We’ve finally closed the books on 2016 and the rude beast of 2017 has slouched its way to Bethlehem. While I’m not one for making big professional nor personal predictions, I do enjoy taking pause at this time of year to think about what I’d like to accomplish over the next 12 months and get some clarity on intent. I find that thinking of the big themes I want to pursue is often enough to shape the coming year in ways that complex plans fail to accomplish. So here are a selection of my themes for 2017.


2016 was the year I made good on a long unfulfilled promise to myself to get back into running, a sport I enjoyed a lot as a child. With two half marathons now under my belt, I’ve gotten into a reasonable groove with my program and am targeting a 5K, a half marathon, and a full marathon for this year. Relevant to this blog is the explosion of data that is now available to the amateur exerciser. At last count, I have nine different applications on my phone tracking and noting various data points about my performance. With all this data and tools such as the TrackR package for R, I’m looking forward to being one of those geeky people that obsessively tracks and analyzes my personal data. While there’s a strong personal performance aspect here, it’s an intrinsically interesting data set for personal analysis and a good way to while away some time thinking about and with data.


Accepting the challenge from Rich Mogull, last year I attended more non-security Meetups and conferences than dedicated security ones. Whether it be Automacon, useR, or any of the other dozens of events I was fortunate enough to attend in 2016, participating in such a rich diversity of data analytics, devops, and cloud topics was intensely interesting and rewarding. I already have several events queued up for 2017 and a few others in the works. One goal is to get out and do a bit more speaking this year. Looking back at all the work I’ve done in 2016, I realize how truly awful I’ve been in sharing these stories. Being cautious about cyber-thought leadering it up is one thing (and a good thing at that!), but being too reticent in detailing my trials and travails doesn’t help anyone.


The above leads to my goals on blogging. Taking a page from Wil Wheaton I’m aiming to put out a blog post a day for January before settling down to a target pace of once a week for the rest of the year. Getting over the reluctance of putting out insufficiently developed posts is my theme here. For you readers, clicking next in your feed reader/browser/iDevice is a cheap action so I hope you’ll forgive me for any less than stellar posts you are forced to quickly discard over this year. 🙂


There are a couple of projects I’m looking to complete and push out the door this year. It’s a bit too soon to detail them other than the following very broad stokes:

  • Project V: Lots of action on this one and something that may develop into several spin out projects, with interesting vendor partnerships, new AWS services, some Docker work, Travis CI pipelines, Chef development, and more.
  • Project E: January and February will be laying the groundwork for this complement to Project V, giving opportunities to help advance the state of information security risk management and testing the waters of a broader framework I’ve been daydreaming about.

Well, there we are, dear readers. I wish you each the best in this new year. If you care to, do feel free to share your own thoughts and intents for 2017!