I was rocking my 14-month-old daughter to sleep while thinking about what to write for my maiden column for Information Security. As I began to mull the possibilities--the latest Zotob worm, the abbreviated time available for patch management, the proliferation of botnets--my thoughts jumped to my personal security.
In an instant, I realized that not only were the front and back doors of my suburban home unlocked, but my car was open as well. Like my daughter, I have been lulled into a false sense of security.
In essence, humans are a trusting lot. We'd prefer to see the good and assume nothing can happen to us. Although that trust is occasionally broken and we become more vigilant for a while, the knee-jerk reaction wanes quickly.
You, as security managers, need to be vigilant every day. It's your job to assume something bad could happen, and you need to be skeptical and, perhaps, realistic about threats. You need to live and deal with my "nothing can happen to me" mind-set day in and day out. You fight for increased budgets to help prevent attacks while tirelessly trying to educate your coworkers that security threats are everywhere.
In many ways I will be learning along with those users. During my 16 years covering technology, I have not been steeped in security issues. I started covering this industry when 286s were the desktop of choice, Microsoft had yet to release Windows 3.0, and Check Point Technologies and VeriSign didn't exist. I have seen companies rise and fall, customers grapple with vendor consolidation, and businesses weigh integration strategy versus a best-of-breed approach. I've watched for trends, cut through the marketing hype, and helped customers and resellers do their job better.
While on this job mere weeks, I am here to tell you that I have already received my wake-up call on the pressing issues in the security marketplace. The bad guys are focused. They are smart, nimble and ingenious. And they are getting faster and faster every day.
Even more, I am quickly becoming educated on some of your other challenges: complying with the myriad standards and laws, developing security metrics and quantifying security ROI, getting top management to understand and buy into security policies, and explaining these technologies in business-speak, all while waiting for the next malicious attack.
I, and the other editors at Information Security, want to be your advocate. We aim to give you the information you need to make decisions on your security policies and practices. We want to provide you with information on the latest products and tools to succeed in the security industry. Furthermore, we want to hear about your challenges and celebrate your successes. While this is serious work, I'd like to throw in a little bit of fun with new features and increased interaction with you, our readers.
Together as an industry, we can share best practices so that, perhaps, we can enjoy a true sense of security.