“Do you think a team of one person has already lost the battle? Straight out of the gate? Does he stand a chance? Does the individual even have a chance?” — Michael Allen (@_Dark_Knight_)
Have we lost the battle? On the one hand, we say that it is not if a breach will occur, but when. On the other hand, we say that we are all one breach away from unemployment. What does this tell us about the InfoSec field?
We need a seat at the table.
Most of us got into security back when, if you knew how to set the pins on the modem and knew how to type up firewall rules in a text editor, our users thought we were rockstars. They depended upon us. And we, in turn, depended upon their dependence in order to keep things running securely.
That is no longer the case. People today are more tech savvy and more willing to Google it for themselves. A slew of new companies, with buzz words from cloud to IT consumerization, enable the users doing just that. People do not depend on us any more.
Perhaps we became too dependent on their dependence. We no longer get a seat at the table. We no longer have a free pass. We no longer get included in discussions on new technology. And then we become concerned about all the technology being deployed in our organizations without proper security review and controls.
We must earn a seat at the table.
The #SecBiz thread on Twitter represents a search for earning that seat. #SecBiz shifts our focus away from securing technology and towards securing businesses. Less modems and firewalls, more business initiatives and processes.
Raf Los (@Wh1t3Rabbit) has been on the vanguard of this change. From his blog, from his presentations at B-Sides Detroit and everywhere else, and from his podcast, Raf has been driving home the point. This week, Michael Allen and I were guests on his “Down the Rabbithole” podcast. The topic being information security in the SMB space. We had a fantastic conversation about what security means today.
Are you wondering how to get a seat at the table? Feeling like you have already lost the battle? Spend some time following the Wh1t3Rabbit.
Down the Rabbithole – Episode 4 – Effective Small Business Security
http://podcast.wh1t3rabbit.net/down-the-rabbithole-episode-4-effective-small-business-security