Humans are creatures of energy conservation; it is baked into our DNA as part of our natural survival instincts, this natural tendency is what lead us to invent tools to help us get more done with less effort.We are always looking for ways to make things easier on ourselves, usually with little to no regard for the long-term impact of such a convenience. This is true in every part of the human experience but it's magnified 100 times in the world of information and cyber security. The reason that “Easy button” marketing works is because we all want an easier path to the win, the problem is hard work is not easy, no magic button or set of technology can eliminate hard work. it can evolve it, move it, reduce it, but all we are doing is shuffling the hard work to some other place or person.For example, when we go to the grocery store it is easy to pick up our produce, meat, our prepackaged and prepared meals and put it in our cart. Very rarely do we stop to think of all the people involved, and the very hard work they put in to get that food on the shelf. Growing food is hard work, running the logistics to get that food from the farm to the store is hard work even with the help of machines and computers.Information and cyber security are no different, it takes a ton of hard work to do it right, we preach that the enemy of good information security is complexity, so then simple is its ally, easy right?Simple is not easy simple is a ton of hard work, it is asking tough questions, digging for answers, it is building understanding, communication, documentation, trial, and error. Now knowing that humans prefer to limit the amount of hard work they do, to conserve energy incase they need to run away from a saber tooth tiger, or some other primal drivers, how do we shift this paradigm?We do not ask enough of the right questions; we are in a hurry to find a solution that will make it easier on us to accomplish our goals, we need to do a better job of connecting on that primal level and showing that doing the hard work saves energy and resources in the long run.For me this begins with speaking simply to the business, avoiding technical terms as much as possible, showing that I am as invested in helping them to conserve energy as they are, working hard to understand the business driver and value behind the ask, helping them to identify existing solutions that meet their needs, without needing to add another magic button to the environment, that will most certainly not be magic or easy. Helping them to understand the impact later to convenience now.Most business leaders will not want to create a situation in the future where the business is unable to function because someone wanted one less step in their day.All this and more on the Security Shit Show Thursday at 2100 Mountain/2200 Central
Podden och tillhörande omslagsbild på den här sidan tillhör InfoSec Missionaries. Innehållet i podden är skapat av InfoSec Missionaries och inte av, eller tillsammans med, Poddtoppen.