It's been a year for me at Trusted Network Technologies, and therefore I've been in the security software business for a year.
I love it. Real problems, serious issues, and the need for serious and careful engineering. Demanding, challenging, and rewarding when you do good work. And I'm lucky at TNT because we have a tremendous team.
But what have I learned in a year about the security space in general? Other than a lot of technical details and acronym soup (you've got to know the difference between PKI and PCI) there's one key thing I've learned: strong security exists and could benefit literally everyone with a computer on this planet, however lack of usability stands in its way. Usability (which in many ways in the security business might mean invisibility) is the number one nemesis and the number one opportunity for every computer security company.
I found it interesting that a recent panel of crypto experts including Diffie and Hellman highlighted the same issue. While Ray Ozzie is quoted as saying "I will fix it all" (I've got to wonder about the context for the quote) I'm not sure Ray can fix it by himself, but I absolutely believe the next decade will see it fixed. We have over-ample means and motive, so the time is right to slay this beast.
