Over the past few weeks I’ve been struggling with ideas for New Year’s resolutions for 2010. I can honestly say that I have never made a New Year’s resolution in all of my 32 years, but life has dictated that it may be time to make a few. My short list of ideas includes a number of things to enrich my personal life beyond material things that have come and gone and a few to advance my education and technical expertise. That’s where this blog comes in…well, that and the boss said I had to. Around my numerous pool leagues, I’m constantly bombarded with questions about the newest Smartphone to hit the market or which operating system is the best, and when someone should expect a new update to some random application they tinker with or the OS as a whole. It’s difficult to keep up with all of the devices that are rapidly deploying to the market and the numerous carriers that will support what devices. I would have to take my shoes off to be able to count the names of blogs and websites off of the top of my head that devote countless hours and articles to these very issues. Heck, Android has an app for that (pardon the pun).

So, in the coming months I will be focusing most of my attention on security related issues that might affect Smartphone users, as well as some that are not necessarily related to mobile devices. Since I began, and much of my career, in the InfoSec world as a CERT analyst and penetration tester, the state of security issues related to wired networks is still a major concern of mine. In fact, up until about 6 months ago, I was happily cracking wired networks and only carried a BlackBerry Pearl in my pocket. I understood the threat that existed in my pocket, but it was not a concern that was on the forefront of my mind. Most of the places I went into for work wouldn’t even let me carry my phone into the room. I’ve recently made the transition (rather seamlessly, I might add) to Android and I’m loving every day that my pretty little myTouch and I get to spend together.

Since I began my tenure here at SMobile, those threats that exist for mobile device users began encompassing nearly every facet of my life. I work all day researching current malware and the possibility of future malware that lies on the horizon. Nearly all night I’m hounded by friends for my advice about what apps they should get and what I’ve heard about this phone or that. One constant that I have observed between wired networks and wireless mobile devices is that the user is the key to ensuring the confidentiality, integrity and availability of sensitive data. The primary difference being that companies have teams (sometimes that team is one or two people) that is charged with the protection of the networks and its data. In most cases, these security experts find themselves fighting with the requirements to provide mobile access to this sensitive data and have been relatively successful at integrating the mobile functionality and productivity with adequate security controls and policies to protect sensitive corporate data. What about the everyday consumer? Who is securing their data?

These are the questions I’m going to try to answer with this blog. Smartphone users are increasingly left to their own faculties when they are using these devices, which by most accounts, are nearly as powerful as most laptops or desktops we own today. I come from a background with the US Marine Corps, so you know that policies and procedures are something that I do in my sleep. I’ve been UNfortunate enough to guide policy in the Marines, as well as the countless hours I’ve spent actually authoring policy documents. One thing that I’ve taken from that time is that awareness and education are fundamental to any solid Information Security Program. The same should be said about Smartphone security. Users need to be aware of the threats that affect them and the things they can do to reduce the risk of compromise. We’re going to try to help with that with this blog. So, stand by next week for my first attempt at beginning down this road. I enjoy writing and I enjoy educating. Hopefully we’ll be able to do a little of both with this blog.