Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

10/23/2018
10:30 AM
Joshua Goldfarb
Joshua Goldfarb
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Good Times in Security Come When You Least Expect Them

Not every cybersecurity endeavor can have a huge impact. But a small percentage of your efforts can still produce results that blow you away.

Writing can be a funny thing. Sometimes you spend days working on and struggling with a piece. Other times, a piece comes to you in a flash of inspiration in the span of just an hour or two.  How much a piece interests or speaks to your readers seems to have little to no correlation with how long you spend on it.

What does this have to do with security? Sometimes you spend lots of time and money on a given effort. But the benefits you get and the good that comes of it may be what you least expected. Or, to put it another way, a given effort may result in dozens of effects that may seem irrelevant or of no value to you. And yet, there may just be that one effect that makes the whole effort worthwhile. 

In security, we have many different initiatives going at any one time. Some may require more effort, while others less effort. Yet, as we progress with our efforts, we are sometimes surprised to learn that each initiative affects security posture differently. Often, an initiative's impact has little to no correlation to the amount of resources it requires.

How can organizations find that diamond in the rough and take advantage of the occasional gems that make an effort worthwhile? It is in this spirit that I present five ways to be prepared for good things to happen when you least expect them.

  1. Exit the Tunnel: We all get tunnel vision from time to time. But when we get overly focused on a given philosophy, a given approach, a given set of tasks, or a given work program, we often miss all the good going on outside of the tunnel we put ourselves inside. Being open to something happening in our periphery can help us find new and creative ways to solve problems and see the good that might otherwise pass us by — like that next great way to improve our security posture.
  2. Welcome Input: Don't just welcome input — actively solicit it. Is it possible that you'll hear a bunch of bad ideas that you can't possibly consider for one reason or another? Of course. But what about that one gem of an idea that you'll hear that may solve a difficult problem you've been wrestling with for quite some time? When you least expect it, you just might hear something that will pleasantly surprise you with its cleverness. But if you don't welcome and solicit input, you'll remain unprepared to receive the good that may come from the thoughts and input of others.
  3. Open Your Eyes: Some of us tend to "close our eyes" in a professional sense from time to time. It pays to open our eyes, be aware of our surroundings, and take a look around as often as we can. Perhaps you will notice something you wouldn't have noticed otherwise. Sometimes, there are good things happening just beyond our field of vision. And, more often than not, we are the ones limiting the extent to which we can see what's out there. Broadening our perspective allows us to notice and leverage the good that may be going on just outside of where we're accustomed to looking. 
  4. Open Your Mind: How many times in our lives do we hear something without truly parsing, understanding, and internalizing it? Similarly, how often do we encounter or notice something without truly seeing it for the good it brings and the value it adds? For most of us, these scenarios likely happen quite frequently. It helps to look at things with a different spin sometimes to try and reframe them and see the positive effects. To look for the good. Doing so allows us to navigate events differently. It causes us to be aware that when we look upon something differently, we may see it from an entirely different perspective in order to leverage it for good, even if how to do so wasn't initially obvious to us.
  5. Take a Long Drive for a Short Concert: I once drove three hours each way for an hour-long concert. The entire seven-hour trip was worth it just for that one hour of enjoyment. Why am I telling you this story? The overwhelming majority of your efforts may produce nothing at all of value, and that's OK. Not every security endeavor can have a huge impact, or even end in success. But a small percentage of your efforts may produce results that blow you away — and that is what is most important. It's important to look upon your security endeavors as an investment. The security organization that continues to make wise investments will continue to reap positive results from those investments. Its security posture will improve. Conversely, the security organization that runs from investment because not every single investment pays dividends immediately will stagnate and eventually worsen with time as risks and threats evolve. 

Related Content:

 

Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Josh (Twitter: @ananalytical) is an experienced information security leader who works with enterprises to mature and improve their enterprise security programs.  Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MarkSindone
50%
50%
MarkSindone,
User Rank: Moderator
11/7/2018 | 12:34:37 AM
Re: My grandfather's plaque
Every effort counts and in the topic of cybersecurity, every single step can produce great results. This is why we should never perceive any amount of preventive measures as minor or worthless when implementing security means. We need to try every method available to eventually derive with which are the ones that suit our requirements.
josh@idrra.com
50%
50%
[email protected],
User Rank: Apprentice
10/24/2018 | 1:46:37 AM
Re: My grandfather's plaque
Interesting comment - thank you for sharing this thought with us.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/23/2018 | 10:53:28 AM
My grandfather's plaque
This article reminds me of a POINT 6: There is no limit to what a man can do or where he can if he doesn't mind who gets the credit."  Raymond Eisenhardt Sr. though quoted to Ronald Reagan and Robert W. Woodruff of Coca-Cola - plaque on their desk.  He had his firm cast that plaque.  Share credit and never stint it if is somebody else, and you wil go far. 
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14540
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2019-16332
PUBLISHED: 2019-09-15
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
CVE-2019-16333
PUBLISHED: 2019-09-15
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
CVE-2019-16334
PUBLISHED: 2019-09-15
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
CVE-2019-16335
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.