As usual, I publish a bingo card for those attending certain large Infosec conferences (in June in London). This year, however, due to Lockdown, Covid-19 etc. Infosec is not going to be on in a physical format. instead, it will be virtual for 2020. However, that doesn’t stop us poking some fun at ourselves and playing some bingo with all the terms that are likely to crop up in 2020!

I’d also like to shout out to Cyber House Party and Sean for organising a great event where some of the topics below will be featured:

DONATE HERE

Enough of the introduction – on to the list!!

It’s Cyber Bingo 2020 everyone!

So, how does this work?

With most big cyber events, we go to meet friends, meet new people and browse the vendors to see what is new in the industry. However, you can end up feeling a bit ‘ranty’ when you see those banners and booths that are just full of over-hyped junked-up marketing lists of keywords which somehow don’t connect with reality. I take the new ones and new trends and will collate them into a list and this accompanying blog explains why I think it deserves to be on the list.

Here’s your Bingo card (a new card is generated each time):

BINGO CARD

Have you got some old ones?

Have a look at previous years here:

2017 – Attribution Bingo Bingo Card and Blog

2018 – Infosec EU Bingo Card

2019 – Infosec EU Bingo card and Blog

The Disclaimer and Learning Point

This is not a direct pop at any one vendor or any one person. This is just the personal musings of me (and others who helped with content for this blog). As such, no offence is meant and indeed minds can be changed from the original posting. If you do feel that there is an issue, contact me directly so we can discuss the issue you may have. Also please note, this is some fun and if you are in a marketing/comms team and you produce content – be aware of this list and think about the content you produce.

The List

WARNING … this can get sarcastic and snarky.

1. Lockdown
   

   Yeah, we are not going to get away from this one. We are already seeing that “Breaches are up due to Lockdown” and I do expect that we are going to see more and more of this going on. I’d even take a 50/50 punt that if you don’t see lockdown it will be Post-COVID.

2. GDPR
   

   So why this one? Surely, this is something that got pulled out of the archives? Well no actually. GDPR is 2 years old (at the time of writing) so I expect there is going to be a resurgence in attention on this topic. After all, who doesn’t want more GDPR!

3. Real-time

   With more data than ever now flowing into our teams from log files, firewalls, AI solutions (well you get the picture) so the need to get through that data quickly is becoming an issue and so I expect we are going to see “Near Real-Time” and “Real-Time” analytics and processing. Codswallop but hey, let them have their moment!

4. Artificial Intelligence/AI

   Oh, this one gets my goat! OK … AI is not in your networking hinting for bad guys … at best? You got maths doing some stuff.

5. Diversity

   This is big on the conference circuit at the moment, however, is it being effectively talked about? Is diversity just women and men or should we be talking about other diversities too? disabilities? socio-economic? sometimes an all-white ‘male’ panel can have as much diversity as an all-white ‘female’ panel. OK fight me!

6. Machine Learning/ML

   Put this in the AI bin. OK, here’s a question to think about – do you want machine learning on data that is coming out of your systems? Incomplete asset registers, imperfect log files of junk … what will you learn from it?

7. Asset

   As we start waking up to security, so the need will be to discover everything that we own. I expect asset will be at the key to this. But, this is where it will all go wrong. By confusing asset, data, devices, endpoints by simplifying the term it will cock everything up!

8. Skills Gap

   We’ve never had enough people in cybersecurity, unless there is some concerted centralised and well-funded plan which integrates at all levels of education then we will always have a skills gap.

9. MSP

   No, you’re not … you’re a middle-man project manager between vendor and client. Who are you kidding!

10. Deep

    Ooooooh Deeeeeeep! Deep dive, Deep web, Deep Intelligence, Deep detection, Deep threat, Deep-y derp derp. Man, that’s deep!

11. Intelligence

    Whether it’s Threat intelligence or adding intelligence to the security function, look out for vendors who think your current solution is not intelligent!

12. Sophisticated

    Because what we all need is a security service wearing a dinner suit and drinking Martinis at work!

13. Ransomware

    This is fast becoming the replacement to passwords! Remember the days when all we needed to worry about was password re-use? Well, now we’re getting ransomware following that same trend and boy-oh-boy don’t the vendors know about it!

14. Awareness

    Oh we are aware, it’s just that you didn’t make it easy for us to do anything with our awareness … or you patronised me so much with your training that I just ignored you.

15. Insider Threat

    We’re all bad people … She is … he is … I even think Dave the IT guy is bad and he has halitosis! Mwahahahaha … my precious.

16. Certified

    (Thanks to Sean for this one) I think most people I meet in Infosec should be certified! Congratulations on your certificate but are you any good at it?!

17. Human

    Will it be human-centric? Will it be “humans are the weakest link”? Whatever, it appears marketing departments have identified that humans use computers!!

18. China

    Oh come on … they are trying to show you that APTs come from all countries but it does feel like they’re throwing shade at China and a bit racist!

19. Privacy

    Let’s see the vendors put some assurance on privacy! Hahaha!

20. SIEM

    I always chuckle when I see vendors talking about SIEMs … like you have some major dedicated centre with massive screens showing Norse Maps or some other useless graphs. When in reality you’ve got 3 interns staring at a Grep of a log file and googling the hell out of what they are looking at.

21. Cloud-based

    Like that’s some badge of honour! No for real, I don’t want my stuff on someone else’s computer with some rubbish security over their third parties through to their support desk!

22. Breaches

    We shouldn’t be talking about the problems, we should be talking about how we fix them. However, we’ve also just spent the last decade convincing people that you need to ‘assume breach’ so we did kind of shoot ourselves.

23. GCHQ/NCSC

    Because we all need to show some credentials, the easiest way is to attribute something to the 4letter acronym set! If you can’t do it, buy-in access!!

24. Smart
    

    I can guarantee there is nothing smart about something that calls itself Smart!!

25. End-to-end encryption
    

    And beyond the end it is un-encrypted put on an email and sent by accident to 30 people in the To address bar.

26. Incident Response

    Ooooh hot topic 2020 because we’ve given up on defending so we’ll just mop up the mess afterwards!

27. Russia

    Oh come on … they are trying to show you that APTs come from all countries but it does feel like they’re throwing shade at Russia and a bit racist!

28. Picture of Padlock or Hoodie

    When we have to run a $7,000 competition to get new images then it’s time to give up!

29. Data-driven

    We’re going to hoover up a whole load of numbers and then come out with the answer 42 which you will have to decipher because we don’t know what it means.

30. Israeli

    There are some great new entrants into the vendor space from ex-Israeli military cyberists who are now opening their own companies. Hmmm.

So there you have it … I hope you score well on your bingo card. Come and find me, DM me on Twitter etc. I’ll be seeing you there!

[gravityform id=”1″ title=”false” description=”false”]