I’m a little late to the game but I thought I’d throw my predictions into the fire.

Social Media Takes a Hit

I wish I had posted this earlier. I had a bad feeling that something would happen to Twitter in 2009 that would make us all take a step back and say “Ummm….”. It didn’t take very long until this became a reality. On Sunday, January 4th numerous sources reported that Twitter accounts were being compromised. From the Zero Day blog:

A cluster of compromised Twitter accounts are sending out person-to-person phishing messages inside the Twitter network. These messages and the target website are similar to standard social network phishing messages, except this time they are very very short.

Even today, there is proof of someone exploiting the Fox News Twitter account and some other high profile accounts.

More and more organizations are including Twitter, and other social media tools, as part of their media relationship plans. It’s unfortunate that more security wasn’t wrapped around this tool from the start.

Training Budgets Get Even Smaller

In my 2008 Predictions I said that training budgets were going to get smaller due to the economic downturn. Even though it looks like we’ve (mostly )made it through the bad spots organizations are not going to be spending money on training like they did 3 or 5 years ago. Everyone is timid right now and they can’t afford to take a chance.

This is, however, a good opportunity for self paced e-learning and self study methods to shine. Organizations and individuals will shy away from the big conferences in favor of alternative training methods.

Do More With Less

You didn’t have NAC last year and you probably won’t have it this year. Budgets will be tight for new security capital expenditures and we security professionals will be asked to take the do more with less approach. It will no longer be a question of “Can we continue to operate without ‘xyz’?” but rather “How long can we continue to operate without ‘xyz’?”

A word of advice. Ensure that your proposals for new purchases include the current cost, any discounts you will receive before a particular date, what it will cost after the discount date, what it will cost over the next 3 years to operate, and what you expect this purchase will save the organization (money, bad publicity, and so on). Expect to fight for every capital expenditure in 2009.

Cyberwar The Biggest Buzzword of 2009

Oh how I hate buzzwords…expect to be force fed the term cyberwar and all of it’s derivatives. The average person is starting to worry about foreign nations and unfriendly organizations attacking the infrastructure of their country. Is the threat real? That depends entirely on who you ask. Personally I think that it is possible to some extent but we’re not quite there yet. Will we get there? Definitely. I believe that every major nation has, or is working towards, a first strike scenario which includes the Internet.

Do you want to play a game? 😛

That’s all I’ve got. Let’s see what happens.

Here is my short list of conferences that I would LOVE to attend in 2009. I have left some off of the list, due to conflicting vacations and such, but I think I have picked most of the prime conferences available to me (please let me know if I’m missing any that you would suggest I attend):

Source Boston 2009

About: SOURCE Boston provides an interactive learning and networking environment allowing all participants and attendees to ask questions, talk to speakers and make the most of the experience. All of our speakers have been hand-selected by our advisory board to ensure presentation quality, effectiveness and content relevance. SOURCE is ideal for high level security professionals who are interested in both the technology and application of computer security, as well as the business practices used within the industry.
Link: http://www.sourceconference.com/index.php?option=com_content&view=article&id=63&Itemid=65
Date(s): Wednesday, March 11th and Thursday, March 12th (2 days)
Location: Boston, MA
Cost: $995 December 1, 2009 – February 28, 2009 ($1195 March 1, 2009 – at door)
CPE Credits: YES

The SANS WhatWorks 2009 Log Management & Analysis Summit

About: The Log Management & Analysis Summit is a user-to-user, non-commercial conference on what works in log management & analysis. It is the only place where you can learn about the strengths and weaknesses of competing technologies, where users will share the lessons they learned about what to log and what to keep and what to report.
Link: http://www.sans.org/logmgtsummit09/
Date(s): Monday, April 6th and Tuesday, April 7th (2 days)
Location: Washington, D.C.
Cost: $1,945
CPE Credits: YES

RSA Conference 2009

About: RSA® Conference 2009 offers enterprise and technical professionals one-stop learning. With targeted classroom sessions, innovative and interactive programs, provocative keynotes and a solutions-filled expo hall, RSA® Conference 2009 is the unbiased third party resource information security professionals rely upon.
Link: http://www.rsaconference.com/2009/US/Home.aspx
Date(s): Monday, April 20th to Friday, April 24th (5 days)
Location: San Francisco, CA
Cost: By January 23, 2009 $2,090 ($1,795 by March 20th, $2,195 after March 20th)
CPE Credits: YES

SANS WhatWorks Summit in Forensics and Incident Response

About: The 2009 SANS What works in Forensics and Incident Response Summit being held in Washington DC on July 9 & 10 gives you access to the state of the art in computer forensic techniques. Top industry leaders, forensics and incident response professionals and vendors will discuss the latest defenses and technologies in a series of highly interactive sessions focused on effective incident response and mitigation, forensic analysis, recovery as a result of a data breach and e-Discovery requests. Expert forensics analysts and law enforcement personnel will share their latest lessons learned from the trenches and the secrets of their forensic approach. And you will leave the Summit armed with answers to your questions as well as new techniques and solutions that you can put to use immediately.
Link: http://www.sans.org/forensics09_summit/
Date(s): Monday, July 6th and Tuesday, July 7th (2 days)
Location: Washington, D.C.
Cost: $1,945
CPE Credits: YES

Black Hat USA 2009

About: The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world – from the corporate and government sectors to academic and even underground researchers. The environment is strictly vendor-neutral and focused on the sharing of practical insights and timely, actionable knowledge. Black Hat remains the best and biggest event of its kind, unique in its ability to define tomorrow’s information security landscape.
Link: http://www.blackhat.com/
Date(s): Wednesday, July 29th to Thursday, July 30th (2 days but training is also available from Friday, July 25th to Tuesday, July 28th)
Location: Las Vegas, NV
Cost: ~$1,350
CPE Credits: YES

SANS Virtualization Security Summit 2009

About: The SANS Virtualization Security Summit brings together industry leaders to help enterprises realize the enormous benefits of virtualization while addressing the new security challenges that it creates. You’ll discuss the latest processes and tools for securing your virtualized systems in open forums designed to bring you together with both industry experts and your peers facing the same day-to-day challenges. Since securing an enterprise doesn’t have a “one size fits all” solution, you’ll be able to get answers to your organization’s individual requirements in detailed Q&A sessions. If you’re considering deploying virtualization, or increasing your current deployment, vendor “shoot-outs” provide you with a unique opportunity to ask the hard questions to determine what tools will best fit your organization’s requirements. Whether your company is just beginning to use virtualization technologies or if you’ve had it deployed for years, this SANS Summit is designed to increase your knowledge and awareness of virtualization’s security issues and how best to address them in your organization.
Link: http://www.sans.org/virtualization09_summit/
Date(s): Monday, August 17th and Tuesday, August 28th (2 days)
Location: Washington, D.C.
Cost: $1,945
CPE Credits: YES

And what would be better than attending these fine conferences? Why presenting at them of course 🙂

I’m still trying to find out how to get in the door for presenting at them though…stay tuned.