Security: Taking the Long, Long, Long View
We are at the time of year where Security folks make predictions about the year to come, or review the year that has been. I admit I’ve done this once or twice, myself. But not this year. As I thought about it, this year as a Security leader was a lot like last year, and next year will be more of the same. Things change really slowly in security, regardless of how many new vendors appear on the RSA vendor floor.
While I was thinking about that, I had a typical week in security. The security team achieved some stuff — successful audits, completion of projects and plans, positive feedback from partners. There were also any number of industry security events that prompted an unplanned reaction within the security team; a request for budget and resources was only partially filled; and a non-security leader who deferred addressing a security issue in favor of a higher business priority.
I suspect my experience is typical of most security leaders: the same tactical things happening week after week, and industry issues and themes that remain constant year after year.
If the popular definition of insanity is doing the same thing but expecting a different result, is it any wonder that security leaders are burning out, moving quickly from role to role, and generally feeling discouraged?
