Complexity is your enemy, simplicity is your ally

"He wins his battles by making no mistakes. To secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself."
The complexity of technology is the enemy of information security especially where it converges into a system. And it's easy to make mistakes through misconfigurations and process omissions.
Technology convergence has business advantages such as initiating change and efficiencies, so we'll see more of it.
From a risk-management perspective, it is a way to integrate risk and compliance processes. The simplicity of a single framework should lead to lower risk because it is easier to understand and control.
In security, as in battle, mistakes in strategy or tactics are devastating. Our goal is to ensure that our security strategies and tactics are well thought out, implemented properly and routinely verified.
This puts a heavier burden on our attackers.
Although bad guys are clever and skilled, they will only spend so much time on a target before moving on to an easier target.
Even for bad guys, time is money.
![]() |
An element out of place can open a door to hackers. photo: Nate Cochrane |