This time of year, there’s a lot to be thankful for. There’s health, family, the economy — you name it, there’s plenty of good in the world. Looking beyond the usual things people give thanks for, there are also aspects of IT and information security that we can be grateful for. Because my work involves performing security assessments, which can emphasize the negative, I often overlook the positive elements of today’s technology.

Giving Thanks for Good Security

Now that I’m in the holiday spirit, here are some of the elements of today’s security landscape that we can be thankful for:

• Talented administrators, analysts, engineers and developers working in corporate environments doing the day-to-day security oversight and improvement dirty work. Many of these people take their work very seriously and they’re doing everything they can to keep bad things from happening. I’m humbled every time I interact with people in these roles — I’m reminded of just how little I know and how much more I still have to learn in this field.
• Employees and other network users who conduct their work while keeping an eye out for security concerns. No one wants to be the person who clicked the link that started the chain reaction of a security incident or breach. Most people want to follow security best practices, and the good ones understand they have a part in their network’s defense strategy. Think of all the bad things that have been stopped because of an attentive user. Sure, there are careless folks and some bad apples, but the fact that we’re not seeing more breaches than we are is a testament to the good intentions of all the people behind the keyboards.
• Proactive security assessment tools, such as vulnerability scanners, source code analyzers and email phishing platforms that help us find the weaknesses so they can be addressed before the bad guys exploit them. Without such tools, we simply wouldn’t have enough time or skills to find all the flaws manually.
• Security management tools such as intrusion prevention systems, security information and event management (SIEM) and data analytics at the network perimeter and in the cloud, as well as data loss prevention, cloud access security brokers and advanced malware protection at the endpoints guarding information assets along the way. Without these products, we couldn’t possibly keep everything in check.
• The smart people working for the product and service vendors, as well as the consultants, auditors and forensics investigators who help us make sense of it all.
• The business leaders who understand that security is more than just an IT issue and support longer-term initiatives in the spirit of true risk management.
• Researchers who are continually finding new flaws, uncovering new information and creating open source tools.

… And for Worthy Opponents

And finally, I have one more thing to be thankful for:

• The nation-states, cybercriminals and rogue insiders who keep IT professionals on our toes and working toward stronger defenses. If it weren’t for them, we’d have a lot less security-focused work to do, and we’d be even more vulnerable!

There’s a silver lining in everything. With the seemingly perpetual negativity surrounding security, there’s still a lot to be thankful for and admire in today’s environment. Our security challenges could be much, much worse if it weren’t for the human ingenuity and brainpower going into this field. Things will never be perfect, but at least there are some things we can look forward to as we take this journey.

Subscribe to the Security Intelligence podcast on itunes