November 22, 2017 By Kevin Beaver 2 min read

This time of year, there’s a lot to be thankful for. There’s health, family, the economy — you name it, there’s plenty of good in the world. Looking beyond the usual things people give thanks for, there are also aspects of IT and information security that we can be grateful for. Because my work involves performing security assessments, which can emphasize the negative, I often overlook the positive elements of today’s technology.

Giving Thanks for Good Security

Now that I’m in the holiday spirit, here are some of the elements of today’s security landscape that we can be thankful for:

  • Talented administrators, analysts, engineers and developers working in corporate environments doing the day-to-day security oversight and improvement dirty work. Many of these people take their work very seriously and they’re doing everything they can to keep bad things from happening. I’m humbled every time I interact with people in these roles — I’m reminded of just how little I know and how much more I still have to learn in this field.
  • Employees and other network users who conduct their work while keeping an eye out for security concerns. No one wants to be the person who clicked the link that started the chain reaction of a security incident or breach. Most people want to follow security best practices, and the good ones understand they have a part in their network’s defense strategy. Think of all the bad things that have been stopped because of an attentive user. Sure, there are careless folks and some bad apples, but the fact that we’re not seeing more breaches than we are is a testament to the good intentions of all the people behind the keyboards.
  • Proactive security assessment tools, such as vulnerability scanners, source code analyzers and email phishing platforms that help us find the weaknesses so they can be addressed before the bad guys exploit them. Without such tools, we simply wouldn’t have enough time or skills to find all the flaws manually.
  • Security management tools such as intrusion prevention systems, security information and event management (SIEM) and data analytics at the network perimeter and in the cloud, as well as data loss prevention, cloud access security brokers and advanced malware protection at the endpoints guarding information assets along the way. Without these products, we couldn’t possibly keep everything in check.
  • The smart people working for the product and service vendors, as well as the consultants, auditors and forensics investigators who help us make sense of it all.
  • The business leaders who understand that security is more than just an IT issue and support longer-term initiatives in the spirit of true risk management.
  • Researchers who are continually finding new flaws, uncovering new information and creating open source tools.

… And for Worthy Opponents

And finally, I have one more thing to be thankful for:

  • The nation-states, cybercriminals and rogue insiders who keep IT professionals on our toes and working toward stronger defenses. If it weren’t for them, we’d have a lot less security-focused work to do, and we’d be even more vulnerable!

There’s a silver lining in everything. With the seemingly perpetual negativity surrounding security, there’s still a lot to be thankful for and admire in today’s environment. Our security challenges could be much, much worse if it weren’t for the human ingenuity and brainpower going into this field. Things will never be perfect, but at least there are some things we can look forward to as we take this journey.

Subscribe to the Security Intelligence podcast on itunes

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today