In the Year Two Thousaaaaaaaaannnddddd
I’m reaching the age that I can say remember “insert throwback reference here” and most people say no. My daughter let me know that she loves “old music” then turned on 80s Hits. That cut deep.
As we enter annual prediction time, I’ll try to embrace it like a fine wine. I started with Johnny Carson’s Carnac the Magnificent in mind, but Conan O’Brien is more my speed. I can hear them singing, “In the year 2000….In the year two thousaaaaaaaaannnddddd.”
I hope my predictions for what’s in vs. out are a far cry from the actual phenomenon I expect to occur. In my role as an Identity and Security tour guide, I have to embrace some level of pragmatism or I’d be curled up in a ball in the corner. With that in mind, I aimed to be far more practical with my crystal ball. Not my wishes for what could or should happen, but what will inevitably fall into our laps.
Making the most out of a shoe string. Cyber funding will continue to be tight and the need for creative (but limited) investment will persist. That means cross training your resources as open positions will not be approved or approved salaries won’t match the market leaving seats unfilled. It means limited external assistance driving the need to leverage internal skills. A tactical strategy with achievable goals and monitoring incremental progress is critical. With limited ability to make sweeping changes, tracking your biggest compliance or operational hurdles facilitates chipping away at those landmark objectives.
Catalog your risks and highlight them routinely. Unfortunately, additional funding comes when one of these risks occurs or the threat is internalized at the leadership level. Use your experience and influence to create clear communication that could be the catalyst for future investments.
CISOs. Limited support and funds coupled with a lopsided amount of responsibility and ownership, means CISOs continue to exit en masse.
Security Officers will attempt to deploy a vision and abandon ship when interview promises meet consistent day to day defeat. Leadership in tech is desperately needed but the high demands and whopping consequences don’t mirror the rewards and glory of the gig. Reflecting on the prestige this position held over the years, it’s allure has certainly dropped like a stone. Executives are outflanked by the opposition and overrun with the threat of security failures. They also are profoundly underfunded to acquire the very resources needed to combat them.
Intermediate and higher education systems need to highlight the technical, business, and communication skills our industry desperately needs to prepare students for the environments they will face.
Advanced education should seek to equip professionals for a way to bridge the gap between tech and operations. This means ensuring technical problems or risks supporting business critical functions are communicated with business language.
What stays the same?
AI. Our love of AI persists, but the realization of its value is much lower than we expect. The practical application of Intelligence requires a significant evolution from the current state. The present status of process and data management makes AI’s value beyond the reach of most organizations without conscious time, effort, and investment. Many will deploy initial funding for AI, without the foundational needs to make it successful.
That means further underutilized products with lackluster performance and a reduction in future spending. We expect peak performance from advanced tools without taking the necessary steps for them to perform.
On the contrary, Cybercriminals will utilize AI extensively. The ability to leverage automated and artificial intelligence to exploit and leverage weaknesses with social engineering, human behavior, and basic curiosity will hit explosive levels. Personalized phishing campaigns will reach even higher success rates costing organizations trillions globally.
Following trendy tech tools is fun, but rarely yields the best results. As we invent new ways to automate, customers are more confused than ever on what “silver bullet” to purchase from savvy sales crews. But the failure to manage business basics will still sink a ship.
As we enter the new year with many new (and many of the same) challenges, our responsibility to our employees, our shareholders, and key stakeholders remains the same. Our core objectives are to act as a good financial steward and protect both physical and digital assets to achieve the corporate mission. The catch? Finding individuals to act consistently to that mission…but that…is a completely different blog.
While pragmatism demands that we have realistic expectations, we must pursue our quest to raise and not lower the bar. It’s our obligation to be realistic and educate leadership on a program’s shortcomings, not whitewash the painful current state we often find ourselves in.
If the goal is to propel into the future of Identity and Security, or at a minimum catch up with the bare minimum protection levels for today, don’t be the poster child for the Wayback machine to 1995.