As I wrote about Security Yearbook 2020: A History and Directory of the IT Security Industry, by Richard Stiennon, it was like a walk down information security memory lane. Security Yearbook 2020 details security firms we all know and sometimes love, such as Symantec, Check Point, Palo Alto Networks (where Stiennon is persona non grata) and more; and then companies that have faded away or been absorbed, such as Network Associates, Vigilinx and many others.
In Stiennon On Security: Collected Essays Volume 1 (IT-Harvest Press 978-1945254062), he is back with more than 100 essays of his, written between 2010 and 2020.
About two-thirds of the essays in this volume are from 2010-2013. Of the many companies that Stiennon mentions, Symantec is one that gets much mention. Symantec is on his wall of shame in large part due to several disastrous non-strategic acquisitions they made and had little profit to show for it. The Symantec board brought in many CEOs in an attempt to straighten the ship and mature the organization.
But in what may be seen as the ultimate in industry heresy, Stiennon writes that information security is not only not mature, but it is also one of the few tech businesses that will never mature. He notes that information security is a very different animal and that the primary driver is not the customer. Instead, the primary driver is the threatscape, which evolves continuously.
When dealing with the failure of the Trusted Platform Module (TPM), also known as ISO/IEC 11889, around a secure crypto-processor, he astutely writes that products generally do not sell unless they solve a real problem, and security products, in particular, do not sell unless they address a real and present danger.
In an essay from 2011, I read in humor about a DDoS attack sending 60,000 requests per second. Jump to 2020, and Amazon said it mitigated the most massive DDoS attack ever recorded as 2.3 Tbps.
A lot has changed in the past decade, which is about half a century in information security years. Stiennon On Security Volume 1 is another interesting walk down information security memory lane. And those who don’t remember the information security past; well, you know what happens.