It’s the end of the year and like all of you, my news feed has been filled with ‘Predictions for 2019’ to such a point that I basically ignore them. And while I admit that I did indeed write one of those a few years back, I’ve about had more than my fill at this point.
That being said, rather than a scribing some prediction piece that will likely go unread, I’ve decided to spin the topic 180 degrees and instead, jot down what I hope 2019 will bring us.
In that light, I offer up my Three Wishes for 2019:
Wish #1: Support your local STEM programs
The first of my wishes is that we all get more involved in our local STEM programs. Somehow, over the last few decades, we have drifted away from encouraging our youth to follow a Science, Technology, Engineering or Math curriculum as part of their education. The result, at least in part, is the overwhelming dearth of candidates we have for our open positions. I am quite positive that your local education system would happily welcome volunteers for career days, workshops, and parent meetings. Reach out to your local Parent/Teacher organization and see if they would assist with discussions with your local education boards. While you’re at it, encourage a discussion around diversity and the wealth of opportunities in the STEM world. Think about it – if we each just encouraged one child to follow a STEM path, how much better off would we be?
Need some ideas?
- AAAS: https://www.aaas.org/programs/STEM-volunteers
- Girls Who Code: https://girlswhocode.com/volunteer/
- STEM Scouts: https://stemscouts.org/contact-us/get-involved/
Wish #2: Give back to the industry
My second wish is that more of us give back to the industry we so love. In all the years I’ve been in the IT world, I can honestly say that I have never met a more passionate group of people than those in the Information Security field. Not only are we passionate about what we do, but many of us feel a certain moral responsibility in what we do that drives us to fight the good fight every day; even when management or business partners don’t fully align. Because of this, all of us have developed insights, experiences, tools, cheat sheets that many of our colleagues would benefit from. Find time to socialize with your peers, share war stories (both good and bad), compare notes about vendors, or anything else you may find valuable to share. I am a firm believer of ‘all boats must rise’ if we are ever truly going to get a handle on the threats we face every day. Why not share what has helped you with others who are fighting the same fight? We are all comrades in the battle – lets win together.
Wish #3: Take Quantum Computing to heart
What wishlist wouldn’t be complete without a geeky, nerdy wish? For my final wish, I wish we would all take the future risk of Quantum Computing to heart and start preparing for the inevitable today. There are some pretty well thought out studies that put a realistic quantum machine in regular use within 15 years. While I fully realize that seems like quite a ways away, let’s be serious for a moment – we are just now deprecating cryptographic algorithms that we know have been insecure for a decade or two. Lets face it, when it comes to changing such fundamental building blocks of our security programs, we are notorious for ‘kicking the can’. What happens when we wake up one day in the future and find out that all of our encrypted data is now as insecure as cleartext because of the advancement of quantum computing?
Now, I’m not suggesting that you go out tomorrow and mandate quantum-resistant encryption in every nook and cranny of your infrastructure, but you should have a risk identifier/metric in place for it and fully understand how the evolution of quantum will impact your organization. For once, let’s stop being reactionary and be proactive on this one.
Here are a few Quantum Computing resources you may find helpful:
- NIST: https://csrc.nist.gov/projects/post-quantum-cryptography
- CRYPTOMAThIC: https://www.cryptomathic.com/news-events/blog/quantum-computing-and-its-impact-on-cryptography
- IBM: http://www.research.ibm.com/ibm-q/learn/what-is-quantum-computing/
So, there you have it. My three wishes for the upcoming year. No vendor bashing, no soapbox pontificating, nothing but a few basic wishes that I hope hit home with most of you.
Would love to hear your thoughts..
Copyright © 2002-2018 John Masserini. All rights reserved.
*** This is a Security Bloggers Network syndicated blog from Chronicles of a CISO authored by John Masserini. Read the original post at: https://johnmasserini.com/2018/12/31/three-wishes-2019/