John Pescatore

Pressure from job, school, parents, boss, enemy. If Earth is the Lucky Element, there is a career/position opportunity. If Earth is the unlucky element, then watch for job responsibility, health, lawsuit or accident.

From 2009 Chinese Horoscope

I’m not much of a horoscope person, but if someone thousands of years ago decided 2008 was the “Year of the Rat” then it is worth trying to figure out if they just hit the lottery, or were they onto something. Apparently, 2009 being the year of the Ox (or Cow) means that what happens in 2009 is tightly coupled to the earth (vs. metal, fire, wood or water) so maybe real estate (which seems to have been the trigger for lots of the ratty-ness of 2008) will stabilize in 2009 – or maybe not.

From a security perspective, I am declaring 2009 the Year of the Security Pig. That is because just about every federal government is going to print money to throw towards stimulus programs and there will be a mad scramble to find a spot from which to slurp from the trough.  The various lobbying groups (including the cybersecurity related ones) have already started their campaigns – whee!

Predicting when things will happen is a bit trickier, but based on the Chinese Calendar “Because Fire is the mother element of Earth, therefore, we can say that the strongest period of Earth is the 18-day before the season of Fall” – but it doesn’t say which hemisphere! I think the because security begins with the letter S, we will go with Fall in the southern hemisphere, so the strongest period for the Year of the Security Pig will be early March 2009. Look for the spreading of a lot of fear, uncertainty and doubt about cyber-terrorism, and many misguided pieces of draft legislation that are enthusiastically supported to increase the size of the trough, but that ultimately go nowhere.

We’ve had mini “Years of the Security Pig” before:

• 2002 - the aftermath of the terrorist attacks of 2001 had everyone jumping on the cybersecurity bandwagon. I did a Gartner First Take railing against proposed legislation to give tax breaks for spending on security products.
• 2004 - that was actually the “Year of the SOX” as Sarbanes Oxley legislation directly led to all kinds of totally useless cybersecurity spending in the name of Sarbanes Oxley.

Interestingly, 2002 and 2004 were both actually very light years as far as cyber-threats.  The reality is that the worms of 2001 and 2003 caused a lot of movement forward in patching and intrusion prevention and it took awhile for next generation threats to start to hit. But you could make the case that Years of the Security Pig bring quieter threat conditions – I actually think that will be true in 2009, the economic retrenchment will mean a quite threat year. But 2010 (by my calendar, that will be the “Year of Security Pig Vomit”) will be an above average threat year, much like 2003 and 2005.

So, there you have it. Next: what did Nostradamus predict about security in 2009?