Saying Something Nice About Information Security

Opportunities and reasons for complaining about the state of information security are plentiful. Yet, life goes on despite the various doom’s day scenarios that have been predicted for our organizations, networks, computers and applications. Seeing how easy it is to get stressed out about information security, it may be worth to outline a few things that seem to be working OK in the industry:

  • Internet users are becoming increasingly aware of information security risks and of the need to be cautious during on-line interactions. Mainstream news discusses security breaches, attacks and precautions more often now than a just few years ago.
  • Operating systems and client-side applications are strengthening their security posture. Just compare the security posture of Windows 8, Office 2015, Adobe Reader XI and Google Chrome to that of their predecessors.
  • Security compliance regulations and contracts, despite all their faults, are causing companies to pay greater attention to protecting data than they probably would have otherwise.
  • Information about security incidents is increasingly available, in part due to the data breach notification laws. This helps us understand the nature of Internet attacks and defenses.
  • Security products, such as antivirus tools, are incorporating smarter algorithms to decrease their reliance on static signatures to identify attacks and malicious artifacts.
  • The information security community is collaborating much more than now than in the past, using blogs, online social networks, formal and informal gatherings, industry groups, etc. This helps us learn from each other.
  • The information security profession is seeing an infusion of newcomers who seek to expand their professional responsibilities and bring new backgrounds and perspectives to the world of infosec.

Do you have something nice to say about information security? Perhaps the non-security video above from Improv Everywhere will inspire you.


About the Author

I transform ideas into successful outcomes, building on my 25 years of experience in cybersecurity. As the CISO at Axonius, I lead the security program to earn customers' trust. I'm also a Faculty Fellow at SANS Institute, where I author and deliver training for incident responders. The diversity of cybersecurity roles I've held over the years and the accumulated expertise, allow me to create practical solutions that drive business growth.

Learn more