The other day, the president of RSA, made the comments that he believes security has failed. He goes on to admonish defense-in-depth strategies as not keeping up with the need.
I’ve been thinking about what Amit Yoran has said and I’d like to say I disagree with his comments and belief.
I’m looking at things from the perspective of an active Principal Security Analyst, a former InfoSec Manager, and a small business owner. I have over 30 years of technology experience from hands on operator, intelligence analyst, and Chief Cryptologist in the navy. I took four years off from the InfoSec industry to create and open my own business doing holistic wellness. While this is still going, I recently returned to the InfoSec world and I’m glad to be back.
What I find interesting after being gone for four years is the topics of discussion surrounding security haven’t changed all that much. Basically, I don’t feel like I missed out on anything being gone. This is good for me, but sad that we still have to deal with computer hacking challenges, fraud, leaks, and intrusions.
Is this a failure in security? I don’t believe so. I do believe there are failures however. I believe the failures belong to the board rooms and upper management; the people who make financial decisions and those decisions surrounding risk.
In the current state of affairs, knowing the threat environment there really is no excuse for a company, corporation, small business, or independent contractor to do security. No excuse. InfoSec is an essential aspect of business all the way from the board room down to the janitor. Security, security, security. It must be so broadly accepted that there is no question what it is there to do. This is the same approach hackers will do. They know the security landscape extremely well. Business must know the counter landscape as well or better than a hacker.
In the end, all news is not bad. I would say the security maturity is making it up higher in the food chain of decisions and discussions being had in management. But damn people, it just can’t be an afterthought any more.