A Glimpse Into the Security Mindset
All IT professionals, regardless of specialty, face a number of challenges. Some, if not all, of these will affect most IT professionals in some way or another throughout their career:
- Lack of budget, IT is considered “overhead”
- Lack of respect from other business units, we’re only one step removed from R2-D2
- Lack of social skills, you spilled Mountain Dew on your too-short pants at the meeting
- Politics, the smiley well-dressed guy that wears too much cologne with the football analogies is better-liked than you
There’s also a bevy of more specific technical challenges that could plague IT folks (this list is almost infinite):
- You are trying to integrate new platforms into the environment
- You are trying to keep legacy systems afloat
- You are trying to communicate with the mainframe people, who DO in fact resemble R2-D2
- Upgrading/replacing systems
- Upgrading/replacing applications
- Managing users, scripts, logs, storage, networks, devices, etc etc etc.
Security people have a challenge that is 100% unique to their discipline: we have adversaries.
Now I know some of you in areas other than security will argue that you have adversaries, too. If security is even a tiny part of your job description, then you may be right. But the burden of fending off adversaries, both internal and external, falls squarely on the shoulders of information security teams. This lends an entirely new dimension to the concerns that plague everyone else:
- We cannot prioritize new functionality over security and stability. Ever. Lest adversaries take advantage of this and exploit vulnerabilities.
- Things like coding languages employed, platforms chosen, and applications deployed really need consideration not from what they offer us, but for how breakable they are.
- The concept of time is more relevant to us than anyone – our priorities can, and should, change as the threat landscape does. We have opponents, some coordinated and others standalone, actively trying to come up with new ways to cause us harm. This means we need to ensure these new methods they’re employing will be as ineffectual as possible, all the time.
This is an over-simplification at best. However, it’s an oft-overlooked factor that tends to be forgotten in the day-to-day dynamics of our interactions.