Better Security Conversations – Thoughts for a Series

As many PacketU readers know, I have held the role as a vendor SE for a couple of years. In this role, a primary function is to correctly position our products into customer environments. What I’ve come to realize is that many of our conversations actually start incorrectly. I think we need to change that. I will be sharing, as well as structuring, my own thoughts with an upcoming series of posts on security.

I firmly believe that products are only tools and we need to back up to better understand the problems we are trying to solve. One analogy I use on a regular basis when talking about autonomous vehicles is that “no one needs a car [they only need the transportation].” So if technology can provide autonomous cars, transportation can become a service instead of a depreciating asset in our garage. 

Although it isn’t a parallel thought or analogy, no organization needs an NGFW for the sake of owning an NGFW. There is a need to provide proper tools required to enable the organization’s security program. Thinking in these terms guides the conversations to a more appropriate solution. My goal with this upcoming series is to help anyone that touches cybersecurity have better conversations.

Ideally this will be a group effort and I welcome input from others. I will further structure my own thoughts as build out this series. I am certainly not all-knowing, but believe I have enough perspective to have value to the community of readers. Likewise, I would greatly appreciate others sharing their perspectives either via comments, social media, or articles on their own blogging platforms.

Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position of past, present or future employers.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in Design. Bookmark the permalink.

2 Responses to Better Security Conversations – Thoughts for a Series

  1. Antonio Hurtado says:

    I believe that security conversations were always an addon to every other tech conversation. Also they will always turn into a “sell by fear” speech that will sometimes work. Based on what you said, this will not change because one will not try to sell a FW but the need for security in case you get hacked IMHO.
    I’m vey willing to read your series as I always have followed your blog religiously.

    • Antonio,

      Thanks for the feedback and I agree. There is way too much FUD in the industry. I really think that many people need to start looking at security differently. That doesn’t mean they shouldn’t be very committed to a security program within their organization. It is about managing and mitigating risks, not fully eliminating it (because that is simply not possible).

      I think security should be more of a process 1) understanding why a security program matters to the organization, 2) understanding the environment and the risks to the business and 3) mitigating those to an beyond acceptable level. I’m just scratching the surface, but those are important key points.

      I don’t think we can fix everything with a series of articles. However, I would like to turn the typical discussions upside down.

      You bring up a very good point. If security is important to a given organization, why aren’t security teams engaged early and for the lifecycle of a system. It is an issue and it requires top down buy in of a security program.

      Stay tuned as I structure my thoughts and feel free to challenge me with your perspectives.

Comments are closed.