It's been a long time since I rock-and-rolled
It's been a long time since I did the Stroll
let me get it back, let me get it back, let me get it back
baby, where I come from
It's been a long time, been a long time
Been a long lonely, lonely, lonely, lonely, lonely time
Well, it really has been a long time - since November 2010, to be exact - since I have published a post, if you want to call my last post a post. My tendency to over think what i want to say has resulted in analysis paralysis - and it's taken longer than anticipated to "get it back," whatever the hell the "it" is.
it hasn't been lonely though - that much is for damn sure! As for the reason I have been out of the blogging mix for so long, let me introduce you to my seven-month-old (on Friday) son, Raphael Eduardo Safran Nau. We call him Rafe, or Raffi.
Yah, he really is that cute, and I'm not saying that just because I'm his mom, or he's my first. He is a ton of fun, but I have yet to win the lottery and so....back in to the mix I go.
I will say this much - having a kid has definitely shifted my notions of security. it has also emphasized the fact that the most sophisticated, robust technology in the world is only as good as the people using it. So much of innovation in informaton securty is tied to automation, and all too often vendors are loathe to promote the impact of that out of concern that they may eventually automate their customers out of a job that we soften the message to those that need to hear it the loudest.
There might be some validity to doing that, but my guess is that companies will never be willing to invest in the level of automation they need to get ahead of the curve - they will always be playing catch up. And we are a long way from automating knowledge workers out of existence. Behind every security management dashboard there is a person (or persons) drawing conclusions, making decsions, or at least trying to do something with the data in front of them. If any one vendor can offer such radical automation as to threaten their job, well then, they should be talking to that person's boss, and not that person, right? I know, easy for me to say, I'm armchair quarterbacking it, but the bottom line is that infosec (like most of IT) is still about people (first and foremost), process and technology. You can choose to address each component seperately but they do not operate in a vacuum.
The best technology will only be as effective as the "worst" user - and conversely, a savvy security guy (or gal) can make the best of medicore technology. At the end of the day, corporate security people are tasked with securing information assets from other people (bad guys or other prying eyes), for other people (bosses, customers, etc), and rely on other people (vendors, consultants, other staff) to make sure it gets done right. Sometimes I think as an industry we focus too much on technology and not enough on people or process, or how technology supports people and their processes. And by the way, vendors are people too....
But I digress. With as much as has been going on this recently - Wikileaks, Anonymous, Lulzsec, all the ensuing havoc, it has been a surprisingly quiet summer for my clients, who have been doing some interesting things. Of course I am way behind on getting the word out on my blog about what some of those cool things are, but stay tuned
One of the good things about having your own blog is that when no one else is covering your clients you can. Rather than just shill for them, I would like to point to some of the (public) conversations they are having, which hopefully will be of some sort of interest to whatever readers I have left:-). So please check back soon for a deeper dive, but until then check out http://www.tufin.com/blog, http://www.identropy.com, and http://www.wombatsecurity.com.
Cheers,
Liz
Comments