At the start of the year, I posted my "Predictions for 2015". Some came true and others didn't. Some were completely out of my control and others I planned on having an impact on. Those latter ones are the more useful predictions, where you predict where the ball is heading, and put yourself in front of it so you're ready to meet it when it arrives. However, I saw this quote last week:
"Nobody likes hearing "i told u so". If you are making 2016 security predictions you are either going to be wrong or a jerk, so stop." Rich Tener
Rich is right. Some of my predictions were positive, but some were indirectly negative and I remember almost wanting some of my more negative predictions to happen, just so I could be right. For things I could potentially impact, I realize that those were predicting new sets of problems, when we haven't fixed the existing problems.
In light of these considerations, I will be predicting only things I plan on doing and which improve current problems. So these aren't so much predictions, as they are my goals for the year.
- Release a tool to reduce the attack surface of Apple OS X.
- Work on improving the collection and analysis of OS X forensic data for malware focused incident response.
- Write more blog posts. These will be focused on the business of infosec, improving security for enterprises, and about agent systems architectures and techniques.