Does any of it matter?
Published 17:35, 12 November 09
The work we do, the toil, the trouble, the late nights reading and mapping and coding to fight against an unknown foe? The testing, the evaluating, the deploying, the constant struggle to make “them” aware of the impending digital apocalypse that threatens our very ability to do stuff, digital stuff, like finding references to Czech novels, posting pictures of giant squid or looking at Goth porn.
But we are the future, our very ability to secure is what enables our organisations to drive greater profit – we are the machines! Defenders of the faith protecting the world’s organizations against a direct portal to Hades exposed through a poorly coded web application, an insecure service or an unaware user – we are the only thing standing between freedom and Satan – aren’t we?
Nobody understands us, the executives seem to ignore security, the business owners want to focus on profits or other nonsense completely irrelevant to the seasoned IT security professional, the users seem oblivious to the malware laden websites dripping with fresh bot-infected, backdoor, keyword snarfing doodoo...
...and some fresh out of business school yahoo from a fortune 100 tech firm has convinced upper management that driving a CMDB across an ITIL landscape will allow us to ride atop a mighty horse of SLA metric goodness to the forbidden city of IT nirvana where operational efficiencies coalesce with the zenith of perfect security – breathe it in friends!
Big is the new small, data security is the new the black, security innovation is dead and risk management is weaving a path of conflicted reasoning, contradictions and poorly used metaphors that threaten to tear apart the very fabric of our industry, or at least really annoy some people.
Will security awareness posters really make us more secure? Perhaps one with Bruce Schneir dangling perilously close to the edge of the Internet, wide-eyed and with the slogan “hang in there kid” emblazoned across the bottom, of course it would be written in a variable key, roughly 32-448 bits.
Will the Jericho Forum finally bring about the end of the network vs. host security cold war, as they demand organizations everywhere to “tear down that wall”, will Microsoft build the worlds most secure OS, will my copy of Photoshop implode during an unavoidable month of Adobe bugs?
Will Google become our new digital overlords bringing forth an Orwellian 2010? Will the market consolidate, will China launch a cyber attack against the US resulting in something more devastating than not being able to download the latest episode of Mad Men through iTunes.
Will 75% of enterprises be infected with undetected, financially motivated, targeted malware that evaded their traditional perimeter and host defenses? And if so will anyone notice?
Does any of it matter?
Of all the advice I have ever received, ever heard and ever given the most important to date has been to wear sunscreen – thanks Baz. Perhaps I have finally found the magic boundary between a nice morning caffeine buzz and one too many cups of espresso or perhaps I am echoing the thoughts of a never-ending cycle of well intentioned, professionals, experts, and zealots rallying behind the meme du jour.
Who knows but some days we all struggle with the unbearable lightness of securing and other days, we struggle with the unbearable heaviness. Fortunately, for most of us, someone, somewhere does care and much of what we do does matter, let’s just not lose sight of the big picture – life!