November 22, 2017 By Kevin Beaver 2 min read

This time of year, there’s a lot to be thankful for. There’s health, family, the economy — you name it, there’s plenty of good in the world. Looking beyond the usual things people give thanks for, there are also aspects of IT and information security that we can be grateful for. Because my work involves performing security assessments, which can emphasize the negative, I often overlook the positive elements of today’s technology.

Giving Thanks for Good Security

Now that I’m in the holiday spirit, here are some of the elements of today’s security landscape that we can be thankful for:

  • Talented administrators, analysts, engineers and developers working in corporate environments doing the day-to-day security oversight and improvement dirty work. Many of these people take their work very seriously and they’re doing everything they can to keep bad things from happening. I’m humbled every time I interact with people in these roles — I’m reminded of just how little I know and how much more I still have to learn in this field.
  • Employees and other network users who conduct their work while keeping an eye out for security concerns. No one wants to be the person who clicked the link that started the chain reaction of a security incident or breach. Most people want to follow security best practices, and the good ones understand they have a part in their network’s defense strategy. Think of all the bad things that have been stopped because of an attentive user. Sure, there are careless folks and some bad apples, but the fact that we’re not seeing more breaches than we are is a testament to the good intentions of all the people behind the keyboards.
  • Proactive security assessment tools, such as vulnerability scanners, source code analyzers and email phishing platforms that help us find the weaknesses so they can be addressed before the bad guys exploit them. Without such tools, we simply wouldn’t have enough time or skills to find all the flaws manually.
  • Security management tools such as intrusion prevention systems, security information and event management (SIEM) and data analytics at the network perimeter and in the cloud, as well as data loss prevention, cloud access security brokers and advanced malware protection at the endpoints guarding information assets along the way. Without these products, we couldn’t possibly keep everything in check.
  • The smart people working for the product and service vendors, as well as the consultants, auditors and forensics investigators who help us make sense of it all.
  • The business leaders who understand that security is more than just an IT issue and support longer-term initiatives in the spirit of true risk management.
  • Researchers who are continually finding new flaws, uncovering new information and creating open source tools.

… And for Worthy Opponents

And finally, I have one more thing to be thankful for:

  • The nation-states, cybercriminals and rogue insiders who keep IT professionals on our toes and working toward stronger defenses. If it weren’t for them, we’d have a lot less security-focused work to do, and we’d be even more vulnerable!

There’s a silver lining in everything. With the seemingly perpetual negativity surrounding security, there’s still a lot to be thankful for and admire in today’s environment. Our security challenges could be much, much worse if it weren’t for the human ingenuity and brainpower going into this field. Things will never be perfect, but at least there are some things we can look forward to as we take this journey.

Subscribe to the Security Intelligence podcast on itunes

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today