Main
Codex
Librarium Whitehat
Advisories
Blog Pics
"Inveniam viam aut faciam" : I will either find a way, or I shall make one

Adeptus-Mechanicus - BlogMe


Still ranting

I am still thinking on these ideas of what it means to be a security professional. You see I keep getting this message that we need to learn to speak ‘business’. That if the business is not giving us what we need, not implementing our suggestions, that it is our fault for not communicating with them better. Once again I really do respect the people who say this. And I truly believe they are much better infosec professionals then me. But I am still going to call “Bull”.

You see a professional is something like a doctor, or architect, or engineer. Something requiring specialist knowledge. Now when I get sick, I do not blame doctors. When someone in the world dies, I do not blame doctors. If I doctor was directly involved in the death, then maybe. But just because there are doctors does not mean people are going to be healthy.

Unless people listened to doctors. That’s the catch. Doctors give us all lots of good advice. But we still have billion dollar industries around smoking and drinking for example. Because we do not listen to the doctors. Now do doctors beat their heads against a wall? Do they picket the factories? Do they change their educational needs to include better corporate communications or better client persuasion? Wait…. Wait…. No. Because they know that when we get sick we will go to them or we will suffer, and nothing drives human change like suffering. I am sorry to say that, but prove me wrong.

Now some doctors are preferred because they have better bedside manners. But I do not know about you, when I am coughing my lungs out, bedside manner takes a quick backseat to actual competence. Now I believe this was all driven by (a) doctors getting better and having more impact and (b) the big things like the black plague, outbreaks, etc – when we ignorant humans decided we really did not prefer dying to listening to those we called quacks.

So here is my pledge: I pledge to be the best InfoSec person I can be, I will read, I will listen. And IF I have time left over – I will try to learn how to tie a windsor knot and play golf. Because sooner or later, competence will be worth more then polished ass-kissing.

Alrighty then.

Published by erich, on February 18th, 2011 at 3:27 am. Filled under: General,rantNo Comments

No comments yet.

Leave a Reply