"Cybersecurity Winter Is Coming"

Let's begin with an oversimplified view of the 2008 housing market crash:

Hedge fund manager John Paulson made a fortune betting against Wall Street's insane belief for an INFINITE annual +14% housing climb
Cybersecurity has enjoyed non-stop growth since the #antivirus industry coalesced in 1988. The Internet bubble's burst didn't even slow us down; in fact, the #antivirus industry saw it as a golden opportunity to prop up then-fledgling trade magazines!
Cybersecurity barely flinched when global markets collapsed in 2008. "The only survivors," we told our bosses, "will be the ones who keep up their cyber guard during their recovery." And they bought it! Hook, line, and sinker!
The 9/11 U.S. attack, and the 7/7 Britian attack, and the 2007 Estonia cyber attack, and the 2016 U.S. elections, and the 2020 U.S. elections, and etc. have assured us we'll see INFINITE annual growth in cybersecurity


"Infinite" SEEMS right, doesn't it? Our trade rags run headlines wailing of "a million unfilled jobs" in #cybersecurity. We tell college students about unending growth in our field. Pundits brag about the militarization of cyberspace...
We fantasize about hackers remotely crashing cars on busy streets. We fantasize @US_CYBERCOM will give us officer commissions and high security clearances: one weekend a month, two weeks a year, and poof you're part of the "in" crowd!
Decades of unstunted growth in #cybersecurity has turned our incessant fantasies into a terrifying belief: that our growth is INFINITE. That we will climb in revenue & jobs FOREVER.
And yet ... history over the millenia tells us ALL spending waxes & wanes for all sorts of reasons. Plagues alone stymied any number of military conflicts & conquests from the ancient Peloponnesian War up to World War I.
Global economic depressions have plauged us throughout history and gutted whole industries in their wake. We've no *real* reason to think #cybersecurity is fundamentally different. And yet we do! "Cybersecurity is immortal, Rob!"
Even with global industries RIGHT NOW scared for their futures post-COVID, no one honestly believes #cybersecurity will feel a pinch of pain. Hell, many folks now revel in the notion that #WFH may open up more job opportunities for us!
And that's why we view #cybersecurity as sacrosanct: "Rob, the janitors and all of HR will be laid off before anyone comes for the lowliest member on my #DFIR team..."

But at some point we WILL face an industry-wide gutting.
All industries — I repeat, ALL industries — wax & wane. And when ours DOES wane, you'll find me there on the sidelines

standing with John Paulson

saying "oh, you thought #cybersecurity's climb was INFINITE?"

@threadreaderapp please unroll

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with 🗣 Rob Rosenberger

🗣 Rob Rosenberger Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @vmyths

12 Jul
A senior member of SANS acting *on his own* raised a concern over the tweet below.

I'm the computer security industry's first full-time salaried #critic and I've >20yrs experience dealing with concerns like this.

I assembled a panel of three to judge the tweet...
One is a computer security #critic in their own right who long ago judged Vmyths' works at my request.

Another is a respected member of the #cybersecurity community who has not before judged my works.

The third is a longtime reader.

Each judged the tweet independently.
I told the complainant the panel's majority would "guide my action... I offered them no defense; the tweet must live or die on its own merits."

The complaint was that my tweet tied SANS to #racist police when in truth they've run a mature "LE" program for over a decade.
Read 15 tweets
5 Apr
Let's visualize this fight through the lens of #cybersecurity. We'll say Cuomo is a senior #DFIRstResponder on-site at the worst hotspot while Kushner is a SrVP sitting on the top floor of the HQ bldg...
2/5 Computers are getting infected fast and it's pushing Tier 3 support staffers to their limits. Triage teams admit not all boxes can be cleansed, especially those w/ older OSes. Various subnets are quarantined; workers are getting paid to stay home for "digital snow days."
3/5 The CEO bitches about all the negative ROIs and, worse, his CISO outright contradicted him during a press call.

The SrVP is related to the CEO (aren't they all?) and the hasty Excel spreadsheet he built tells him that senior #DFIRstResponder is spouting hyperbole.
Read 6 tweets
3 Apr
Dave calls it "terrible reporting" but I'll DEFEND writer @kari_paul for summarizing the cybersecurity community's own #hyperbole.

Dave notes the story includes NO comments from "security researchers." Okay then, let's do a 7-part thread on THEIR #invectives toward Zoom!
2/7 We'll begin with @HackingDave himself. I wouldn't call him an "advocate" for Zoom but he DOES feel compelled to defend them from hyperbole. I've got zero complaints about his efforts.

This here might be the worst thing he's said about Zoom:
3/7 Let's move on to @hacks4pancakes. She's opined on Zoom's response to bug reports since 8 July 2019. She's expressed "sympathy" for Zoom yet pummeled them as well. Her adverbs & adjectives include
Read 8 tweets
2 Apr
This morning a man who last spoke to me ~16yrs ago texted me to see if I was still at my old phone#.

He's now a senior broker in NYC with a VP title.

He read some wild story about the president shutting down CDC's "virus hype machine" (?) and it triggered an old memory.
2/4 Brokers like him called me from 1997 to 2003 to discuss ways to make money from #antivirus stocks. Everything about the industry confused them; I gave them insight to short-sell @McAfee & @symantec & @TrendMicro.
3/4 His phone call proved simple and straightforward: he wanted renewed insight in order to PROFIT FROM FEAR.

Contrary to some people's beliefs, I see NO ethical problem in his desire to profit.

If you *didn't* create the fear and you *don't* sell snake oil, then be my guest!
Read 5 tweets
1 Apr
My fiancé asked me in a disturbed tone of voice:

"In your 35yrs of #computer virus hysteria ... how did you ever *recover* from it?"

I took a long pause.

"We returned to 'normalcy'," I began.

"People went back to their old ways of computer hygiene..."
2/4 "...while those who parroted fear wound up with some new software tools, maybe snuck in a new server for the farm.

"No one in power got fired for their panicked reactions. Lower-downs who got fired 'out of an abundance of caution' remained fired..."
3/4 "...and we collectively rationalized ALL our self-inflicted damages by chanting 'it was all worth it if it saved even just one computer performing a critical function."


My fiancé blurted "so all the [self-]destruction didn't matter?!?"

And I was forced to admit...
Read 5 tweets
27 Mar
Hear me out: this has everything to do with cyber.

1/5 Three decades of #computer virus panic leads me to predict #COVID19 will lead to a major reduction in U.S. food poisonings -- but only over the short term.

I've long hypothesized that many so-called "food poisonings"...
2/5 ...actually stem from unsanitary conditions AT HOME.

Somebody plops a greasy taco bag or a leftover container on the kitchen counter / table. That residue spoils.

Then it transfers to Timmy's Big Mac. He pukes & poops and his parents auto-blame it on McDonald's.
3/5 I believe the U.S. has grown so "fast-foody" that we've collectively lost our discipline for kitchen & dining room cleanliness.

Now, suddenly, panic has swept the U.S. Everybody hoards @Clorox wipes and, wow, actually uses them!

These wipes are closely related to...
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!