In the final days of November, the nation's focus rightly turns to the fondest and finest things in life --  family, friends, turkey and artfully composed invective hurled toward football officials. Yes, Thanksgiving is upon us.

So as we celebrate one of the nation's most cherished traditions -- that is, unless you're a turkey -- let's give thanks to the cyber world, for helping allow us to connect with loved ones, relatives, and, of course, Amazon.com.

Good news may not seem to happen much in cyber security, but that doesn't mean it doesn't exist. News itself is typically instances that deviate from the norm, whether good or bad. By the design of the cyber security industry, news, then, is primarily bad, in the form of breaches, security incidents, malware and the like.

All of these are rather serious topics involving the loss of time, money or intellectual property.

Yet, positive stories are out there – if we would only look through the proper colored lens. Here's three to be thankful for.

Software Companies Pay Bounties for Malicious Code

Microsoft: Mitigation Bypass and BlueHat Defense Guidelines  | Microsoft Bounty Programs

Similar to the FBI Most Wanted List for criminals, Microsoft has decided to fund at the process of malware discovery by offering substantial bounties for finding malicious code and previously unreported software vulnerabilities. The philosophy behind the munificence is to get those users closest to the code to uncover new bugs and malicious code and not only  report what they may have stumbled across in their homes or labs, but also to actively seek out such bugs and vulnerabilities.

Thus, Microsoft can greatly extend the reach of the professional testers they use to sift through their new product releases and cast a net far beyond even their man campus locations. In addition, as new code and products get disseminated across the globe, these incentives are in place to report new code exploitations found "in the wild."

Researchers, Experts Are on the Case Every Day

Ars Technica: Repeated Attacks Hijack Huge Chunks of Internet Traffic, Researchers Warn

BlogHackmageddon.com (a blog tracking cyber attacks)

SophosLG Smart TVs Phone Home With Viewing Habits and USB File Names

Marble Security: 100 Cyber Security Experts to follow

Whether it is due to unrelenting curiosity, or simply wanting to claim name recognition, researchers are continually evaluating the operations of the internet, the software that runs over it, and evaluating new and evolving vulnerabilities. Once they uncover something out of the ordinary, they typically report it, and by bringing the situation into the open, allow others to weigh in and conduct additional research.

In this manner, rumors can be squelched, true threats can be more quickly identified and quantified, mitigation procedures can be put in place, new anti-virus signatures can be generated, and in general, the overall impact of malicious software can be minimized. 

Or consider this story, detailed by an end-user of a smart TV.Since retailers and manufacturers have gathered so much personal information on those that purchase their goods and services and have ‘promised’ to keep that data private, any breaches of these promises can attract a large following. Once exposed, product vendors are virtually forced to respond and explain the actions of their products.

For locating experts, Twitter is an excellent place to start. The information sharing platform  has evolved into a major news source focused on reporting real time information. As a result, a specialty engineering discipline such as cyber security can - and is - developing a wide range of thought leaders who willingly share information and findings to a public community at large.  This direct voice to an external audience allows the individuals to convey some sense of their personality (limited to 140 characters, unfortunately) and do some small part to broaden the understanding and acceptance of various cyber security topics. 

CISOs are Leading the Charge

TechTarget: Opinion: Definition of the Role of CISO Still a Work in Progress

The position of CISO (Chief Information Security Officer) continues to mature and gain acceptance as a requisite function to those running organizations.

With the title only in existence for a few years, the subject of cyber security has grown in importance with discussions now occurring in board rooms where business decisions and strategy is discussed.  Executives working in this field continue to mature the practices and methods available to the organizations they are tasked with protecting.

And so, cyber professionals do have plenty to be thankful for.  Dedicated researchers and companies are paying serious attention to improving the overall security conditions of the IT industry.  These findings and research are reaching a far wider audience than ever before and cyber security conditions are improving each and every day.

Just remember – be careful out there when you do all that holiday shopping. (Visit, and say thanks, at http://www.safeshopping.org/)