One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 493751 |
| Date de publication | 2018-03-01 14:00:00 (vue: 2018-03-01 14:00:00) |
| Titre | What We Lack Most in InfoSec: Inherited Credibility |
| Texte |
Ask any InfoSec person the following question:
What do you lack most in your job?
Can you predict the answers? Of course you can. Most InfoSec folks will answer that they lack money, and resources (also known as “people”). Some of the more creative types will also mention that they lack time.
These are all good answers, but they don’t answer the question. These answers indicate what most InfoSec people need, rather than what they lack. What we lack in the InfoSec community is exactly what will allow us to fulfill those needs.
I was listening to a recent Lawfare podcast. This episode featured a speech given by Chuck Rosenberg to law students at University of Virginia law school. If you are unfamiliar with Chuck Rosenberg, he served as Chief Of Staff at the FBI under James Comey, as well as counselor to FBI Director Robert Mueller. Mr. Rosenberg has an impressive history. His speech was about leadership, but he mentioned something that made me consider the question “what do we lack most in InfoSec?”
Take the following scenario as an example. An attorney for the Eastern District of the United States stands before a court, ready to present a case. Once the court is called to order, the attorney introduces himself. He will customarily stand, and say:
“Chuck Rosenberg, on behalf of the United States of America.”
Those words have implied power. Not because it is Chuck Rosenberg saying them. There is much more to it; those words carry inherited credibility. Their power is derived from a storied institution of power.
Inherited credibility is what we lack most in InfoSec. You can be the world’s most elite hacker, capable of popping a shell faster than anyone else in town, but you will only get odd stares if you walk into the CEO’s office boasting of that credential. Most corporate cyber positions, from the security analyst, all the way up to the CISO, simply do not carry any inherited credibility. This is mostly due to the newness of cybersecurity positions in most organizations.
We may still be quite a distance from creating an inheritable empire. According to a February 2018 report by the Council of Economic Advisers, there is still no common lexicon for categorizing malicious cyber activities. This is especially true when discussing cybersecurity events. If we have yet to develop a common language, we are still too far off from closing the credibility gap.
We may currently lack inherited credibility, but this puts us in a unique position, as we are the trailblazers who can build that inheritance for our successors. If, however, you are working in InfoSec for your own self-aggrandizement, then you are sadly on a path to failure, but that is a broader subject.
Inherited credibility is what will move us from need to surplus. (Perhaps “surplus” is a bit too optimistic, but you get the point.)
The more important question you can ask yourself every day is: How can I build the credibility that will give my successors the power to continue to grow this meaningful work?
 |
| Envoyé | Oui |
| Condensat | “chuck “what how 2018 about according activities advisers aggrandizement all allow also america analyst answer answers any anyone are ask attorney because before behalf bit boasting broader build but called can capable carry case categorizing ceo’s chief chuck ciso closing comey common community consider continue corporate council counselor course court creating creative credential credibility currently customarily cyber cybersecurity day derived develop director discussing distance district don’t due eastern economic elite else empire episode especially events every exactly example failure far faster fbi featured february folks following from fulfill gap get give given good grow hacker has have himself his history however implied important impressive indicate infosec infosec: inheritable inheritance inherited institution introduces is: it; james job known lack language law lawfare leadership lexicon listening made malicious may meaningful mention mentioned money more most mostly move much mueller need needs newness not odd off office once only optimistic order organizations own path people perhaps person podcast point popping position positions power predict present puts question question: quite rather ready recent report resources robert rosenberg sadly say: saying scenario school security self served shell simply some something speech staff stand stands stares states storied students subject successors surplus take than them then these those time too town trailblazers true types under unfamiliar unique united university virginia walk way well what when who will words work working world’s yet your yourself |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.