What’s an InfoSec/CyberSec Mindset?

Recently I read (by Rich Mogull) an interesting comparison between paramedics and people who work in computer security. It’s an interesting look at the difficulty in staying positive and engaged in a world for which we (as security professionals) will never win, never be able to say we’re finished and often lead a thankless instance.

As long as there are human beings and computer chips we will never win. There will never be an end. We face an endless stream of challenges and opportunities. Some years things are better. Other years things are worse. The challenge for us as professionals is to decide the role we want to play and how we want to play it.

Rich’s assessment ends with a nice positive note, one which resonated with me personally:

As a security professional, I can help millions, if not billions (hello Amazon, Facebook, Apple, and Google Security), at a time. I find this especially rewarding and exciting, especially as we build new products we think can have major impacts at scale – but even if that doesn’t work, I know that both my research and direct client work have touched at least tens of millions of people who will never know who I am. Maybe I only helped keep them a little safer, but a little is better than nothing.

Continue Reading