A young security professional approached me the other day, looking troubled.
“I’m having difficulty,” he said, “explaining to our clients the unique challenges of implementing cybersecurity plans and practices, especially in organizations that don’t currently have a culture of security – and then, once we introduce these security controls, how to get employees to comply.”
“Ahh yes. One of the biggest challenges you’ll face in this field,” I told him, “is convincing them to feed the right wolf.”
A look of confusion spread across face. I continued.
“You see, a fight is going on inside every organization. A vicious battle, in fact, and it is between two wolves. One wolf is convenience – he is complacency, confusion, laziness. He is indifference and never considers the risk of any of his day to day actions – i.e. using email, mobile devices, wireless networks, social media – even physical security and social engineering risks.”
“Um, wait… wolves can’t use ema-”
“Do not interrupt me.” I said. “ANYwho… where was I? Oh, right…. now, the other wolf is mindfulness – he is situational awareness, operational security, risk-based security controls and understands the threats/risks of using technology and therefore incorporates a security-minded approach to his day-to-day tasks, at home and at work.”
“The same fight, in fact, is going on inside every one of our clients, inside you – and inside every other person, too.”
He mulled this over for a couple of minutes. “Yes, its true!” he said, excitedly. “But… you didn’t tell me which wolf will win??”
I simply told him, “The one you feed.”
Adapted, obviously, from the Tale of Two Wolves
Gary Braglia is a Security Specialist at GreyCastle Security with over 10 years of experience as an IT professional. Gary began his career as an application developer with the NYS Office of Information Technology Services (ITS), is a graduate of SUNY Albany with a Master’s degree in Information Science (M.S.I.S.) and the owner of industry-recognized certifications including Tenable Certified Network Auditor (TCNA) and CompTIA Security+.
At GreyCastle, Gary consults with clients in a wide range of security domains, including penetration testing, vulnerability assessments, security assessments, network security, application security and policy development.