Veterans can sometimes be like cross-fitters and vegans-if you haven’t figured out who they are in the first five minutes of speaking with them, they will most likely tell you within the next five minutes of your conversation. Take me for instance, I’m a clean-eating combat veteran with a respectable 4-minute Fran time myself. See what I did there? I hope you’ll give me a pass.
Understanding current security posture is paramount in any military unit, so please allow me to parallel that perspective with the private sector. The ability to secure yourself, your organization, data, clients, and co–workers is based on defined and proven fundamentals that are learned over time and built through experience, failure, growth, and real-world engagements.
Taking an objective view of the private sector’s approach to security, I believe these fundamentals are often overlooked. Next generation appliances, cloud-based identity correlation engines, and other leading security solutions, are remarkable tools with immense processing power, engineering backbone, and capabilities. However, introducing these tools as a panacea for corporations’ security concerns when IT hits the fan is akin to outfitting an 18 year-old straight out of boot camp with advanced tactical gear and expecting him to perform like a pro. The recruit may want to look high speed, but that is folly and a sure way to get him maimed or killed. It’s smarter to focus on the basics and build from there.
Experience is the most valuable attribute on any battlefield. My grandfather was an enlisted man in World War II, and at my commissioning ceremony, after rendering me my first salute as a 2nd Lieutenant, he told me something that saved my life and I will never forget: “Keep your eyes up, your butt down and listen to your NCOs.” For those of you not familiar with the term “NCO,” it stands for Non-commissioned Officer, also known as the backbone of the Army–the professional soldiers who do the job every day and help keep young officers on the right path. Security is built on fundamentals, and purchasing the latest and greatest security appliances stacks unnecessary complexity on an already struggling operator.
In the Army, soldiers and leaders have the opportunity to be broken down to their core, then rebuilt and consistently tested. In schools such as those for Special Forces and Rangers, soldiers have everything but the basic tools removed. They are given the opportunity to succeed or fail based on the fundamental skill sets they have developed through experience and training. Judgment is tested and they are assessed by those who were previously in the same position. They either have it or they don’t, and layering technology onto a fundamentally ill-equipped soldier will not remediate basic flaws in his grit or character.
Everyone striving to improve or implement security policies within their IT environment would do well to embrace a similar perspective. Evaluate your base understanding, continually peel back the layers of your organization’s security practices, and apply the fundamentals upon which they are based. Ask the uncomfortable questions, because pretending that everything is ok does not make it so when the enemy is at the gate.
If you need help, or want to have a candid dialog about security and its fundamentals, engage Quest. Our Security Workshop and Security Policy Review offer an unbiased tabletop analysis of the capabilities your organization has and those it does not. More importantly, Quest will work with you to maximize your time and investments while prioritizing and documenting actionable recommendations.
Like the professional soldier, we do this job every day based on sound fundamentals learned from real–world engagements–it’s experience we’ve embraced. So should you.