2006 in review

December retrospective. The annual structured retrospective continues, following the pattern from 2005 and earlier years.

This is going to be a comprehensive retrospective because 2006 has been substantively interesting and several developments deserve careful framing.

The major events

In rough chronological order:

• WMF zero-day patch shipped (MS06-001) (January).
• Vodafone interim consulting engagement (February-April).
• Career transition to Gala Coral as CISO (April).
• First-month CISO observations (May).
• Yamanner web-application worm (June).
• Microsoft acquires Sysinternals (July).
• MS06-040 / Mocbot worm wave (August).
• Black Hat USA 2006 reading (August).
• VML zero-day in Internet Explorer (September).
• Internet Explorer 7 ships (October).
• Vista RTM and volume-licensing release (November-December).

Eleven substantive events. The pace has been similar to recent years; the cumulative shifts are larger.

The cumulative trajectory

Three structural observations from the year.

The defensive infrastructure continues to mature. Specific operators have continued investing; cumulative population-level deployment continues; specific structural improvements compound. Windows Vista, IE 7, the Trustworthy Computing trajectory — all are producing measurable defensive improvements.

The threat infrastructure continues to professionalise. Specific commercial-cybercrime infrastructure (DDoS-for-hire, phishing toolkits, bot-rental markets) operates as a coherent ecosystem. Specific threat actors integrate compromise activity with downstream monetisation. The economic structure is mature.

The web-application category has emerged as structurally important. Yamanner, MySpace's Samy worm precursor, the broader trajectory of XSS and CSRF as worm-propagation mechanisms — all illustrate that web-application security is now operationally critical. Specific defensive responses lag the offensive trajectory.

The cumulative trajectory is positive on defensive maturity, negative on threat sophistication, mixed on cumulative outcome.

The personal trajectory

The year has produced substantial personal change.

The role transition is the most significant. From RBGE consulting through Vodafone interim to Gala Coral CISO. The cumulative transition has been productive; specific role-fit is good; the operational responsibility is at the next level from previous roles.

The cumulative writing has shifted slightly. Specific operational topics from the CISO role appear; specific structural reflections continue. The notebook continues at the standard cadence; specific composition adjusts.

The professional network continues to develop. Specific peer CISOs at other gambling operators; specific industry contacts; specific community-of-practice engagement. The cumulative network informs the work.

The predictions, reviewed at year-end

The January 2006 predictions, reviewed:

Continue the weekly cadence. 95%. Resolved AFFIRMATIVE.

Settle into the new role productively. 80%. Resolved AFFIRMATIVE.

Attend at least four conferences. 80%. Resolved AFFIRMATIVE — attended five.

Speak at at least one conference. 70%. Resolved PARTIAL — specific informal presentations; no major keynote.

Substantial piece on internal segmentation. 55%. Resolved PARTIAL — specific posts touched the topic; no single substantial piece.

The cumulative track record: most predictions confirmed; some partially confirmed; no clear misses.

What I have been writing about

The 2006 writing has covered:

• The career transition — moving roles, first-month observations, midyear retrospect.
• Specific incidents — WMF, Yamanner, Mocbot, VML.
• Major releases — IE 7, Vista RTM and volume licensing.
• Industry shifts — Sysinternals acquisition, web-application worm category.
• Reading reflections — Black Hat USA 2006, ongoing technical literature.
• Honeypot data — H1 2006 summary.

The cumulative volume continues. The categories are stable. The cumulative archive grows.

What I expect for 2007

The detailed predictions for 2007 will be in next week's post. The high-level expectations:

• Continued operational tempo. Specific events at the rate of recent years; cumulative volume continues.
• Continued Vista deployment. Specific issues will emerge; specific cumulative trajectory will be visible.
• Continued commercial-cybercrime maturation. The economic infrastructure continues developing.
• Continued web-application security category development.
• Continued personal trajectory at Gala Coral. Specific structural projects through the year.

A reflection on nine years

The notebook has now been running for nine full years. The cumulative archive is substantial. The discipline is firmly established. The community continues to be valuable.

For anyone who has been reading the notebook through the years: thank you. The conversations and corrections continue to shape the writing.

For anyone new to the notebook: welcome. The archive is substantial; the older posts are sometimes interesting in retrospect; the discipline continues into 2007.

More in the predictions post next week.

A closing thought

2006 has been operationally substantial. Specific events tested the defensive infrastructure; specific cumulative shifts continued; specific personal trajectory progressed. The cumulative trajectory remains positive even when individual incidents are difficult.

For my own continued work: more on the cumulative trajectory in 2007. Specific events will inform; the cumulative archive grows.

More as the year wraps up.