RE: CyberSecurity in 2020[Prediction]
Hello @teach-me,
nice article you wrote here!
Cybersecurity/InfoSec/OpSec is indeed a rapidly changing field of expertise... which is the reason I got into this over 20 years ago. I started out as an IT guy aka maid-for-all-work after my education back in 1985 and it was a wild ride up to here! Hahaha!
On the other hand, processes, frameworks and so on... it didn't change so much really in the last 10 years in that regard. Once you've integrated an working ITSM (IT service management) it's the good old cyclic "identify, protect, detect, respond, recover" - or some other variant depending on the framework you use - game.
There are indeed a lot of new InfoSec challenges we'll have to face coming out of the AI/ML field and as you correctly mentioned the deep fake threats are a relatively new threat that has to be dealt with too.
A good thing is that the awareness for InfoSec needs has dramatically risen in the last few year which makes my job a lot easier than it used to be.
Now you can expect that at an board meeting the board members will have a basic InfoSec understanding for the most part for instance. This applies to my job in house as the information security officer as well as for my work as an freelancing IT security consultant.
Cheers!
Lucky
InfoSec threats increasingly make it into mainstream media even nowadays.
I wonder if current upcoming global recession will slow down technological advancements. It most likely will.
Any thoughts on that @doifeellucky
Hello Piotr,
oh surely the mechanics "of grace under pressure" ;-) apply here.
Kidding aside, I'm pretty sure that IT organizations always look for ways to work more cost effective and they continuously have to be on their toes because the moment your due diligence shows you are underperforming there are always others that'll love to do "your" work, just a little more cost effective.
What I mean sometimes such pressure leads to even faster technological advancements.
I've lived through a couple of such phases. In the 90ties for instance, were outsourcing and rightsizing were the buzzwords for big old fintech IT shops with big old mainframe infrastructure.
This pressure lead to the evolving client - server environments that are pretty normal nowadays just with added virtualization in different layers.
If you still run a own owned IT environment you cannot close the books on technological advancement either. The "standard" investment horizon for IT infrastructure is 3/5 or even 7 years (for networking infrastructure for instance).
I many cases the bigger = the more cost effective factors push you towards outsourcing partners and they cannot afford to drop the ball on technological advancements either or they'll be gone in the blink of an eye.
So will a global recession slow down or speed up technological advancement? Maybe a little of both! ;-) But IT wise things really never slowed down in my personal experience!
Cheers!
Lucky
Very happy, you responded well about this. Will you have the time to teach me about IT (including knowing hackers' traces).
Hahaha!
That's a wide field my friend!
In my job as a consultant it always begins with an assessment of the existing environment.
Maybe some basics like prevention & detection methods could be a starting point in some cases others require more groundwork like setting up a well functioning backup & recovery system others might lack in processes & methods and there is work required to setup things like an change management process, ticket system, service catalog or an cmdb (configuration management database).
You see all this highly depends on the so called maturity of an environment. More mature environments might be looking for the right control framework to do their due diligence or comply with regulatory requirements. Others might be looking towards an ISO 27001 certification or they need to up their availability standards and you end up tailoring their business continuity plan.
More or less this is the same with the skillset/learning goals you might be looking for.
Inb4 I already was thinking about a little series of posts addressing the basics needed in IT operations to establish an ITSM (IT service management "system") which IT security aspects actually are a part of in most organizations.
Cheers!
Lucky