I think, like many people, I did not expect to be writing this at the end of 2021 and still be in the COVID-19 pandemic. Simply to get it out of the way because COVID certainly wasn’t the most exciting thing this year, the entire family got COVID in the summer. It wasn’t pleasant, but I’ve had worse. Interestingly, that was when I had the flu in Boston shortly after Spectre/Meltdown was public. Oh how our perceptions of working with sickness have changed in that short period of time. Some good (let’s keep the hygiene up people!) and some bad (really really tired of masks and restrictions!).

Anyways, I had considered not writing this year and even considered taking the blog down in its entirety.. but by the looks of things, people still visit and find some useful information here (maybe not these retrospectives which are largely for myself) so I’ll keep it around. Maybe I’ll retool it to be a static-only site given my time to write any code these days is slim to none. And maybe I’ll post more too (yes, I know I’ve said that multiple times before!).

Speaking of code, I’ve written some python code this year to do a little digging into the Google APIs, digging into calendar and mail data (such as how much time I spent in meetings, etc.). A few months after writing that, Google added a feature to the calendar to tell you just that, so it feels like a bit of wasted effort but it was enjoyable nonetheless. For the rest, most of the “code” I’ve written this year has been formulas in Google Spreadsheets. Not quite as fun as python.

From a work perspective, this was a busy year. Maybe the busiest, although I think I say that every year. With the SolarWinds news at the beginning of the year we spent a lot of time and effort making sure our handling of the supply chain was good, and investing in making it more resilient. That was top of mind for most of the year and we got quite involved there. Of course there was the Executive Order around cybersecurity and that certainly caused some work to make sure we could meet those expectations, particularly around the Software Bill of Materials (SBOMs) which I will state is quite disappointing when I read some of the expectations around SBOMs. Many, particularly in the US government, seem to think the SBOM is a silver bullet for proper vulnerability management. It’s certainly a part of the puzzle and required information, but not the panacea they seem to think and I strenuously object to the notion that an SBOM should have up to date vulnerability information contained within it. Simply doesn’t make sense. The SBOM is a list of ingredients – there are other ways of determining and correlating whether those ingredients are bad or, in a food services analogy, in need of recall. You don’t print recall information on the packaging of your product. So there is work to be done there and hopefully we, collectively, get this right or we’ll be producing and consuming SBOMs hourly (which, for a product like ??Red Hat Enterprise Linux, will be massive and wasteful to transfer and generate).

Also this year we were able to add a number of new members to our awesome Product Security team. I can’t stress enough how thankful and grateful I am for every member of the team. Truly a top-notch crew. Included were two new members to my direct staff, both of which were some of the best hires I ever managed. From a personnel perspective, feeling really great being surrounded and supported by some amazing people.

Additionally, I was promoted to Vice President of Product Security this year, which is a great recognition to the team (we’ve only ever had a Senior Director in the past). So while this is nice for myself, I really see this as a promotion for the team and I’m so proud of them for it.

From a personal perspective, the year was both exciting ?and boring. We went to the mountains again this year, which is something we like to do each year, and it was amazing. It felt really good to get away, even if it wasn’t as far as we wanted (we had planned to go to Scotland in 2020 so we’re still looking forward to that one day… maybe 2023? Fingers crossed!). But for the rest it was the same old “new normal” of being home bodies. Which I don’t mind, to be honest, but I am definitely feeling itchy about wanting to travel again. In fact, last night I was watching XXX (the Vin Diesel movie) and seeing the Czech countryside and Prague really made me miss Brno, so I'm definitely looking forward to being able to go again, hopefully sooner rather than later!

I believe I’ve mentioned before that my wife and I are marriage counselors. We’ve, sadly, been quite busy this year. There was some pre-marital counselling which is always fun, but a lot more of what we call “crisis” counselling this year… about three times as much as last year even, which is probably the most counselling we’ve ever done. So that was exhausting but rewarding for the most part.. They didn’t all have happy endings, but most of them did.

My wife also changed jobs this year. She had been working for the top-rated french bakery for the last 5 years but the owner closed it down. Interestingly, when my wife served her notice that’s when she found out they were closing so she was there from beginning to end. My waistline will probably thank me although I’m sad because I enjoyed those every-Friday treats from the bakery. She’s now working at a not-for-profit operated by our church, in our own community, which is really cool.

As I noted in my retrospective for 2021, we lost my best furry buddy, Whiskeyjack, earlier this year. But we got ourselves (and by “we” I mean my wife) a new little guy, a british shorthair, named Ted. So we have two cats now: my daughter’s Herbert and my wife’s Ted. The great thing is, for the first time in probably 30+ years, I’m no longer responsible for doing the kitty litter. He’s a great companion, even if he does like to sleep between our pillows at night… which was cute when he was small but at a year old he’s now bigger than Herbert, who’s a year older than him. He might get to over 15lbs (probably closer to 20lbs the way my wife feeds him!), so a big cat sleeping by my head… Well, I preferred Whiskeyjack (who was by no means small) sleeping at my feet!

I’m writing this with one day left of my two weeks of PTO at the end of the year. While it’s been a great time off, despite the obligatory Christmas cold, I’m stoked for 2022. I’m hoping that COVID-19 will become either nothing or something we just deal with, without all of the extras. I’m hoping to travel again this year; there are so many people in various locations that I’m looking forward to visiting again and connecting with – that has probably been the hardest thing about this pandemic, not being able to connect with co-workers in person. There is nothing like breaking bread with the people you depend on. And I’m looking forward to seeing what we can do in the security world – the team here at Red Hat have been working so hard, internally and externally, on doing the right thing not just for our customers but for the industry as a whole.

2021 was an interesting, but fulfilling, year. I changed who I reported to, which is always interesting. I think, even in the short term, it will be better for Product Security’s position within Red Hat so even though I was sad to change which organization Product Security sat in, I think this is the best thing moving forward. The year closed out with a lot of analyst briefings about open source supply chain security, which is new to me. I even did a talk at Red Hat NEXT, virtually, and I’m hoping to be able to do these in person soon. I might even come to enjoy them ;)