Why Can't Security Place Nice With Others?
12 minute read | Last updated 1-Jun-2018 | 
Security, Culture Change, Rant
Mornings With Mark no. 0060
Watch the episode on YouTube
Join the discussion on LinkedIn
Share on Twitter
Bad Robot Transcript
Good morning. Welcome to episode 60 60 of mornings with Mark by episode 60. I should probably remember the name of the show little more confidently than that. What I want to talk to you today about was simply why can’t security teams get along with others. I know that seems ridiculous trying to achieve the same goals, but are we so, I’ve talked a lot over the last few episodes about getting started in cyber security and I think you don’t swear.
I have a challenge and giving advice people are giving advice to people on how to get started in cyber security is that I think fundamentally how we Implement cyber-security today is broken. So I find it very difficult to say. Hey, you should take these steps to get into cyber security and perpetuate the challenges we have today.
I’ve been doing this for a very long time. Unfortunately. I’m probably too long some respect. But. Length of time gives me a different Viewpoint. I think a lot of folks have been doing this for a while have that sort of broad perspective as well. But we haven’t facilitated as much changes.
I would like to see him one of the biggest changes. I find or that we need to do is how the security team is view within the organization how the security team make changes as much as I love seeing the next cool zero-day exploit the next cool huge vulnerability more interesting, but it’s not really productive, you know, we have conferences that are centered around this type of information and yes, there’s value in that but we don’t talk nearly enough getting out in your organization in educating people raising the level of everybody cybersecurity knowledge of helping build Security in by Design building privacy in bided.
Information security are the ones of all the knowledge to understand that risk that can help communicate that you fail to do that. I think it’s understandable from some respects. But this is very much a conversation starter, hopefully or hopefully a continuation of a conversation. We’ve been having but you’re something I find interesting from security perspective and you see this mirrored in law enforcement in defense in anything where you’re constantly fighting an adversary or feel like you’re in an adversarial situation at some point cynicism steps in it takes hold and everything is Doom and Gloom It’s the nature of the business.
Sometimes it’s really unfortunate. You know, there’s a reason why in law enforcement for forensics teams, they cycle people in and out on a regular basis because you can only take so much before your perspective is permanently shifted and not perspective. There may be advantages in that shift, but more often.
There’s significant disadvantages. So let me take this little step further and say that’s if you’re constantly looking at users negative behavior. It is inevitable that you form a negative general impression of users. If you’re constantly looking for Crime, you’re going to tend to see crime everywhere your costly looking for security risks and threats.
You’re going to see them everywhere. You may take all that is not a job. It’s part of the job of a part of the real core of information security within an organization to help move that business forward and there’s no bad risks accept the risk that you’re completely unaware of it is implicitly taken in on you really need to have risk out there evaluated as a business decision before but if you’re constantly sitting there looking at that views Behavior have a negative view of your users have have a negative view of your constantly being bombarded with attacks in this type of thing.
You’re not going to have that positive outlook. And I think that really comes to the core of why security teams don’t play well with others is because we’re grumpy Gus has we’re negative and cynical because that’s all were supposed to I think that’s on us from a security perspective.
I think you really need to push forward. You need to look at the positive aspects. You need to put yourself out there and work with other teams in the business to ensure that you’re seeing the positive side that the upside so that when you do see Villages user intent or poor use Behavior you can put it in proper perspective and say wait a minute when Mark did that really dumb thing and download it.
Cool new app and infected his endpoint and everyone in his business unit. That’s an isolated think that’s not a constant thing and I think that’s a huge Challenge and security and I think we’ve set ourselves up and our systems up to amplify that this comes to a part of my challenge around Sauk right around Security operation Center.
They’re required now, I understand that. I think they provide value now, but they perpetuate this negative you but they also isolate security as opposed to having an operation Center in which security is a part of Rights of security is a part of the business. It should be treated in the rest of the operations of the business is saying the people so I think my thought for you today is really are you grumpy cynical? Are you trapped in this self-perpetuating negative feedback loop and how can you break that how can you step out and look it up? Effects of the business look at a positive influence that you was a security professional could have on the business.
Can you go teach somebody something today to get a win under your belt that pure positive? Can you notice some interesting outbound traffic on the network and say wait a minute. If I go talk to Mark about the fact that you know, he’s using an unencrypted connection to his email server if we make them in perfect connection.
He’s better off and it’s really packed, just a little bit of education. Is there a simple win that you can put a deposit to call I challenge you to find that today and then find another and another and another adjust that perspective and I think will work better with other teams within the business because right now we have that reputation of being grumpy cynical always saying though and I think what we’ve set up is organizational structures what we’ve set up systems reinforces that Viewpoint not just from others but form ourselves and you really need to break that and get positive so find a positive today.
What do you think is this resonating with you? Online at Mark MCA in a comment down below if you’re watching this on any of the networks always feel free to email me me at Mark and this is very much discussion. As always. I appreciate that. You stuck with me through 60 episodes.
