One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1539219 |
| Date de publication | 2020-02-13 13:00:00 (vue: 2020-02-13 15:01:47) |
| Titre | InfoSec needs a reputation overhaul |
| Texte |
An independent guest blogger wrote this blog.
I was in a medical office the other day, and when the doctor came into the room, he needed to unlock his phone to contact a pharmacy. I couldn’t help but notice that his home screen had a photo of an infant. It was an adorable infant, and I asked “how old is your child?” The doctor reflexively answered, “10 months”, but then became a bit shocked, and asked me ‘how do you know I have a child?"
I confessed that I saw it on his home screen on his phone. I told him that I worked in cybersecurity, to which he responded, “oh, you guys steal everything”. Ouch! Now, the shock was shifted to me. A bit embarrassed, I apologized for being such a snoop, but it certainly made me think: are all of us InfoSec folks like this?
Reflect for a moment on your actions when you enter a room and see computer screens. Do you instinctively try to see what is on the screen? Does something as trivial as an operating system logo make you mentally churn through all the exploitable vulnerabilities? Do your eyes light up when you notice that your local pizza place is still using Windows XP for their ordering terminals?
We have a problem in our community. Our reputation is tarnished. We are not viewed as people who can help, like doctors, nurses, and other first responders. Instead, we are seen as the digital thieves and snoops. We need a reputation overhaul.
Is this because our particular profession is so young, that we feel officiously compelled to point out every vulnerable system, every exploitable action, and every weak security practice? Is this our way of increasing awareness about the perils of the digital world? It is not serving us well. I have pointed out in a previous post that we need to better engage with our clients, as well as how we lack inherited credibility. Yes, soft skills indeed, but look at what we have created by behaving in our current state; “you guys steal everything”.
What is our remedy for this problem? I propose that we InfoSec folks start to think more like the first responders. There is nothing wrong with reserving the ability to act when necessary, but perhaps we need not point out everything we see when we are not being asked to do so. How would you feel if you were cautioned by a nurse every time you ordered something “unhealthy” in a restaurant? Not the most pleasant dining experience. That nurse may be there to rescue you if you start choking, but will not make unsolicited comments about your food preferences prior to that.
My wife is a psychotherapist, and when we attend social events, people often say to her “Oh, I suppose that you are analyzing me”. She has come up with a very funny, but true response; “You ain’t paying me, I ain’t analyzing you”. Perhaps it is time for InfoSec professionals to take the same approach.
  |
| Envoyé | Oui |
| Condensat | “10 “how “oh “you ‘how ability about act action actions adorable ain’t all analyzing answered apologized approach are asked attend awareness became because behaving being better bit blog blogger but came can cautioned certainly child choking churn clients come comments community compelled computer confessed contact couldn’t created credibility current cybersecurity day digital dining doctor doctors does embarrassed engage enter events every everything everything” experience exploitable eyes feel first folks food funny guest guys had has have help her him his home how increasing indeed independent infant infosec inherited instead instinctively know lack light like local logo look made make may me” medical mentally moment months” more most necessary need needed needs not nothing notice now nurse nurses office officiously often old operating ordered ordering other ouch out overhaul particular paying people perhaps perils pharmacy phone photo pizza place pleasant point pointed post practice preferences previous prior problem profession professionals propose psychotherapist reflect reflexively remedy reputation rescue reserving responded responders response; restaurant room same saw say screen screens security see seen serving she shifted shock shocked skills snoop snoops social soft something start state; steal such suppose system take tarnished terminals then thieves think think: through time told trivial true try unlock unsolicited using very viewed vulnerabilities vulnerable way weak well what when which who wife will windows worked world would wrong wrote you” young your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.