Rational Survivability

November and December usually signal the onslaught of security predictions for the coming year. They’re usually focused on the negative.

I’ve done these a couple of times and while I find the mental exercise interesting, it really doesn’t result in anything, well, actionable.

So, this year I’m going to state what I am *going* to do rather than what I think others *might.*  I’ve spent the last couple of years talking about the challenges, now it’s time to focus on the solutions.

It’s quite simple.  I resolve to:

1. Continue my efforts to make the Cloud Security Alliance work products more useful and impactful, focusing on solutions to the challenges we have with Cloud Security
2. Push the agenda for transparency in Cloud providers with the A6 API working group
3. Deliver even more interesting and thought-provoking presentations focused on virtualization and Cloud security
4. Take our local security scene up a notch: focus on making BeanSec more than just a social event and make it the epicenter for security knowledge sharing in the greater Boston area
5. Spend more time at local events such as ISACA and OWASP and support regional “non-cons”; many folks don’t get to go to the big shows
6. Blog more and push the envelope on things I know need to improve.  Also publish the podcast and vlogs on a regular basis
7. Reach out beyond the U.S. and share more/learn more with folks from other countries/backgrounds
8. Dig my heels in and participate more actively in the standards bodies and organizations that I lurk in (PCI vSig, DMTF, etc.)
9. Focus on making my contacts into more of a community; I have the most awesome circle of friends and acquaintances and it’s time to put them to use
10. Publish a couple of the books I’m working on

These are my top 10.

What are yours?

/Hoff