I look forward to the next 60 in the next 60 after that in the meantime have yourself a wonderful day. Positive and keep building on it. Good morning. Welcome to episode 60 60 of mornings with Mark by episode 60. I should probably remember the name of the show little more confidently than that.
What I want to talk to you today about was simply why can’t security teams get along with others. I know that seems ridiculous trying to achieve the same goals, but are we so, I’ve talked a lot over the last few episodes about getting started in cyber security and I think you don’t swear.
I have a challenge and giving advice people are giving advice to people on how to get started in cyber security is that I think fundamentally how we Implement cyber-security today is broken. So I find it very difficult to say. Hey, you should take these steps to get into cyber security and perpetuate the challenges we have today.
I’ve been doing this for a very long time. Unfortunately. I’m probably too long some respect. But. Length of time gives me a different Viewpoint. I think a lot of folks have been doing this for a while have that sort of broad perspective as well. But we haven’t facilitated as much changes.
I would like to see him one of the biggest changes. I find or that we need to do is how the security team is view within the organization how the security team make changes as much as I love seeing the next cool zero-day exploit the next cool huge vulnerability more interesting, but it’s not really productive, you know, we have conferences that are centered around this type of information and yes, there’s value in that but we don’t talk nearly enough getting out in your organization in educating people raising the level of everybody cybersecurity knowledge of helping build Security in by Design building privacy in bided.
Information security are the ones of all the knowledge to understand that risk that can help communicate that you fail to do that. I think it’s understandable from some respects. But this is very much a conversation starter, hopefully or hopefully a continuation of a conversation. We’ve been having but you’re something I find interesting from security perspective and you see this mirrored in law enforcement in defense in anything where you’re constantly fighting an adversary or feel like you’re in an adversarial situation at some point cynicism steps in it takes hold and everything is Doom and Gloom It’s the nature of the business.
Sometimes it’s really unfortunate. You know, there’s a reason why in law enforcement for forensics teams, they cycle people in and out on a regular basis because you can only take so much before your perspective is permanently shifted and not perspective. There may be advantages in that shift, but more often.
There’s significant disadvantages. So let me take this little step further and say that’s if you’re constantly looking at users negative behavior. It is inevitable that you form a negative general impression of users. If you’re constantly looking for Crime, you’re going to tend to see crime everywhere your costly looking for security risks and threats.
You’re going to see them everywhere. You may take all that is not a job. It’s part of the job of a part of the real core of information security within an organization to help move that business forward and there’s no bad risks accept the risk that you’re completely unaware of it is implicitly taken in on you really need to have risk out there evaluated as a business decision before but if you’re constantly sitting there looking at that views Behavior have a negative view of your users have have a negative view of your constantly being bombarded with attacks in this type of thing.
You’re not going to have that positive outlook. And I think that really comes to the core of why security teams don’t play well with others is because we’re grumpy Gus has we’re negative and cynical because that’s all were supposed to I think that’s on us from a security perspective.
I think you really need to push forward. You need to look at the positive aspects. You need to put yourself out there and work with other teams in the business to ensure that you’re seeing the positive side that the upside so that when you do see Villages user intent or poor use Behavior you can put it in proper perspective and say wait a minute when Mark did that really dumb thing and download it.
Cool new app and infected his endpoint and everyone in his business unit. That’s an isolated think that’s not a constant thing and I think that’s a huge Challenge and security and I think we’ve set ourselves up and our systems up to amplify that this comes to a part of my challenge around Sauk right around Security operation Center.
They’re required now, I understand that. I think they provide value now, but they perpetuate this negative you but they also isolate security as opposed to having an operation Center in which security is a part of Rights of security is a part of the business. It should be treated in the rest of the operations of the business is saying the people so I think my thought for you today is really are you grumpy cynical? Are you trapped in this self-perpetuating negative feedback loop and how can you break that how can you step out and look it up? Effects of the business look at a positive influence that you was a security professional could have on the business.
Can you go teach somebody something today to get a win under your belt that pure positive? Can you notice some interesting outbound traffic on the network and say wait a minute. If I go talk to Mark about the fact that you know, he’s using an unencrypted connection to his email server if we make them in perfect connection.
He’s better off and it’s really packed, just a little bit of education. Is there a simple win that you can put a deposit to call I challenge you to find that today and then find another and another and another adjust that perspective and I think will work better with other teams within the business because right now we have that reputation of being grumpy cynical always saying though and I think what we’ve set up is organizational structures what we’ve set up systems reinforces that Viewpoint not just from others but form ourselves and you really need to break that and get positive so find a positive today.
What do you think is this resonating with you? Online at Mark MCA in a comment down below if you’re watching this on any of the networks always feel free to email me me at Mark and this is very much discussion. As always. I appreciate that. You stuck with me through 60 episodes.
I look forward to the next 60 in the next 60 after that in the meantime have yourself a wonderful day. Positive and keep building on it.
