Sam Dekay

An Open Letter to Warren Axelrod: Yes, InfoSec, You’re a Heck of a Job

Of course, Warren, you see where this is going.  As you (and, judging from recent press releases, President Obama also) have noted, the proliferation of vulnerabilities in public-and private-networks and applications has also increased risks and the likelihood of unauthorized disclosures.  Yet, the working environment of most information security practitioners remains inextricably linked to a mindset characterized by reactive response to crisis.  This linkage is further supported by a work environment in which the administrative requirements of bureaucracies, requirements that do not necessarily enhance the quality of services provided by InfoSec professionals, are also increasing.  Simply put, practitioners have less time to devote to an increasing number of vulnerabilities and exploits.

It would be pleasant to imagine that the work of Information Security consisted of developing ever more effective methods of protecting critical infrastructure and information assets.  Certainly, the research community, mainstream and electronic journalists, vendors, regulators, auditors, and even, now,  politicians, seem to assume that this is the case.  But, among all these voices emanating from the powerful-even from, as you mentioned, the RSA Conference-there is yet another powerful, if less public, assertion.  This assertion insists that information security is not merely a vital function but also a-job.  If only the requirements of the job always neatly complemented the work of the profession!  But it happens far less frequently than we hope.

Perhaps you-or our readers-have some thoughts to share concerning the day-to-day practice of information security and how, in the midst of our meetings, memos, and time sheets, we may aspire to better things?

Thanks for your attention,


Post a Comment

Your email is never published nor shared. Required fields are marked *