If there is one lesson we should learn from the big win over the liqui-bombers in the United Kingdom, it is the importance of intelligence. Not only did the authorities take some dangerous folks out of the mix, but the definitive proof of the plan made such drastic restrictions on liquids acceptable to a skeptical public. Terrorists can attack hundred of thousands of targets, so how do you know which ones to focus on and protect more aggressively? In one word: intelligence.

Security folk spend an awful lot of time researching what things are broken, and much less time figuring out which of those broken things are going to be used to compromise machines. Everyone goes to a show like Black Hat and gets all fired up about how cool it is to break things. That's called research.

As we've seen with all the focus around the wireless exploits and virtual machine rootkits, just because something is vulnerable, doesn't mean an attack is going to be launched imminently. Security research is an important part of the process, and I respect those who spend their time figuring out what is broken and work with the vendors at risk to fix it.

But I also want to call out all of the security intelligence types who do the yeoman's work of trying to figure out what the bad guys are going to do next. How did we know that Microsoft's recent high-profile patch (MS06-040) was being exploited by the bad guys and it was absolutely critical that everyone patch immediately? It's because some unsung heroes practice the art of security intelligence.

Who are these security intelligentsia? They typically are either government agents working to crack a crime ring (notice that a warning on MS06-040 came from the Department of Homeland Security) or they work for a private enterprise and realize the need to track this information to make their products more relevant and keep them ahead of the curve. They spend their time trying to break into these cabals of bad guys, become a trusted part of their world and monitor the traffic. This way they figure out what these networks of bad guys are up to.

Let me provide more context. Information security professionals face an attack surface that spans every network, server, endpoint and application. Combine this with a literally infinite number of attack vectors that can be used at any time to compromise a system.