A Step Inside the Guerilla CISO’s Mind

Posted July 31st, 2008 by

I toyed for several years about making an infosec hall of shame.  Like seriously, I already had some candidates, you know who most of them are, it’s the same as the Washington Post Front-Page Metric.

Hall of Fame, Hall of Shame

Hall of Fame, Hall of Shame photo by leafar.

And my friends and I had some other nummy tidbits from our travels out and about, doing this stuff in the place where theory meets the realities of implementation.

Now if you look around on The Guerilla CISO, you’ll find that I don’t have a Hall of Shame.  I eventually decided not to have one after much deliberation, and the reason is this:  If you have key decision-makers that are removed or abstracted from the impacts of the decisions that they make, it is not fair to publicly humiliate the people who have to live with the implementation of the decisions.

And for better or worse, that’s the way the Government’s security model (and many other things) works.

Similar Posts:

Posted in The Guerilla CISO | 3 Comments »

3 Responses

  1.  bambijihad Says:

    As a Government CISO, it is an even worse idea to have a Hall of Shame. More often than not, it was your own policies and posture that allowed the dreaded transgression to occur.

  2.  Darren Couch Says:

    Sage, very sage. Seems I’m dealing with this more and more as our new systems go online here and are broken by the DSCIM and CSSAMO turf battles.

  3.  Darren Couch Says:

    Left with links

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Visitor Geolocationing Widget: