So it’s old news (originally published in The New Yorker in May 2006), but this is an interesting read:  Game Theory.

I’m reading this essay, and all of the sudden I had a “wow” moment.  It all revolves around the complexity of information security and because it’s dependent on so many external factors, it’s hard to point to one indicator to say “this one thing makes or breaks an information security program.”

For some of us, this is disheartening.  What do you mean there’s not one prime directive in running a security program?  Surprise, it’s the “Magic/Silver Bullet” problem rehashed.

For the rest of us, this is fantastic.  What it means is that since it’s a security program is holistic–in the words of the old-school Perl hackers, TMTOWTDI:  There’s More Than One Way To Do It. 

You can gather metrics about all sorts of things, but at the end of this academic exercise, it comes down to what you really want to accomplish–the soft-skills to temper the hard science.

There still is a place for Bubba the Infantryman and Guerilla CISOs out there in the world.  These are people who know instinctively when to ignore the numbers and execute.

Yes, America, good strong leadership can trump adversity if you know how and when to apply it.

• Business Leadership Training
• Resume Gaps
• Cult Crossovers Into Information Security
• An Open Letter to the Next President of the United States
• Government Pre-Election Slowdown has Started