Office cold, kettle on, pad open. The break was, by recent standards, the calmest end-of-year I have had since 2018 — no Log4Shell-grade incidents, no SolarWinds-grade disclosures, the customer-portfolio operational tempo settled enough through Q4 to support actual rest.
The portfolio. Six vCISO clients carrying through. Sixteen SOC customers. Sixteen EmilyAI commercial customers entering the year, with three additional prospects in late-stage commercial discussion for Q1 close. The team is at thirty-eight. The 2023 hiring plan envisages four to six further hires through the year, principally on the EmilyAI engineering function (with the language-model integration work being the principal Q1-Q2 driver) and on the customer-success function (which continues to be the customer-acquisition-rate-determining capacity).
The dominant 2023 strategic theme is the language-model integration work. The post-ChatGPT environment that I noted in the December writing has continued to develop through the holiday period. The capability inflection has, in the past six weeks, produced substantive engineering attention across the security-research-and-product community. The EmilyAI v3.2 release planned for late Q1 will incorporate language-model-based natural-language interaction with the SOC data, accessible-language explainability of model classifications, and analyst-assistant functions that integrate with the existing alert-classification surface. The engineering team has been working through the appropriate architectural integration through December — using language-model capability as an additive layer rather than a wholesale architectural replacement, preserving the structured-classification model's confidence-and-explainability properties as the principal decision-support surface, and being deliberate about the ways in which language-model output is and is not authoritative in the analyst-decision workflow.
The NIS2 readiness programme begins. The transposition deadline is October 2024 — twenty-one months from now. The customer-portfolio organisations affected (the manufacturer's overseas operations, Northcott's overseas operations, the retailer's various EU operations, with the financial-services firm having parallel obligations under DORA) need substantial programme work over the period. The customer-portfolio NIS2-readiness assessments completed through Q4 2022 have produced the gap-analysis baseline. The 2023 work is moving from gap-analysis to programme-execution.
The post-Russia-Ukraine geopolitical environment continues. The cyber-dimension of the war has settled into sustained operational tempo rather than the early-2022 acute-phase tempo. The customer-portfolio briefings continue to incorporate the geopolitical-context as a substantive theme but the operational pressure is no longer the dominant short-cycle concern.
The threat-landscape planning. The continuing ransomware-with-data-exfiltration model. The continued social-engineering-driven access patterns that Lapsus$-and-Oktapus established. The continuing supply-chain attack pattern. The new threats that the language-model environment will produce — both offensive (improved phishing-and-pretext content) and structural (the various attacks against language-model-integrated systems that the academic-and-research community is starting to document). The aggregate threat picture is consistent with the 2022 trajectory; the new dimensions are additive to rather than displacing of the existing dimensions.
The book project. The supply-chain book published in October has had reception that has been useful for customer-engagement work but commercially modest. The next book is in early outline; the working theme is the language-model environment specifically — the security-relevant implications of the post-ChatGPT capability inflection, the offensive-and-defensive use cases, the regulatory landscape, the engineering-discipline implications. Drafting target Q3-Q4 2023, publication probably 2024.
The kettle has boiled. Inbox now.