I toyed for several years about making an infosec hall of shame. Like seriously, I already had some candidates, you know who most of them are, it’s the same as the Washington Post Front-Page Metric.
Hall of Fame, Hall of Shame photo by leafar.
And my friends and I had some other nummy tidbits from our travels out and about, doing this stuff in the place where theory meets the realities of implementation.
Now if you look around on The Guerilla CISO, you’ll find that I don’t have a Hall of Shame. I eventually decided not to have one after much deliberation, and the reason is this: If you have key decision-makers that are removed or abstracted from the impacts of the decisions that they make, it is not fair to publicly humiliate the people who have to live with the implementation of the decisions.
And for better or worse, that’s the way the Government’s security model (and many other things) works.
- An Informal Study on the Literacy Level of Security Blogs–We All Get Pwned by Amrit
- It’s a Blogiversary
- In Which Our Protagonist Discovers We Need More Good Public Policy People Who Understand Security
- Working with Interpreters, a Risk Manager’s Guide
- Federal CIO Council’s Guidelines on Security and Social Media