It's been a long time since I've loved my job. I didn't realize it but for many years I haven't liked what I did. I stayed busy and that's important to me. I felt like I was doing something productive and that's equally as important but I never truly loved it because there was little challenge in it. Let's face it, the year of PKI never arrived.
Now I'm challenged.
I'm enjoying my new position with VMware as a product manager focusing on the security of their ESX platform. It's exciting, challenging and the great part (and I know this sounds trite) but we're changing the world. Literally. The way people use our platform changes everything about how they manage their IT networks. It's more efficient, it's faster, more reliable, more available, less disaster-prone, and more flexible. All those good things that people wish from their IT networks.
I see what this can do for security inside an organization too. Think about this term "agile security". Bring security to the places where you want it. Make it more fluid and use your resources more efficiently. Putting out a new promotion or service on your web site? Move your firewalls and IDS so you can monitor more closely; put up more IPSes so you can quickly inspect more deeply inline; snapshot your servers so that you can recover from bad OS patches, exploited vulnerabilities, or misbehaving apps.
The possibilities are immense and as much as virtualization changes an organization's datacenter, it can even more profoundly change how they view their security posture. Imagine your being able to manage your risk as quickly as you can put up a new app.
At the same time, none of this is well-defined yet. This is where the challenge comes in. Are there new risks? sure. Have we found them all yet? No. Are we going to? Absolutely. Can we make this more secure than before? I think we can. There's opportunity for organization's to decrease their risky exposure and change their risk profile at a moment's notice (Threat level on SANS goes to red, increase your available resources to prevention and attack counter-measures...at gree, you can move those resources to event monitoring and correlation).
what else do you think we can do with this transformational platform?