The Christmas-and-new-year week is, for once, quiet. The Hedgehog SOC has been on reduced staffing through Christmas Day and Boxing Day, with one analyst on call covering the three monitoring clients; we have had one minor alert (a likely false positive from a client whose ad-blocking tooling was producing odd outbound DNS patterns), one routine maintenance window for SIEM tuning, and otherwise an uneventful holiday week. This is good. Boring is what the SOC is supposed to look like during a quiet period; the more substantive work happens during the noisy periods, and we will know whether the build is operationally sound when the first sustained-incident week tests the procedures.
The advisory side of the practice has been on actual leave through the holiday week. The first January engagement is on the second; the year-end retrospective for the News International work is being drafted for delivery in mid-January; the first 2013 board cycle for Browne Jacobson lands later in the month. The fifth secondment conversation that has been ongoing through autumn is now scheduled for resolution in the first fortnight of January, one way or the other.
The reading I have been doing through the holiday week is mostly long-form. The Bruce Sterling collection that I had set aside in November has finally been started; Glenn Greenwald's columns at Salon on the broader civil-liberties side of the post-Patriot-Act surveillance regime have been the running corroboration through the year. There is a piece I want to write in early 2013 about the structural relationship between commercial security infrastructure and state-level surveillance infrastructure — the Petraeus case sharpened it, but the case for writing it has been building since the DigiNotar incident the year before.
The notebook continues. Fifteen years on the second of January. There are no plans for that being a particularly special anniversary; the more substantive milestones at this point are operational rather than calendar-based. The SOC build is the structural change of the past year and a half; the next structural change, if there is one in 2013, is more likely to be a SOC scaling decision or a secondment-portfolio reshuffle than anything else.
Happy new year, when it arrives. The first post of 2013 will be the fifteen-years-on entry on the second.