Actually, it could get worse: Do your job, make sure that nothing happens and when nothing happens, some clueless suit is going to make you justify your job. This reminds me of what I used to do as a consultant: (1) Don't do your job and you get kicked out; (2) Do your job and get kicked out (because the assignment was successfully completed). And if you do your job ahead of schedule, you'll get kicked out ahead of schedule.

If you are a security person or a consultant and you are looking for unconditional love, go get your own lizard. I feel especially sorry for those security people who can't make their security policies stick try as they might, because they are not high enough on the corporate totem pole. Management will never understand the importance of security until they understand the unpredictability that inadequate security can add to their cost projections, and the damage that it can do to their business model in terms of lost revenues and lost profits (would you buy from an e-commerce site that can't keep your credit card confidential?).

To summarize, such things as revenues, profits, and cost control can exist only within the context of an adequate, strong security posture.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/186/22479#22479