Is your infosec guy any good? A weird trick will tell you

Microsoft’s Wi-Fi sense feature is a guide to the nature of your security boss

Sourced through from:

Ask your infosec guy or gal the following questions:

some infosec people aren’t actually very good at their jobs, but are very good at hiding it. Here’s how to decode their answers.

“It’s useful, and Microsoft knows what it’s doing.”This infosec professional is fed up with having to manage other people’s passwords, and defaults to the ‘do it and get off my back’ response  when dealing with any new user behaviour. Do you want laziness and responsibility abdication in your data defenders? No, you don’t. Bad infosec person.

“I don’t like it, but there are ways to minimise the risk. Follow them, and you’ll be fine.” This infosec professional thinks users deserve what they get if they don’t know what they’re doing; learn the rules and get the skills if you want to be a fit citizen of the cyberverse. This is old-school arrogance, and shows a real lack of empathy for how actual humans use actual computers. The most widespreadinfosec problems are caused by reasonable people – which most people are – failing to cope with badly designed or thoughtlessly implemented systems – which most systems are. Do you want your bits protected by someone who considers themselves too good to deal with one of the most dangerous and common sources of security misery? Of course not. Bad infosec person.

“I don’t like it, and it’ll be trouble. Don’t use it, don’t encourage others to use it.” The denialist. Very common – almost compulsory – in large enterprises, this infosec person may have once been a perfectly useful member of society before being broken by corporate lock-down-itis. Or perhaps they were always like this. This sort of thinking again shows a lack of empathy – as if any sane user will ignore something that makes their life easier just because it’s not very safe – and, as a result, the near certainty of not only allowing the dangerous practice to happen but ensuring the users will try and hide it. An infosec professional who actively encourages covert insecurity? Bad infosec person.

“This isn’t the best way of doing things, but WiFi passwords are a pain. What problem are you trying to solve? Here, let me give you a script that will take care of that, and why don’t you let me set things up so they’re safe?”  Also known as an “Uncle Phil” – from a famously approachable and sympathetic IT infrastructure manager – this is the sort of infosec person you want to track down, capture and keep in a dungeon. They know you have a job to do and want to help you do it. They know the limitations of IT security tools and do their best to humanise them. They know that 90% of actual usual work done in large organisations happens through tacit collusion. And they know that if they have your trust, they will forestall or swiftly shut down many real security issues before anyone senior enough to be dangerous has to worry about them. Good infosec person.

See on Scoop.itInternet of Things – Technology focus


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s