Thanks for tuning in. I’ll tell you now, I’m not here to tell you how you should run your security, I’m here to tell you what my vision is for Information security and the changes that I feel must happen.
Remember you are getting what you paid for. I’m looking for creative dialog with all of you. I want your thoughts and opinions, but start a flame war and we are done.
Fundamentally I believe that security is needed. I wish it wasn’t so. I wish we could all just play nice with each other. I wish, such an amazing and powerful phrase, it defines who we are and how we perceive the world. Problem is as the saying goes “if wishes were horses, beggars would ride .”
I remember the days when we all dialed around, used telnet, WAIS and gopher to bounce around and discover all these new amazing systems. Problem is that some at some point whoever ran those systems irritated somebody (Whether real or imagined) and that somebody decided to enact their (to them) justifiable revenge and the need for security was born.
Heck people this is fundamental to human nature, no matter what your ideology is they all assume that we are jacked up and need improving. I would love to be able to leave my house unlocked but inevitably no matter how rich or poor you are there is somebody who thinks that they should have what you have.
If you disagree with me great! I dare you to drive, walk, crawl, whatever to anyplace where a sizable population of humans live and hold the cost of your next rent payment in cash in your outstretched hand and take a stroll. Are you worried somebody will take it?
Why do you keep your money in your pocket or purse? Is it only for convenience?
The reason I say all of this is because as technology professionals we have to deal with the crux of all of this. At some point the organization that you work for, that pays your bills is going to piss somebody off.
For the business owners you have to ask yourself, who do you want guarding your company? Do you want a fresh from high school kid that took a “Security Guard in 90 days or less class” or do you want the Spec Ops individual that has years of experience and training?
I’ve only started to touch on these topics. Information security must change. Send me ideas for topics. Let me know what we can chat about. I’m thinking my next post will be about who the CISO must become.
Talk to you soon,
Francisco
Great read. I look forward to more posts.