Thoughts on Industry Trends
Q5: The industry is changing. What advice would you give to IT professionals to stay on top of what is happening in the industry in order to position them (from a career standpoint) and their organization to benefit from these trends?
A. We're going to see a fundamental change in the underlying hardware foundations: increased reliance on hardware-supported virtualization, increased permeation of TPM-like hardware, more CPUs (thanks to multi-core) than you can shake a stick at. These trends may turn conventional wisdom upside down.
Boundaries are disappearing. With outsourcing, corporate acquisitions, and regular job-changing, well-defined notions of "inside" and "outside" and "perimeter" are disappearing. I might even go further on a limb and predict that, with things like Web 2.0 and Web-based "office tools" and MySpace and Facebook, the well-defined notions of "application" and "data" are also disappearing.
Computers are getting smaller and going everywhere. It's cliché now, but I don't think it will be long before my refrigerator sends me a text message telling me I need to get beer and the GPS in my car automatically calculates the route to the nearest market. While this is great from a convenience standpoint, it surely poses a host of new security challenges.
Regulatory compliance is driving much of the current security spending, at least in the US. Some of these regulations and best practice frameworks are vague, and require interpretation to become useful to IT staff; others are more specific. In any case, some knowledge of these regulations is useful to anyone going into IT security or is planning on developing software to be used in a regulated environment (e.g., a publicly traded company).