You don’t have to wait long when visiting Bejtlich’s blog to see thought-provoking posts. He’s dropped several more nice thought-bombs recently, asking tough questions (that may not have universal answers).
First, he talks about defining what “winning” means to security teams. I agree with the underlying assumption that security is an eventual fail for us mortals. So how do you define when you’re winning or have won (at least for a while)? I think point #4 is an interesting idea to keep in mind: when incident responders can anticipate the adversary’s next target.. That alone packs in the idea that you have informed, talented, and empowered staff. Ranum chimes in the comments that we have a problem with long-term vs short-term security strategies. Sounds like a good essay thesis right there!
Second, Bejtlich listed some things he sees as the future of digital security; basically trends we need to be dealing with either now, or we will be eventually. I had a long comment for him a week or two ago, but I think my session timed out as I composed it over a work day. I understand where he is coming from on most of those items, but that doesn’t mean I fully agree that they will become a reality. It would take me some time thinking and reading his post again to get back into my mindset, but I don’t feel that we’re moving towards having systems be stand alone secure machines. We can’t even get the OS right yet, without lots of bandaids, let alone getting all teams in IT (desktop, engineers, networkers, developers) to work together for that common goal. Instead, I think economics keeps us boxed into our own little worlds, patching and bandaging each other in our sphere of control. (Like I said, it would take some time to get back into what I was thinking in my lost comments…)
Bejtlich has no shortage of thought-provoking topics!