Are infosec pros complacent?

By

I had a very interesting conversation with a colleague recently. He had a disturbing take on the state of information security and, particularly, practitioners (of which he is one). He took the position that security professionals who have been around a while are becoming – no, making themselves – dinosaurs. Having been in this field well over 20 years myself, I, of course, found that a disturbing notion. You know what happened to the dinosaurs. Not a pretty thought.

He said that the "old-timers" are satisfied doing the same things they have done for years. They write the same old policies, use the same old techniques, apply the same old rules. Second, he said that when these old pros get together in the hotel lounge at a conference, they just sit around, drink beer (I'm a port man, myself), swap tales and perpetuate the old ways of thinking about security.

Are infosec pros complacent?

I speak at about a dozen conferences a year and I see long-time friends and colleagues at most of them. I don't think I agree with this as a universal pronouncement. Lest I be seen as being complacent myself, though, I thought that I might give this some consideration.

There is no doubt in my mind, anyway, that there is a new breed of "young Turk" in the infosecurity biz. These folks are highly technical, well-informed and attuned to the new generation of tough regulatory requirements. They have grown up with phishing, identity theft, complex multilevel networks, ecommerce, etc. They can build firewall rules in their sleep.

A smart IT security graybeard will recognize this talent and put it to good use. My students all are experienced either in some branch of IT. Many fit the description of old-timers in our field, just moving on up to a new academic credential. Believe me, not one of these students is anywhere near to complacent.

It's time for us older security practitioners to start training the new breed. Not in security, though, as much as in the ways of "doing" security in a business environment. The next step for the young Turks who want it is where us old folks are now. It's up to us to give back so that when we retire (what's that?) they can step in and do a lot more than tune firewalls and VPNs. They may be the hope of their organizations in an increasingly unfriendly cyberworld. Now, waitress! Another port, please. Beer anyone? It's my round.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?