Over the weekend, I wrote about CISOs and ISMs preparing cunning strategies and requesting budgets/proposing investments.
During the remainder of 2019, we will be treated/subjected to a number of predictions about what's in store for information security in the year ahead, thanks to a preponderance of Mystic Megs with unsupervised access to the Interweb, gazing wistfully into their crystal balls and pontificating.
As with horoscopes in the tabloid rags, some of their predix will be right on the button by sheer chance in the sense that, given an ample sufficiency of poo to throw at the wall, some of it will stick. A few more informed pundits, however, will be chucking stickier poo thanks to their experience and insight.
Trouble is, how are we to distinguish the insightful few with sticky poo from the manifold plain or polished poo propellants?
Years ago, the solution involved tracking or looking back at prior predictions to assess how accurate the pundits were ... although, as with investments, past performance is not necessarily an accurate guide to the future. It's an indicator at best.
These days, the situation is trickier still thanks to the Intarweb, social media and the global information melting-pot that turns pretty much everything into a brown sticky malodorous mess. Independent, honest, experienced, reasonably accurate soothsayers find themselves swimming in an ocean inhabited by marketing whales, a few great whites and vast shoals of me-toos who grasp desperately at any passing thought like a drowning man clutches at a log, only to wring all the life out of it.
So, for what it's worth (almost every penny!), my advice is to consider the credentials of anyone claiming to know what's ahead. Do they know what they speak of? Do they have a clue? Are they usually about right? Do they follow the latest fads, spouting clouds of meaningless drivel from their blow-holes, or are they brave enough to buck the obvious trends, say-it-like-it-is and explain themselves straightforwardly?
And then temper everything with a large dose of good ol' common sense. If your organization is taking its first baby steps into the cloud, guess what: it lacks cloud experience, hence the more extreme cloudiness is likely to be riskier for you than, say, a company that is and has been cloud-first or cloud-everything for years already and knows what it's getting itself into. In other words, choose your battles. Build on your strengths, consider and address your weaknesses. By all means get creative and explore the cutting edge stuff ... but be wary of exposing your jugular to that glinting slicey-slicey sharpness.
Don't neglect your inner-circle of trustworthy advisors, the colleagues and contacts who have proven insightful or at least good listeners in the past ... which hints at a possible strategy for 2020: work hard on bolstering and extending your personal network, ready for your 2021 strategies, proposals and budget requests. The flip side of that ocean of pundits is that it's easier than ever to find potential partners and build relationships. Perhaps even the odd blogger making sense of this turbulent world.