It’s time for us all to raise our game

But remember, most of those projects were managed by high-earning private consultancies.

Poor IT decisions have landed the infosec profession with some difficult challenges. As many people believe, the very notion of putting powerful Windows-based computers on the desks of poorly trained users is a recipe for trouble, and a gift for the hacker community.

Security is reactive and increasingly complex, and threatens to spin out of control as we try to gain control over both existing technologies and emerging platforms, such as wireless networking and voice over IP.

The current approach to both IT and security is unsustainable and there are moves in a range of quarters to pull us back from the brink.

At government level, the Cabinet Office is working on a programme to raise the level of professionalism within the IT industry as a whole. Working with bodies like the British Computer Society, it is developing training and certification to provide a decent framework for building a profession worthy of the name.

In our own industry, we have the newly created Institute of Information Security Professionals, whose founders have worked remarkably fast to get to where they are today, recruiting their first members and mapping out the requirements for full certified membership.

Paul Dorey, the chairman of IISP (profiled in this issue) also happens to be a driving force behind the Jericho Forum. This user-based organisation is backed by some of the world's biggest organisations, all of whom have realised that we need a new way to do security.

The fact that he and other Jericho members will be shaping events at the IISP is a welcome sign that we will generate the people capable of taking on these new ideas and approaches. And the combined purchasing power of the Jericho members has persuaded some of the leading vendors to sit up and take notice, too.

What it means, though, is that we are all going to have to raise our games. Standards are rising, and there's going to be little room for some of the swashbuckling ways of the past. IT and security are maturing at last.

One last point. You'll see a new face on this page from next month. After three years at the helm of SC's UK and US editions, I have decided to move on to new pastures. I hope to stay in touch with the many good security people I have met over that time.

Ron Condon is editor-in-chief of SC Magazine