2014 Tech goals

While the calendar will flip in a few days, I’ve had some time off and and naturally have spent some time thinking about the future. What do I want to learn and improve in my technical skills over the next year or so? Most of the following can be summed up in two “meta goals”: write more code and get back to math and computer science.

Getting started in infosec

I recently participated in a discussion on a private mailing list about people who want to get started in information security. Of course it veered into standard territory about the value of certifications and such, but a few bits turned out interesting if not exactly ground-breaking.

Computers versus telescopes

Computer science is no more about computers than astronomy is about telescopes. – Michael R Fellows ?

Kent Doctrine for security intel analysis

I’ve said before that log management matters, but log analysis matters more. Extracting and communicating useful information (analysis) requires collecting and storing your security data as well as processing the data quickly. But having all the data available won’t matter to anybody except auditors if you don’t use it in ways that inform good decisions. Mike Rothman of Securosis expressed this exceptionally well in his preview of the 2012 RSA Conference: