I've often wondered why it is that so many clients seem to feel ashamed when asking for help with IT-security projects. I've been on the client side of the desk for almost 10 years and on the consultant side for 10 years. What never ceases to amaze me is the number of clients that have no problem asking for help in Active Directory design, SAN optimization, getting their BGP connections to an ISP up and running but completely choke when asking for a penetration test or vulnerability analysis? Can somebody tell me the difference?
It's almost as if the clients somehow feel less "masculine" when asking for help on security-related topics. I can't count the number of times that clients make such a big deal about keeping the whole process hush-hush. You might think that a company that actively cares about security and takes a proactive approach would be applauded. Unfortunately, in this society it appears that approach indicates weakness. Is it somehow related to the male component of society that feels like they must be in charge, taking care of their woman and family without needing help? Is that why so many men drop dead of heart attacks?
I've always said the bad guys will always have the upper hand because they share things they learn. The good guys keep everything a secret, heaven forbid that somebody finds out they were compromised. The lessons they learned could be useful to another company but that information will never see the light of day. But on the other hand they have no issue paying out large sums of money to useless CXO's, asking the government for a bailout and generally exhibiting poor management skills.
Go figure.
The Story on Leading with Intention
3 years ago
Posts
0 comments:
Post a Comment