Although the subject of information security is a very serious one, sometimes we take ourselves a bit too seriously. When I wrote my first book and put it under a publisher’s nose, she said that she loved it! To quote her, “I love your writing style! It’s engaging, fun, and easy to follow. Too bad we wouldn’t be able to sell a single book.”
She was referring to the fact that I was aiming the book at the executive layer. My intent was to write a book that made security concepts easy for executives to place within the context of business requirements. I was trying to make it easier for them to understand what it was we were trying to do and why it was important so they could make better decisions.
I was also trying to make it easier for them to spot a “poser” so as to reduce the amount of bullshit that was flooding into our solution space. Instead of waiting for the next disaster, I was hoping I could get them ahead of the curve. Unfortunately, it seemed that Robert Ludlum and Tom Clancy were a tad more popular then your garden-variety security geek.
So be it.
With that bit of advice tucked in a warm dark place, I wrote Endpoint Security. (A fantastic read by the way!) Alas, I’m still waiting for the groupies.
So, instead of droning on about solutions, vulnerabilities, risk, and how bad things are, I’m going to try a different path. I’m still going to ask hard questions, but I’m going to do it by telling some stories about how these things will affect our lives, and possibly our futures. I’m going to try to put myself in the place of the people that will be affected by our failures and try to tell their stories of how it impacted their lives and the people around them.
In short, I’m trying to get people to relate. We can build a better solution if everyone can see the possible future outcomes of not caring about it now.
So I give you our first story about how big data can go very very wrong.