The Tao Te Ching brings us Yin and Yang, two opposites that are a part of the ever changing universe. The misfortunes of the State Department (Yin) can be transformed into a victory for the security profession (Yang). Or to simply put it, when life gives someone else lemons, you take their lemons and make lemonade. One important aspect of Cable Gate is that it has brought attention to information security and the need for information security. Security professionals across the world can expect organizations to begin asking if they are vulnerable to the same thing. And more importantly, what to do about it. This is a grand opportunity to bring your skills to the table and represent the profession when your employer or customers turn to you for help . It does not matter if you are an engineer, a consultant, or management. When a breach happens the spotlight is on security and it is our time to sing.
Technology Is A Tool Not The Solution
In the world of information security it is all too easy to propose technology solutions that are not the whole solution. The technology can be a part of the solution, but we must realize that there is no silver bullet and that the truly motivated will find a way around any barrier. A solution is a combination of leadership, with a strategy, direction, and a team that can bring it all together. The most important component is leadership. Leadership does not have to come from the top of the organization. Security professionals by nature have to interface with other professionals in finance, public relations, marketing, and other areas. Be the expert in what you know, but do not discount the knowledge that other team members bring because they are a part of the solution.
Know That Everything Can Not Be Fixed
Leadership is also about knowing what can and can not be done. Not every exposure can be fixed. Not every risk can be effectively mitigated. Not every budget is unlimited. Not everyone wants to hear that no matter what you do, there is not a silver bullet. Setting expectations with other professionals and the public is extremely important. Security is about providing reasonable protection against threats. Sure, it may be possible to secure something by sending all the workers home and burning everything that is left. Even then you can not be sure that everything is gone. The stakeholders in the business would certainly object to shutting everything down. They would also object to a more pleasant picture than an army of security professionals could paint. Reasonable protection is about compromise between all stakeholders. This means that security professionals may also have to compromise. That does not mean that security is unimportant. Understanding that fact brings us back to the solution with many professionals working together and to teamwork.