I ran across a great post on fudsec about the economics of information security. It served as a good reminder for my ultimate goal of infosec - eliminate it. As a practitioner I had a motto of putting myself out of a job by embedding security into IT and the business. I won't see it in my working years but the mindset is powerful. Now as a vendor, I still have the same rallying cry. I'll happily find the next challenge when our industry matures and doesn't require separate assessment, consulting, and operations functions within IT.
This mindset is powerful because it cuts through the politics and potential turf wars as you do your job. It's incredibly liberating to try and be so good you're not needed anymore. No reason to dig in your heals on some emotional issue if your goal is to improve to the point of irrelevancy. You can now focus on what it takes to get there. Imagine if you improved and measured your security processes to the point of reaching a truly mature level e.g. cmmi level 4-5. How many of these could be returned to IT proper, cutting costs and streamlining IT?
I argue there's plenty of wealth to be generated along the path to unemployment.
Apologies for the soap boxing but this motto always reinvigorates me.
Have a good weekend.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!