Tempering Security’s Knee Jerk Reaction to Warn of Impending Doom
“When an organization wants to embrace a new technology or a way of doing things, the first thing a security person says is ‘Whoa, let’s step back. Let’s be careful. Let’s think about this. There’s going to be security problems,’” said David Mortman (@mortman), chief security architect for Dell Software, in our conversation at Security BSides Las Vegas.
The problem that both Mortman and I realized is that security will often warn of doom on anything. Instead of being the roadblock, be the seat belt or the crash helmet, suggested Mortman who understands with the rate of technology change, companies have to take more and more risk in order to stay competitive.
Using the analogy of a chair with two, three, and four legs, Mortman and I chatted about how security people can reframe their response that better helps the business understand the risks they’re getting into.
“Get out of the way of the business. Let the business do what it needs to do but be there with the first aid kit,” said Mortman. “Be there as both the personal trainer and the medic.”