No security bits and bytes?

I was talking the other day with a good friend that works in IT at a large public company.  He was excited to hear I was finally getting UberSecure going. 

"I can't wait to read about how to social engineer, break-in to networks, and hack websites and databases!", he said. 

What he didn't know is I'm not planning to post uber-technical material.  In fact, I want to stay away from bits and bytes… if I can help it!  After I explained who my target audience is for UberSecure he was even more excited.

Here's a summary of what I told him…  

"ExecBytecomponentss and techs have their own blogs they like to read.  These blogs are
written in their industry language with a job specific tone or message. 
There are fantastic blog resources for every slice of the business, but successfully managing security pains requires a united business
and technical approach.  I think most people would agree with that, but problems begin when these two groups get together — they talk past, over, or around each other.  There's plenty of words (colorful ones, too), but no communication.  Security progress comes to a stand still.  Execs are now "cheap and stupid" and the tech folks are "geeks that just want more toys."  

It goes without saying that execs and techs don't need to be experts in the other's discipline, i.eAccountant_calculator. the CFO doesn't need to know how to create
firewall rules and the network manager doesn't need to know how to
calculate the company's net income.  What they do need to know is how to communicate with each other — without hype, FUD, jargon, or evasiveness. Part of my goal is to connect  the "doers" and the "deciders" in a way that helps them make better decisions about protecting sensitive data and resources — before their penetration test, annual audit, or even better — before there's a break-in

Just adding more technology without knowing the root cause of security lapses is only a temporary fix.  Plus, there are softer, subtle factors that can undermine the effectiveness of security… things I've seen from assessing scores of companies.  Call it uncommon common sense.  That's what I want to address." 

I'd like to hear from you.  If you've got an "execs and techs" tip or story you want to share, let me know.  You can post a comment any time if you've got something you'd like me to cover in future posts. 

Cheers!  Simon

Leave a Reply

Your email address will not be published. Required fields are marked *