The New Year brings a new blog and a lot of excitement for living my professional passion. It's taken 15 years, 2 security startups, 2 tours at Microsoft, and a helluvan experience at Washington Mutual to get here. Now it's time to focus on building the tools and applications I wish I had while working for and managing IT security groups.
Envision Security is a new kind of software company and I can't wait to see how it evolves. Our first application reflects what worked for me at very different enterprises and consulting engagements. However, it's not about me anymore. My goal is to empower you and only you know what's best. We'll bring experience, agile software development, and superior support. You bring your challenges and together we'll improve how infosec teams and programs are run.
This blog isn't about promoting our software directly. Our goal is to share, learn, and inspire. Sure we'll talk about our wares and progress but only in the context of how it helps us learn and you manage risk.
Here are a few of my resolutions for 2010:
- Follow John Nordstrom's footsteps. Delight every customer. If not, a full refund. Ok, we won't refund a set of tires, but maybe in the future...
- Have a throwdown with Word, Excel, and Powerpoint. I've been wrestling these applications for years to summarize and visually communicate security. Let's see how they stand up to purpose-built software managing risks, budgets, metrics, trends, service catalogs, capacity management, role definitions, etc. Managing a security group is hard but does it have to be?
- Share our experiences. In the coming year, what do you think about an open forum to share content, templates, and experiences around security strategy development, technical control frameworks and roadmaps? We've all built these deliverables in-house. Is the industry ready to share real examples (properly redacted of course)? I'd like to find out.
- Scale with Partners. Helping customers directly is fulfilling. However I think more good can be done by arming security service providers with tools to streamline their engagements, leverage their trusted customer relationships, and start to standardize how IT Security is managed.
Mind you I didn't share how we'll measure the above just that we'll have fun pursuing, otherwise this post would be New Year's Metrics...