November 22, 2017 By Kevin Beaver 2 min read

This time of year, there’s a lot to be thankful for. There’s health, family, the economy — you name it, there’s plenty of good in the world. Looking beyond the usual things people give thanks for, there are also aspects of IT and information security that we can be grateful for. Because my work involves performing security assessments, which can emphasize the negative, I often overlook the positive elements of today’s technology.

Giving Thanks for Good Security

Now that I’m in the holiday spirit, here are some of the elements of today’s security landscape that we can be thankful for:

  • Talented administrators, analysts, engineers and developers working in corporate environments doing the day-to-day security oversight and improvement dirty work. Many of these people take their work very seriously and they’re doing everything they can to keep bad things from happening. I’m humbled every time I interact with people in these roles — I’m reminded of just how little I know and how much more I still have to learn in this field.
  • Employees and other network users who conduct their work while keeping an eye out for security concerns. No one wants to be the person who clicked the link that started the chain reaction of a security incident or breach. Most people want to follow security best practices, and the good ones understand they have a part in their network’s defense strategy. Think of all the bad things that have been stopped because of an attentive user. Sure, there are careless folks and some bad apples, but the fact that we’re not seeing more breaches than we are is a testament to the good intentions of all the people behind the keyboards.
  • Proactive security assessment tools, such as vulnerability scanners, source code analyzers and email phishing platforms that help us find the weaknesses so they can be addressed before the bad guys exploit them. Without such tools, we simply wouldn’t have enough time or skills to find all the flaws manually.
  • Security management tools such as intrusion prevention systems, security information and event management (SIEM) and data analytics at the network perimeter and in the cloud, as well as data loss prevention, cloud access security brokers and advanced malware protection at the endpoints guarding information assets along the way. Without these products, we couldn’t possibly keep everything in check.
  • The smart people working for the product and service vendors, as well as the consultants, auditors and forensics investigators who help us make sense of it all.
  • The business leaders who understand that security is more than just an IT issue and support longer-term initiatives in the spirit of true risk management.
  • Researchers who are continually finding new flaws, uncovering new information and creating open source tools.

… And for Worthy Opponents

And finally, I have one more thing to be thankful for:

  • The nation-states, cybercriminals and rogue insiders who keep IT professionals on our toes and working toward stronger defenses. If it weren’t for them, we’d have a lot less security-focused work to do, and we’d be even more vulnerable!

There’s a silver lining in everything. With the seemingly perpetual negativity surrounding security, there’s still a lot to be thankful for and admire in today’s environment. Our security challenges could be much, much worse if it weren’t for the human ingenuity and brainpower going into this field. Things will never be perfect, but at least there are some things we can look forward to as we take this journey.

Subscribe to the Security Intelligence podcast on itunes

More from CISO

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today