December retrospective. The annual structured retrospective continues, following the pattern from 2008 and earlier years.
This is a comprehensive retrospective because 2009 has been substantively transformative.
The major events
In rough chronological order:
- Heartland breach disclosed (January) — 130 million payment cards.
- Conficker variants continue evolving.
- Founding Hedgehog Security (April).
- First month at Hedgehog (May).
- April 1 Conficker non-event (June retrospect).
- Three months at Hedgehog (July).
- Twitter DDoS (August) — political-cyber meets consumer infrastructure.
- Microsoft Security Essentials launches (September).
- Windows 7 ships (October).
- Six months at Hedgehog (November).
Ten substantive events plus the founding of Hedgehog Security as the dominant personal trajectory shift.
The cumulative trajectory
Three structural observations from the year.
Bot-architecture sophistication continues to mature. Conficker's DGA approach has been operationally sustained; specific industry coordination has produced bounded but real defensive effect; specific subsequent variants continue evolving. The cumulative trajectory continues toward more decentralised bot infrastructure.
The breach-disclosure regime continues to expand. Heartland exceeded TJX substantially; specific subsequent breaches will continue exceeding previous benchmarks; specific regulatory response continues maturing.
Platform-vendor responsibility for security continues to expand. Microsoft Security Essentials, Windows 7's architectural refinement, IE 8's security improvements — all illustrate the trajectory of platform vendors taking on more structural defensive responsibility.
The cumulative trajectory is consistent with previous years; specific subsequent shifts continue.
The personal trajectory
The dominant 2009 personal shift was founding Hedgehog Security.
The cumulative pre-founding period at Gala Coral produced substantial leadership experience.
The transition to independent practice has been operationally productive.
Eleven client engagements through the first six months represent sustained substantive engagement.
The cumulative practitioner profile from the book and conference work supports the practice.
The cumulative founding-year experience has been, on balance, substantively rewarding. Specific subsequent decisions about direction will follow.
The predictions, reviewed at year-end
The January 2009 predictions, reviewed:
Continue the weekly cadence. Resolved AFFIRMATIVE.
Make specific subsequent role decisions. Resolved AFFIRMATIVE — Hedgehog founding.
Attend at least four conferences. Resolved AFFIRMATIVE.
Speak at at least one conference. Resolved PARTIAL.
Substantial cumulative writing or extended-format work. Resolved PARTIAL — specific subsequent work in progress.
Conficker variants continue. Resolved AFFIRMATIVE.
Major data-breach disclosure. Resolved AFFIRMATIVE — Heartland.
Continued mass-mailing. Resolved AFFIRMATIVE.
Continued politically-motivated DDoS. Resolved AFFIRMATIVE — Twitter incident, others.
Mobile-platform malware incident. Resolved PARTIAL — iPhone research continues; bounded operational incident.
Continued web-application worm activity. Resolved AFFIRMATIVE.
Specific cumulative cumulative subsequent internet-infrastructure-protocol disclosure. Resolved AFFIRMATIVE — specific cumulative cumulative subsequent BGP work.
Major UK financial-institution security incident. Resolved PARTIAL.
Continued Microsoft Trustworthy Computing progress. Resolved AFFIRMATIVE — Windows 7, Security Essentials.
Specific industry-coordination response to Conficker. Resolved AFFIRMATIVE.
Continued cumulative crisis-driven operational impact. Resolved AFFIRMATIVE.
The cumulative score: 11 affirmatives, 4 partials, 0 misses.
What I have been writing about
The 2009 writing has covered:
- The role transition and Hedgehog founding.
- Specific incidents — Heartland, Conficker, Twitter DDoS.
- Major releases — Windows 7, Security Essentials.
- Operational reflection from the founding period.
- Continued reading, conference engagement, cumulative practitioner observation.
The cumulative archive continues at the established cadence.
What I expect for 2010
The detailed predictions for 2010 will be in next week's post. The high-level expectations:
- Hedgehog Security operational growth and specific subsequent decisions.
- Continued Windows 7 deployment trajectory.
- Continued bot-architecture evolution.
- Continued political-cyber events.
- Continued breach-disclosure expansion.
- Continued cumulative writing.
A reflection on twelve years approaching
The notebook will reach twelve full calendar years in January 2010. The cumulative trajectory continues; specific subsequent observations will inform.
For my own continued work: more on the cumulative trajectory in 2010. Specific events will inform; the cumulative archive grows.
More as the year wraps up.