If you consider yourself an observer of the past 10 years in information security, few would be surprised if you suffer from a touch of whiplash. Things moved pretty quickly, and not many security professionals had the ability to slow things down.

Where to begin? Well, at the start of Information Security's journey in December 1997, there wasn't a security profession. At least not as we understand it today. The chief information security officer was a notion whose time had not yet arrived. Compliance wasn't the bane of corporate security's existence, and macro worms were, well, around.

"The most obvious thing is that 10 years ago, there was no profession," says AT&T senior vice president and chief security officer Ed Amoroso, a veteran of the industry who in his early days at Bell Labs was immersed in a think tank surrounded by UNIX giants Dennis Ritchie and Ken Thompson. "You could be a techie, but there were no CISOs, no senior executives in a company. Now it would be almost impossible to find a large or medium-sized company or government agency that did not have a management-level security staff."