Office cold, kettle on, pad open. The first Monday of 2019 is being shaped by the operational momentum of December rather than by any new strategic decision; the year ahead is more about executing on commitments made through 2018 than about reframing them.
The portfolio. Six vCISO clients continuing — Browne Jacobson, Towry, Northcott, the manufacturer, the financial-services firm added in September 2016, and the retailer added in October 2017. Eleven SOC customers, indexing approximately one terabyte per day in Splunk. EmilyAI commercial customers at five (three pilots from 2018, two production deployments from October), with two more in onboarding for Q1. The team is at twenty-six, split roughly even between the original London office and the Bath engineering office.
The product roadmap for 2019. Multi-SIEM support (Elasticsearch and QRadar in addition to the current Splunk) lands in Q1; this opens the addressable customer population substantially. Playbook-drift report becomes a first-class feature in Q2. The threat-intelligence-integration capability — the principal differentiating feature — gets v2 treatment in Q3 with substantially expanded vendor-feed support and customer-specific TI ingestion. The product-management function is now mature enough that the roadmap is being driven by structured customer-feedback rather than by the engineering team's instinct, which is the right transition.
The GDPR enforcement landscape is firming up. The Information Commissioner's Office's enforcement output through Q1 2019 is going to set the precedent for what GDPR-era UK fines look like. The British Airways and Marriott investigations are at the stage where Notice of Intent decisions are expected. The customer briefings I am doing this quarter need to incorporate, when the figures land, what the GDPR-era enforcement environment actually means in concrete pound figures rather than the abstract 4%-of-revenue framework. The customer-organisation discomfort with that conversation in 2018 was, in retrospect, useful preparation; the 2019 conversation will be sharper.
The threat-landscape planning. The supply-chain pattern from 2018 — Marriott specifically as the structural example, the Magecart wave more broadly, the various third-party-script and acquisition-integration cases — continues to be the dominant strategic theme. The ransomware landscape is shifting in a direction that I want to write about properly through Q1 — the GandCrab-and-affiliates ecosystem of 2018 is producing operationally sophisticated successors, and the targeted-rather-than-mass-spread pattern that emerged through the second half of 2018 is going to define the 2019 ransomware threat. The credential-aggregation environment continues to grow; we are seeing a steady drumbeat of exposed-credential corpora circulating in the secondary market, and the Collection #1 disclosure that has been showing up in researcher feeds in the past few days will probably be the public surfacing of a substantially larger collection than anything previously disclosed at one time.
The conference calendar. Infosec Europe in June with the EmilyAI booth (planning the second-year presence is in motion). The USENIX Security 2019 paper presentation in August in Santa Clara — first conference paper in the company's history, the lead engineer is presenting. BSides Manchester in late summer or autumn — there is a paper-grade talk on the Emily research that I want to give at a UK community venue. I am avoiding the major commercial-vendor conferences this year on the strength of last year's experience that they produce less substantive customer conversation than the smaller events.
The book project. The DDoS-successor draft is at eighty-five thousand words and I am, finally, in editing rather than drafting. The publication target is autumn. The working title remains placeholder.
The kettle has boiled. Inbox now.