2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
It seems to just be "understood" that if you're accepting favors you're doing so because the vendor expects to influence you and that you've compromised yourself if you start down that path. During the course of my career, I've seen only a couple of incidents of this type.
Although it's encouraging that security is now considered part of the software quality paradigm for customers' needs, the question remains: "Do we have the cyber skills needed for today's chaotic, application-driven world and its ever-increasing need for security?"
"We appear to be asking DHS to take on new cybersecurity roles and missions while it is establishing its basic core competencies," Melissa Hathaway says. "Is this reasonable? Do we want DHS to become a first party regulator?"