David Brooks has a piece of advice that I wish we would see more of in technology:
One of the best pieces of career advice I ever got is: Interview three people every day. If you try to write about politics without interviewing policy makers, you’ll wind up spewing all sorts of nonsense.
In technology, we have more than our share of visionaries, thought leaders, and soothsayers, we also have the people who have to design, build and implement all this stuff. And it is that latter group that doesn't blog/write/speak nearly as often, but this is the group that we have in many ways the most to learn from. The few smart ones who do blog have a lot to teach us about rubber meets the road logistics that determine the success/failure. Napoleon said the fifth element is mud, innovation in the other four elements is great until it hits the mud (when it needs to be deployed), then what happens. So here is hoping that vendors, analysts, and others will spend more time in 2008 interviewing and listening to the people with their hands on the wheel.
This is important in security, because while there are many interesting security mechanisms, a lot of them don't scale or deploy well. At this point the its perfect or its broken crowd usually says the business/developer/user/manager "really" wanted security then they would just deal with it. What I say is that this is bad engineering and that security people need to spend way more time listening to people in companies (I am biased because I do this all the time, and its where I learn a lot of good stuff), and less time saying "assuming these 1,637 things are setup correctly then the system is secure." For reference, my air bags didn't change the way my car works.