So I know I’ve been slacking on the blog and I’ve been making excuses to myself. Last week it was, oh well I’m prepping for DEFCON. Then Sunday the excuse was that I was at DEFCON. Well now I’m on a plane, still on pacific time and being fed drinks by the wonderful folks who feel bad for the fact that our already late flight was delayed by maintenance issues.
So why the title? My post, The five stages of working in information security, was actually written out of the fact that there are really times that I want to go bang my head up against a wall, or at least the heads of some bureaucrats. You might ask, why would you ever want to do such a thing. Well if you have to ask then there’s a good chance that you ‘ve never worked in a technical field for people who don’t understand technology.
So while I was at DEFCON I was fortunate to run into an old friend and co-worker who confessed to me that he was feeling a bit hopeless about working in the field (if he reads this and I mis-represent anything I hope he’ll correct me). I knew exactly how he felt. Why are we still facing the same security issues that we were facing eight years ago?! And why do we accept it?
There are too many political battles and too many broken processes and i hope that I am completely wrong when I say that there are too few of us who are willing to speak truth to power. I hope that I am wrong on that last point but I’m probably not.
So where do we go from here? I saw General Alexander speak at DEFCON and he made some great points about how the Government and the Hacking community need to work together. The problem is that there are too many people in the hacking community who have their tin foil hats a little too tight around their heads. If you are going to run around believing that the Government and the Intel community gives a damn about you I have a shocking revelation for you. You are not that important! So take off the damn hat, let the blood return to your brain and start figuring out how you can help us move forward.
I think the bigger issue is that people are accustomed to thinking globally about this. The City of Los Angeles is hard to police; a single neighborhood in LA isn’t. When the system architects stop building all of LA, and just build a neighborhood allowing users to actually do their jobs, it becomes easier to patrol. Unfortunately, that’s bad news for Microsoft, McAfee, ECPI.