By Ira Winkler

I just saw two articles referencing Carly Fiorina in USA Today. The first one said that Carly has been picked to be on an advisory board for the Director of the CIA. She was one of 3 people announced, and the article implied that she is wanted for her management expertise. There is not a single person I can imagine who demonstrated more management ineptitude in modern history. Besides of running HP into the ground, she actually ran Lucent into the ground prior to HP.

(more…)

By Jim Reavis

What do you call billions of spam messages, millions of lost customer records, thousands of new viruses and hundreds of governments asleep at the wheel? In our business, we call it 2006, just a normal year in the information security industry. As we put last year in the books and gird ourselves for another year defending our digital frontiers from an array of threats, we wanted to provide some guidance in the form of predictions by some friends of Risk Bloggers. These are not just any random hacks with Magic 8 Balls, we scoured the industry and hand selected experts with a solid 50% track record on heads or tails. Our sages of the security scene include CISOs, former CISOs, Industry Analysts, CTOs, CTOs who wish they were CISOs, Risk Management Experts who think they understand technology, and others we struggle to categorize. If you have been around the block a couple of times, you know that our industry’s thought leaders can sometimes be a little pessimistic. But while you might not want to take this crew into the hospital to pep up Grandma before that hip replacement operation, being prepared to protect our organizations’ viability and even our way of life does require facing unpleasant probabilities from time to time.

If our experts are right, 2007 does look to have a few rough patches in the road. Increasingly, sophisticated criminal organizations are able to exploit technology to stay ahead of corporate and consumer defenses and steal billions of dollars and disrupt whole economies. Botnets, web application holes and uncontrolled mobility loom large as villains in this tale. Skepticism about the government’s ability to be relevant in face of these challenges abounds. Perhaps most disturbing is not the technology or regulatory challenges, but the lack of a hospitable environment for CISOs in the modern corporation. The revolving door CISO appears to be bound to continue, as for whatever reason executives too often are not able to appreciate and leverage security to improve and accelerate their business.

At the same time, there are some hopeful signs. The possibility of regulatory compliance coalescing around industry standard frameworks could be a boon to information assurance programs. The IPO may be returning to the security industry, providing much needed market validation to our space. The rise of collaboration and other technical enablers will provide additional tools for the good guys to take arms against a sea of troubles. We hope you enjoy these prognostications, and your introduction to Risk Bloggers as well. I predict that some of these predictions will come true, some won’t, but that we will entertain and inform you throughout the year.

(more…)