Popular culture has done one thing for the cyber security profession; make it seem relatively cool. A standard crime or action drama has trendy cyberpros, fingers dancing on slick keyboards while reams of incomprehensible text or graphics scroll smoothly by. These folks are abnormally attractive, luxuriously ensconced in palatial trendy offices who report to serious, considerate, worldly leaders.
Sadly in reality the script is entirely flipped. Most security folks desperately try to make the case for an organization to patch their hardware, eliminate access to insecure consumer technology and make do with skimpy budgets. Security tools are purchased without training or robust implementation services, staffing is minimal and technology and security risks remain unmanaged at the enterprise level. Offices are micro-cubicles that are harshly lit with soul-sucking corporate florescent. No tasteful coffee bars or inviting work nooks to be found. Plus I look exceptionally stupid in slouchy beanie.
One area that meshes with TV reality is the plethora of security tools in the enterprise space. Firewalls, IDS/IPS, SIEM, Endpoint, Asset Managers, Vulnerability Scanners, Policy tools, ad infinitum. Over a dozen screens with hundreds of reports, alerts and klaxons complete for the few infosec folks who attempt to reduce the risk of a data breach on a daily basis. With the enterprise security market flooded with products equivalent to the melon baller, security vendors are churning out more products that 80 percent of the market will never use or at least use effectively. [Read more…]