[Dailydave] Survey of infosec's past/present/future

Andy Martin andy at andymartin.cc
Sat Jun 4 16:16:21 EDT 2016

Here's an anonymous survey to see what people think about how the field of
information security has changed over the last 10 years & where things will
go in the future --


Some example questions are:
- Is the average F500 company compromised by more or less independent
parties at any given time now vs. 10 years ago? How will it change over the
next 5 years?
- From a technical point of view, is working in computer security more or
less interesting now vs. 10 years ago?
- How do the offensive capabilities & defensive postures of various
countries compare?
- Is the average "information security professional" more or less
knowledgeable today vs. 10 years ago?
- Do companies in certain countries tend to me more or less secure than

For the purposes of the survey, a "network compromise" is considered to be
any event where a host is owned and some amount of lateral movement takes
place (however inconsequential).

There are a few optional questions at the end about the submitter's (your)
background-- maybe there are some interesting correlations to see there...

If more than 10 people respond, I'll send a follow-up email with links to a
summary & the raw response data.


On Sat, Jun 4, 2016 at 7:48 AM, Dave Aitel <dave.aitel at gmail.com> wrote:
> I have no idea what I wrote about there and I'm sure it was terrible :)
> That's a good question and you should pose it to the list. :)
> On Sat, Jun 4, 2016, 3:39 AM Andy Martin <andy at andymartin.cc> wrote:
>> Do you happen to remember what you wrote about while at cty?
>> I went to that camp too -- for better or worse I think I wrote
pointlessly about my cat.
>> If you saved what you wrote somewhere it'd be cool to see it :-)
>> I had a random question about whether you think the average corporate
infosec dept has gotten better or worse over the last 10 years... Or how
you think the quality of corporate itsec departments varies by country...
(A possible metric: estimated number of independent compromises at any
randomly selected point in time? Are there any better metrics people use
that I'm not aware of?)
>> I don't know if there have been formal/informal surveys of "well
informed" infosec people on questions like this, but if not, it seems like
it would make for a great blog post. The DD mailing list seems like a great
audience to survey too.
>> Andy
>> ----
>> When I was a kid, while other people were being cool, I went to a camp
that taught you how to write. This turns out to be a useful skill in a
hacker, but not in the ways that people advocating liberal arts assume they
are, in that communicating with people is "an important part of having a
>> I'm going to paste a few comments here from my favorite blog (
fuckfeast.net), because in the same way that we do book reviews on DD now,
we're also going to do blog reviews:
>> Being in love and crushing desire are my favorite sensations. I eat them
like peaches, cold lust running down my face.
>> --
>> But the thing about intelligent men is that they’re exactly the same as
us. They’re high maintenance, they have ego problems, they demand a lot of
attention, they always have something to say. As a woman, sometimes I just
want sex, and sometimes I don’t want to have to deal with the social
rigmarole of highfalutin small talk. Sometimes I want someone who isn’t so
smart that he’s going to overthink having sex.
>> --
>> He was confident. Confident enough to grab me when he first saw me and
sit me on his lap. His lips like twin snakes that hissed the most beautiful
words into my ear. Like a voodoo curse dripping into my brain, small bites
on my neck where I was infected with him.
>> Every part of this blog is a lesson in how to write properly. The sort
of writing that's impossible to teach to an adolescent at a camp, or in
English class at any age. I think every writing class, from Beginning
Shakespeare on up should be fifteen minutes of a professor in front of the
class yelling "This chick in Oakland is more honest to the world than you
are to yourself! GET WITH THE PROGRAM." and then they hit you in the
forehead with a rubber band and send you out with a copy of whatever book
you're trying to study - not letting you come back into the classroom until
you have one bodily fluid or another on every page.
>> Exploits are the same as this. You can't write them as an academic. To
prove how smart you are? To make a couple bucks? Nonsense. You make them as
art. You make them to kill or to get laid or in any way that is a frenzy.
>> _______________________________________________
>> Dailydave mailing list
>> Dailydave at lists.immunityinc.com
>> https://lists.immunityinc.com/mailman/listinfo/dailydave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160604/ba75ee6e/attachment.html>

More information about the Dailydave mailing list