It is a Journey
What is security? How can I be secure? How will I know my systems are secure? I was compliant with the regulations, how was I able to be hacked?
Over the years these questions have come up in one form or another. Now the conversations have been with different people and in different contexts. At first I was a bit dismayed that we are still struggling with the concept of security but the more I thought about it the more I welcomed the opportunity to address this topic.
With the emergence of yet another widespread vulnerability, I’ve been spending some time reflecting on the ever evolving threat landscape that has prevailed over my career. I’ve come to the realization and opinion that we, as a group of professionals, have gotten distracted and as a consequence have focused on symptomatic issues.
Essentially we have chosen to hike down a wilderness trail that constantly bring us into contact with all manner of dangers rather than a trail that seeks to avoid these dangers as much as possible.