NuHarbor Security
  • Solutions
    Solutions
    Custom cybersecurity solutions that meet you where you are.
    • Overview
    • Our Approach
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • By Business Need
      • Identify Gaps in My Cybersecurity Plan
      • Detect and Respond to Threats in My Environment
      • Fulfill Compliance Assessments and Requirements
      • Verify Security With Expert-Led Testing
      • Manage Complex Cybersecurity Technologies
      • Realize the Full Value of Microsoft Security
      • Security Monitoring With Splunk
    • By Industry
      • State & Local Government
      • Higher Education
      • Federal
      • Finance
      • Healthcare
      • Insurance
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Services
    Services
    Outcomes you want from a team of experts you can trust.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Security Testing
      • Penetration Testing
      • Application Penetration Testing
      • Vulnerability Scanning
      • Wireless Penetration Testing
      • Internal Penetration Testing
      • External Penetration Testing
    • Assessment & Compliance
      • ARC-AMPE Compliance
      • CMMC Compliance
      • NIST 800-53
      • HIPAA Security Standards
      • ISO 27001
      • MARS-E Security Standards
      • New York Cybersecurity (23 NYCRR 500)
      • Payment Card Industry (PCI)
    • Advisory & Planning
      • Security Strategy
      • Incident Response Planning
      • Security Program Reviews
      • Security Risk Assessments
      • Virtual CISO
      • Policy Review
    • Managed Services
      • SOC as a Service
      • Microsoft Security Managed Services
      • Splunk Managed Services
      • Tenable Managed Services
      • CrowdStrike Managed Detection and Response (MDR)
      • Zscaler Support Services
      • Vendor Security Assessments
      • Curated Threat Intelligence
      • Vulnerability Management
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Partners
  • Resources
    Resources
    Explore reports, webinars, case studies, and more.
    • Browse Resources
    • Consultation Icon Consult with an expert
    • Blog icon Blog
    • Podcast icon Podcast
    • Annual SLED CPR icon Annual SLED CPR
    • Downloadable Assets icon Downloadable Assets
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Company
    Company
    We do cybersecurity differently – the right way.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Leadership
    • News
    • Careers
    • Contact
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Consult with an expert
  • Client support
  • Careers
  • Contact
1.800.917.5719
Podcast
    • NuHarbor
    • Industry Insights
January 7, 2019

5 Security Predictions for 2019

Justin Fimlaid Justin Fimlaid

Show Notes: https://justinfimlaid.com/5-security-predictions-for-2019/

Sponsor: https://nuharborsecurity.com

Contact Me: https://justinfimlaid.com/contact-me/

Twitter: @justinfimlaid

LinkedIn: https://www.linkedin.com/in/jfimlaid/

Most companies put
together a "top predictions" for FY19.  Most are garbage.  There's a couple I think are decent but they
are few.

Here's my top 5
predictions for FY19.

People will realize that SOAR (Security Orchestration and Automation Response) is not the security savior.  In fact, I'd be so bold to say it hinders the security industry by forcing security professionals to become distracted from doing the core and foundational security work.  Security takes work…plain and simple.  You have to eat some shit and grind it out.  That's the job.  There's no easy button for this.  While people are spending the year trying to figure out what to automate, they'll only get to December with little to show and year wasted. I often see SOAR being sold as the end all be all to the security talent short-comings…"no staff, no problems…just buy this solution and we'll solve it for you." BS.  In my experience, most companies don't have good security practices, and what happens when you automate broken processes…you break the process more times and faster.  Additionally, the fundamental thing that SOAR is missing is that security is often distributed within an organization, meaning…it's not one team rather a bunch of teams/departments doing their part of security.  The issue in corporate is that those departments DO NOT allow another group to dictate automatic configuration of technology they are responsible for. Lastly, folks are still trying to figure out security…never mind automate it.  Security teams still need to fundamentally understand the tedious parts of security before they can automate anything…and unfortunately, most people don't know what they don't knowNetwork visibility becomes an important thing. Yeah - this one has been around for a while but I think this is the year it picks up momentum. With distributed networks and IOT blowing up, I think folks will finally start to realize that you can't secure what you can't see and will finally own up to needing a solution that provides central visibility to all devices with an internet connection.  To date, I think this has been a bit of a luxury to have this level of visibilty but I think must folks have tried to cobble together make-shift or home grown solutions to get this level of visibility, so this year I think we'll see folks start to own it.Blockchain will become commoditized.  C'mon let's face it…there is ton of folks trying to tout how smart they are with innovative blockchain solutions.  Honestly…there's so many people trying to do this, and if someone can find useful use-cases then I foresee this becoming as commoditized as asymmetric and symmetric encryption for data protection late this year.  Other words, if someone can do something worthwhile, it become table stakes and no one will care anymore.  Scan-jockeys will be identified.  Contrary to what I hear every week - a vulnerability scan is not a Penetration Test. In the industry we call these folks who run a vulnerability scan and pass it off as a penetration test as Scan Jockey.  These are folks that don't really know how to pen test, so they choose a vulnerability scanner, run a scan and hope no one knows the difference.  Now, don't get me wrong, a vulnerability scan has a VERY valid use in security; in fact I think every organization should be doing vulnerability scans.  My issue is people faking to be a penetration tester.  I do see folks in industry becoming more educated in the difference between the two types of test, and I think later this calendar year more scan-jockeys will have a harder time in security as penetration testers, and people who actually spend time practicing their craft will get cr...

Justin Fimlaid
Justin Fimlaid

Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.

Related Posts

Breach of the Week: Amtrak Has Gone Off The Rails Listen Now
Without Wax: The Quest for Perfection Listen Now
Pwned Breach of the Week: The Case of the Missing CD-ROM Listen Now

Subscribe via Email

Subscribe to our blog to get insights sent directly to your inbox.

Subscribe Here!

Latest Pwned episodes

Episode 200 - Reflections of Pwned...Until Next Time
April 03, 2024
Episode 200 - Reflections of Pwned...Until Next Time
Listen Now
Episode 199 - When a BlackCat Crosses Your Path...
March 21, 2024
Episode 199 - When a BlackCat Crosses Your Path...
Listen Now
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
March 08, 2024
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
Listen Now
NuHarbor Security logo
NuHarbor Security

553 Roosevelt Highway
Colchester, VT 05446

1.800.917.5719

  • Solutions
  • Services
  • Partners
  • Resources
  • Company
  • Contact
  • Privacy Policy
Connect
  • Twitter
  • Linkedin
  • YouTube
©2025 NuHarbor Security. All rights reserved.