The annual scoring exercise. The 2009 predictions get explicit review; new predictions for 2010 are made.
This is a longer post because the calibration discipline matters and the cumulative archive across multiple years now supports substantive meta-analysis.
2009 predictions, scored
Summary review (full version in the year-in-review post):
- 11 affirmatives, 4 partials, 0 clear misses.
Calibration is reasonable. The cumulative archive across multiple years supports specific subsequent meta-analysis.
2010 predictions
For the year ahead, with explicit probabilities and deadlines.
Threat-side
1. Continued Conficker and successor variants. 85%, 31 December 2010. The bot-architecture trajectory continues.
2. At least one major data-breach disclosure with substantial UK consumer impact. 85%, 31 December 2010.
3. Continued mass-mailing and bot-driven activity at sustained volume. 95%, 31 December 2010.
4. Continued politically-motivated DDoS following Estonia / Russia-Georgia / Twitter pattern. 85%, 31 December 2010.
5. A meaningful mobile-platform malware incident. 75%, 31 December 2010. The iPhone and Android exposure continues to grow; specific operational incidents likely.
6. Continued web-application worm and SQL-injection activity. 85%, 31 December 2010.
7. A specific industrial-control-system or critical-infrastructure incident with substantial public visibility. 55%, 31 December 2010. The category has been emerging; specific incidents may surface.
8. Specific cumulative subsequent APT-style targeted-attack disclosure. 70%, 31 December 2010. The targeted-attack category has been growing; specific cumulative subsequent disclosure likely.
Defensive-side
9. Continued Microsoft platform security investment. 90%, 31 December 2010.
10. Specific cumulative DNSSEC deployment progress. 60%, 31 December 2010.
11. Specific industry-coordination structures continue maturing. 85%, 31 December 2010.
12. Continued two-factor authentication deployment expansion. 85%, 31 December 2010.
Structural
13. Continued data-breach disclosure expansion. 85%, 31 December 2010.
14. Specific UK regulatory tightening on data protection. 65%, 31 December 2010.
15. Specific industry conversations about software-vendor liability continue. 55%, 31 December 2010.
Personal — Hedgehog
16. Hedgehog client base grows to roughly twice current volume. 70%, 31 December 2010. Sustained referral patterns support continued growth.
17. Specific cumulative subsequent decision about scaling Hedgehog (employees, partnerships). 60%, 31 December 2010. The cumulative thinking is in progress.
18. Specific cumulative subsequent specialisation decisions. 60%, 31 December 2010. Whether to specialise more aggressively is an open question.
19. Specific cumulative subsequent advisory work in specific cumulative cumulative substantial UK organisations. 80%, 31 December 2010.
Personal — broader
20. Continue weekly cadence on the notebook. 95%, 31 December 2010.
21. Speak at Infosec Europe 2010. 80%, 31 December 2010. Cumulative practitioner profile and book engagement support specific subsequent invitation.
22. Attend at least four conferences. 80%, 31 December 2010.
23. Specific subsequent substantial writing project. 55%, 31 December 2010. Specific cumulative subsequent project to be defined.
A meta-prediction
24. By end of 2010 I will have twelve full years of prediction-scoring data. 95%.
The cumulative meta-analysis from twelve years will be substantively interesting.
A specific reflection on calibration
The cumulative twelve-year prediction archive supports specific subsequent meta-analysis. Specific patterns visible across years:
- Direction calls reliable across cumulative archive.
- Magnitude calls approximately right.
- Timing systematically optimistic — specific events tend to occur 6-12 months later than predicted.
For practitioners considering similar discipline: the cumulative compounding produces operationally meaningful self-knowledge over years. The investment is bounded; the cumulative benefit is real.
A closing reflection
The calibration discipline continues across years. The cumulative archive supports both individual practice and broader community contribution.
For my continued practice: the discipline continues. The cumulative archive continues growing.
More in 2010.