People are creatures of habit. Your morning routine, what you order at Starbucks, the route you take to work, and your late night snacking are all driven by habits. These habits also appear in the digital world. How you browse social media, what sites you visit, and in today's modern environment, how you conduct work. When habits change in the physical world, it can be a sign of something good.

It's a great time to be a security analyst, but those who serve in the role today are facing much higher expectations from their organizations compared with when I started out. Many are teetering on the edge of burnout because their companies need to get to the truth sooner, leaving analysts stuck with traditional approaches and tactics associated with full packet capture as the high-speed network's bandwidth increases by the day. The state of full packet capture -- fundamental to enabling security analysts to hunt for threats, discover anomalies, or respond to incidents -- has seen a few incremental advancements over the several decades but nothing that has allowed the analyst to allocate less time to it because there is still a bit of heavy lifting required. As a security analyst in the military, my first experience with full packet capture in the late '90s was the SHADOW system, an open source project dubbed an intrusion-detection system but really a full packet capture system designed for retrospective analysis, also known as threat hunting. The project was essentially a framework built with tcpdump and a collection of Perl scripts.