Solutionary Minds - Your Information Security Blog Source

Many years ago, when I first began working in computer security, I was excited and invigorated by its technical challenges.  Whether it was the challenge of understanding how encryption algorithms work, how SSL handshakes work, or how many levels of technologies and networks collaborate where security is relevant, I loved the complexities.  No other field made me as curious.  Security spans all platforms and dimensions: hardware, operating systems, programming languages, networking protocols, applications, people, companies, countries and even planets.  It’s relevant everywhere and requires broad and deep understanding.

Then, for a few years, I began to lose interest.  Companies I worked with often purchased and implemented security because they “had” to, due to some regulatory compliance driver that threatened them with fines.  They didn’t care.  They just wanted the cheapest solution, and didn’t seem to recognize security as critical to their company’s success.  Were they right?  A company’s priority is, and should be, about selling products and providing services, so it can deliver profits to its shareholders.  Our economy and society depend on it.  In the mind of a business, security was an annoying overhead, with no clear value-add to its product quality, sales numbers or bottom line profitability.  Sadly, where security clearly appeared was as an added expense on the income statement under IT.

I became disheartened.  But should I have been?  What company could sell products if their website was not safe?  What consumer would use their credit cards anywhere, especially online, if they didn’t trust the store or site?  What company would do business with another company or country if they could not keep track of inventory and sales?  What country would not care about the power plants and power grids that its economy and population depend on?  Despite these questions, I became disillusioned.  But something inside of me didn’t let go.

Times have changed.  These days, I see articles almost daily about cyber threats against large organizations, and their impact or risk at the national and global level.  Investment banks’ board rooms equipped with wonderful video conferencing systems are vulnerable.  Large scale retailers with millions of credit card numbers are exploited and consumers lose trust in them.  Many of America’s power plants and essential infrastructures are controlled via computer networks and systems that are often quite old and at significant risk of being hacked.  Today, Obama is aware, congress is aware, and thanks to reliable media sources such the New York Times, we are aware of what security means to our societies and economies.  

I’m glad I followed my intuition and didn’t lose hope.  First, working in information security continues to be challenging and intellectually stimulating as technologies evolve.  The computing power that has been moving from the mainframe, to the desktop, and now to the pocket, still needs to be secure, and makes our work even more complex and interesting.  Second, more and more companies and governments recognize security as critically important to their profitability, success and citizens’ well being.  They are no longer looking to buy the cheapest solution to avoid fines.  They are trying to do the right thing and be responsible.  That puts my conscience at ease.  Finally, helping grow and advance the mission of an established Managed Security Service Provider whose DNA is hardwired to do right by its customers and ensure their business critical operations are secure, is simply, a thrill.