My apologies for the recent radio silence. I’ve been busy overseas providing education and support in up-and-coming regions. I do this because I believe it’s vital to train up new consultants and security managers in the most efficient techniques.
Good advice is important as the security industry is littered with many second-rate practices. And in the absence of sensible advice, these practices will fill a vacuum and encourage a dangerous ‘herd mentality’ in response to compliance demands.
We need to cut through this treacle and teach more effective methods. It’s a hard sell, however, as most CISOs are more concerned with the paperwork of compliance, than the reality of security risks.
None of this should be surprising. Any experienced consultant can assemble a set of convincing security paperwork within a day. But the reality of changing organization culture and reducing risks takes months or years.
Which do you choose? A quick, dirty set of paperwork or a hard, long-drawn-out, transformational change? Unfortunately it’s a ‘no brainer’