Explicit

Episode Sixty-Seven - Control the message, control reality

Dec 20, 2021 · 1h 41m 10s
Episode Sixty-Seven - Control the message, control reality
Description

A true story with four realities (or versions of reality). 1. The public version. 2. The employee version. 3. The management version. 4. The Security Analyst’s version. To the public,...

show more
A true story with four realities (or versions of reality).

1. The public version.
2. The employee version.
3. The management version.
4. The Security Analyst’s version.

To the public, -ORGANIZATION- seems to be doing a great job. -ORGANIZATION- has a noble mission and appears to be serving the mission well. They don’t think about information security at -ORGANIZATION- because it doesn’t come up in conversation. All they care about is that -ORGANIZATION- is fulfilling their mission, and they seem to be treating the public OK.

To the employee, -ORGANIZATION- is doing OK. Sure, there are plenty of challenges, and politics sometimes gets in the way, but employee's like what they do. As long as employees do their job well, they’ll be fine. Information security isn’t a concern because the employees don’t really know what it is. Just stay focused on the job, keep your head down, and you'll be OK.

To management, -ORGANIZATION- has a mission, but personal missions far outweigh the -ORGANIZATION- one! The personal mission is to keep this job and get some kudos along the way. In order to keep the job, they have to play the game. The game is politics, and sometimes politics are cutthroat. Management spends more time defending itself and attacking each other than they do on accomplishing anything. As long as the public and the employees see management as great (or good) leaders, they’ll be safe. Problem is, they suck at the job. Focus #1 is "MY JOB" (at all costs). They love the job because it comes with a lot of perks. Information security is a pain in the ass and management doesn't have time to learn about it. Who cares anyway?

To the Security Analyst, -ORGANIZATION- has a mission and information security is (and must be) part of the mission. There are so many risks to deal with and there's not enough support. The Security Analyst is a team of one and has no support from management. People keep clicking on links, people keep choosing crappy passwords, management wants new blinkly lights, and the Security Analyst can’t cope anymore. The Security Analyst is not paid well (by industry standards), but they're here because they care. The Security Analyst doesn't want people to get hurt, and they believe in the mission, but they need help!

The true reality? Most of three realities are bullshit. To some extent, the public has been deceived, employees are misled, management is shitty, and the Security Analyst needs some support.

The Security Analyst works at -ORGANIZATION- for the right reasons.

The Security Analyst loves people and wants to protect -ORGANIZATION-.

The Security Analyst wants to protect -ORGANIZATION-'s employees, customers, and the public.

The Security Analyst doesn't want to make a name for themselves, but desperately wants to do the right thing.

The Security Analyst has tried again and again to get their message through to the alternate realities, but the results are very disappointing.

The Security Analyst feels it's their moral responsibility to do something.

To this end, the Security Analyst sends a VERY respectable email to the -TOP MANAGER-'s executive assistant. The email is respectful, informative, fact-driven, and was NOT threatening in any way. The sole purpose of the email is to get help and to help (the public, employees, and management).

The next day...

The Security Analyst is called into a meeting, and here's what the Security Analyst is told:
- "The Board and most people don't give a shit about Security and it's not our job to educate them."
- "Our job is only to deal with internal concerns and stay in our lane."
- You "didn't follow the chain of command and need to be mindful of the bigger picture and their concerns, and realize that (your) focus isn't theirs."

This story is REAL. It just happened last week. Let's talk about this and the alternate realities we live in. What the hell do we do about this?

Join myself, Ryan, Chris, and Rachel LIVE and give your thoughts...
show less
Information
Author The InfoSec Mission
Organization InfoSec Missionaries
Website -
Tags

Looks like you don't have any active episode

Browse Spreaker Catalogue to discover great new content

Current

Podcast Cover

Looks like you don't have any episodes in your queue

Browse Spreaker Catalogue to discover great new content

Next Up

Episode Cover Episode Cover

It's so quiet here...

Time to discover new episodes!

Discover
Your Library
Search