2011: A Personal Introspective

Over the last couple of weeks many bloggers have recapped the top InfoSec news of the past year and put forth their predictions for 2012. There are enough good (and bad) articles out there so rather than chiming in I'm going to take a moment to recap my personal top moments of the year. In no particular order:

New Job – In April I made the decision to put away my luggage and make the transition from a road warrior to an in-house security engineer. It's difficult to convey how much happier I am. It's not just that I am no longer traveling; I find my new position much more stimulating, the people are easier to get along with and I feel I have the opportunity to grow as an InfoSec professional. Not only that, I get to help grow and shape a security program over time instead of issuing my recommendations and leaving.  This has proven to be both frustrating and rewarding.  I had also forgotten how nice it is to sleep in my own bed during the weekdays. It's a luxury I won't soon forget.

Passing the CISSP Exam – I finally got around to taking the exam. Say what you will about the CISSP (I'll be right there beside you) but it is with a great sigh of relief that I can say I've put this milestone behind me. The subject matter wasn't difficult; the hardest part was getting in the right mindset (security management methodology vs. real world experience). I've always been skeptical about (ISC)2 but with the recent election of Wim Remes to the Board of Directors, I have hope that they will bring real value to the community.

Podcasts – This is the first year that I fully embraced listening to InfoSec podcasts on a regular basis. This is mostly due to the discovery of the "Listen" app in the Android market which now allows me to take podcasts on the go. Previously I had listened to shows sporadically from my desk but this was infrequent since I was rarely in the office and it wasn't acceptable to listen to them while at a client. My current subscriptions include (in alphabetical order):
  • Aluc.TV
  • Down the Security Rabbithole
  • Eurotrash Security Podcast: Security with funny accents
  • Exotic Liability
  • InfoSec Daily Podcast
  • Network Security Podcast
  • PaulDotCom Security Weekly
  • Risky Business
  • SecuraBit
  • Social-Engineer.Org PodCast
  • Sophos Podcasts
  • Tenable Network Security
This Blog – Creating a blog has been on my "to do" list for quite some time. Many thoughts and ideas have been set aside only to become old and stale simply because I didn't have some way to express them. It is my hope that I will be able to bring value to the community which has given me so much. Speaking of which....

The InfoSec Community – There is nothing quite like it. Nowhere else have I felt such a sense of comradery than with the InfoSec community. It's amazing how we can go to any city in the world and with a tweet, have dinner with someone we've never met in person but can connect with as if they were a long lost friend. I have met so many people this year. I don't expect them all to remember me but I would like to thank the people below, just for being awesome:

  • Rob Fuller (@mubix)
  • Jack Daniel (@jack_daniel)
  • Josh Abraham (Jabra)
  • Paul Asadoorian (@pauldotcom)
  • Marcus Carey (@threatagent)
  • Jon Cran (@jcran)
  • Jason (@n00bznet)
  • Tim Mugherini (@bug_bear)
  • Stacy Thayer (@stacythayer)
  • Wolfgang Goerlich (@Jwgoerlich)
  • Schuyler Towne (@shoebox)
  • Andy Ellis (@csoandy)
  • Joshua Corman (@joshcorman)
  • Wim Remes (@wimremes)
  • Apneet Jolly (@Jolly)
  • James Baker (@ABCecurity)
  • Martin McKeay (@mckeay)
  • Bill Brenner (@BillBrenner70)
  • Wendy Nather (@451wendy)
  • Nick Owen (@wikidsystems
  • Michelle Klinger (@diami03)
  • Tom Williams (@1_tjw)
  • BoB Rudis (@hrbrmstr)
...and anyone I inevitably missed.
It was a pleasure to meet all of you in person. Thank you again for letting me be a part of the community. I look forward to seeing you again in 2012.

*This post originally appeared on Maske[d]Crusader.net