Our good friend, Aaron Bedra, posted a fantastic piece at the Braintree Blog this morning about building a security culture. I thought the piece was so well done that I wanted to share it with you.
The best part of the article, for me, was the content about finding creative ways to say yes. IMHO, all too often, infosec folks get caught up in saying no. We are the nay sayers, the paranoid brethren and the net cops. But, it doesn’t have to be that way. It might take a little (or even a LOT) of extra work, but in many cases ~ a yes is possible ~ IF you can work on it and negotiate to a win/win point with the stakeholders.
Take a few minutes and think about that. Think about how you might be able to get creative with controls, dig deeper into detection, build better isolation for risky processes or even make entirely new architectures to contain risk ~ even as you enable business in new ways.
In the future, this had better be the way we think about working with and protecting businesses. If not, we could find ourselves on the sideline, well outside of the mainstream (if you aren’t there already in some orgs).
Great work Aaron and thanks for the insights.