Posted February 23rd, 2007 by

Maybe it’s just the DC area.  Every good security person I know here is very confrontational.  We just like to argue.  Some days I feel like it’s a slow morning, so I just walk around and stir the pot, knowing that some good conflict will rise to the top.

I think it has to do with the following factoid: security is the conflict between economics, paranoia, and useability.  We have to be able to manage the tradeoffs between these 3 corners of the triangle.  The good people understand the nature of this and realize that sometimes it’s not really a security problem–its a client education problem, it’s an auditor problem, it’s a personality conflict, etc.

So how do we conclude an argument?  Well, I know 2 people right now that when I’m around both of them, we can talk for hours debating the particular merits of one viewpoint or another.  The way we stop the disagreement is to mention risk.  Once we do that, the game is over.  Once I can pin the actual risk (versus the perceived risk, but that’s another story), then there is nothing to talk about anymore–we have rounded the corner on that topic and there isn’t anything else to debate.

Similar Posts:

Posted in Odds-n-Sods, Risk Management | No Comments »

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Visitor Geolocationing Widget: