing your current deployment, vendor “shoot-outs” provide you with a unique opportunity to ask the hard questions to determine what tools will best fit your organization’s requirements. Whether your company is just beginning to use virtualization technologies or if you’ve had it deployed for years, this SANS Summit is designed to increase your knowledge and awareness of virtualization’s security issues and how best to address them in your organization.
Link: http://www.sans.org/virtualization09_summit/
Date(s): Monday, August 17th and Tuesday, August 28th (2 days)
Location: Washington, D.C.
Cost: $1,945
CPE Credits: YES

And what would be better than attending these fine conferences? Why presenting at them of course 🙂

I’m still trying to find out how to get in the door for presenting at them though…stay tuned.

Since 2009 is my 30th year on this planet I’ve decided to put “type to blog” (doesn’t have the same ring as “pen to paper”) and list out my goals. I’ve divided my goals into the sections below:

Education

GCWN (April 2009)
Study the SANS Security 505 – Securing Windows course and obtain my GIAC Certified Windows Security Administrator (GCWN) certification.


CISM (June 2009)
Study for and obtain the Certified Information Security Manager® (CISM®) certification.

Personal

Lose weight and exercise more (Starting January 2nd)
I start my P90X system in 2009, thanks to Chris Hoff, in the hopes that it gives me the kick in the ass I need to get healthier.


Do Something Cool on my 30th Birthday (February 2009)
That’s right…30th birthday. Thanks to my lovely wife, I’ll be in Dublin drinking a pint of Guinness for my 30th birthday. Not a bad way to spend ones birthday.


Start my Novel (TBD)
I’ve talked to some people about this little project but I think 2009 is the “year of the novel” for me. I need to get these ideas on paper before someone else does.

Pay More Attention to my Wife
This is a perpetual goal and is really number 1 on my list 😉

Professional

Blog More (Starting January 2nd)
I have grand plans to start blogging every, or every other, day. Hopefully people see this as a “contribution” and not just rambling 🙂


Webinars (January 2009)
I plan on releasing pre-recorded webinars. This will allow people to learn about some of the security-related topics rattling around in my head without having to attend a conference.


Become More Involved with The Academy (January 2009)
As of January 1st 2009 I become the Chief Marketing Officer (CMO) at The Academy (in my spare time). The goal is to get the word out about how cool a resource this free online video site can be. I also hope to wrangle in more contributors, sponsors, and vendors to make the site the best resource on the Internet for security professionals.


Attend (at least) One Major Conference
I need to attend at least one major conference in 2009. I consider training conferences to fall into the general conference category. I need to start meeting my colleagues and letting them know who I am.

This is just a short list. I’ll have to revise this at the end of Q1’09.