How Information Security Professionals Are Different

The gist of how regular people differ from security professionals in their perspectives on activities that affect information security:

My conclusion: While there’s the need to control the actions that might put the organization’s data and compliance at risk, a security program should be designed with the assumption that people will find ways around security measures to get work done in a way that suits them best.

About the Author

Lenny Zeltser is a cybersecurity leader with deep technical roots and product management experience. He created REMnux, an open-source malware analysis toolkit, and the reverse-engineering course at SANS Institute. As CISO at Axonius, he leads the security and IT program, focusing on trust and growth. He writes this blog to think out loud and share resources with the community.

Learn more →