Tuesday, December 4, 2018

The most challenging aspect of security

Ever wondered what is the most challenging aspect to security? It's not understanding the evolving threats and actors. Certainly those are important, but people smarter than me do a fine job of tracking and reporting on emerging threats.

It's not the constant evolution of tools and blinky boxes. Sure, tools are part of the mix, and knowing what tools will benefit in what situations is a must, but a tool is a tool. Given the right tool with a suitable understanding of the problem, the right people can figure out the right way to use it.

It's not understanding the technologies and solutions I'm tasked with defending. Of course that is crucial, but 20 years in the field have taught me a great bit about operating systems, applications, networking, business, and the way systems work, break, and can be fixed.

The biggest challenge? It's not threats, blinky boxes, or foundational knowledge. It's the context switching. It's being eyeball deep into a topic when something else demands attention. It's the interrupt-driven pace of work, always at the mercy of the next unscheduled threat.

What techniques do you use to carve out dedicated time for strategic work? How do you avoid the pitfall of perpetual firefighting? Comment below or join the discussion on Twitter.

Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at) securityforrealpeople.com, or hit me up on Twitter at @dnlongen

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.