Somewhere between the down in the trenches day to day operations of IT
security and the high level, watered down strategies consumed and regurgitated
by the CxO community, there lies some ground truths in what’s occurring in the
information security universe.
“What’s the best firewall to buy?” and “How to I configure it?” aren’t as
important questions as “What does a firewall really buy me given the current
threat environment?” Conversely “What percentage of my IT budge is spent on
security?” isn’t as important as “Am I spending my money in a manner that
protects my assets as effectively as required for my business?” and “How have I
adapted from the ‘defend everything’ to ‘accept compromise and worry about
detection and mitigation’ mindset?”
It’s easy to get caught up in the weeds of the currently state of infosec. It’s
a highly dynamic field and the specific threats and products change daily.
However, the ground truth of what’s really going on changes much more slowly. By
paying attention to the important truths of IT security, you can focus on the
important aspects of securing what you really care about and not get lost in the
details that simply waste time and cloud the real problems.
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek