Your Enterprise has too many Cyber-ish People

Cyber has been called the ultimate team sport: CIOs, CTOs, SysAdmins, Software Developers, CISOs, threat teams, red teams, testing groups, etc. etc, but really should it be? It seems more like a jobs program that moves headcount from one part of the enterprise to the expensive nerdy-side.

Sitting through a number of presentations at various cyber conferences recently I'm struck that many enterprises cyber security planning comes down to having 'the best people' doing really pretty boring jobs. Jobs like keeping software updated, tracking down holes in the firewalls, waiting for alarms to go off, being fed alerts about out-of-date software: in short lots of controlled firefighting. But it all seems like enterprises are just working harder (and expensively) by throwing more people at the problem - instead of finding new ways of doing their business securely.

Programmable meat is expensive, fallible and has to sleep. We need to use technology and change processes to manage the problems that technology can create. Streaming lining software development and deployment, DevOps can help, but needs to go further by automating as much as possible inside the enterprise. As well as perhaps outsourcing large parts of the enterprise that don't add value or aren't core to the business.

So: constrain funding! Figure out how to secure your enterprise with half the staff, because as enterprise software use accelerates (doubles over the next 24 months?) thats the future: double the demand with half the supply (and maybe the North Koreans living inside your network).

John Scott

John Scott (Code Intel) is the leader in the Defense industry around the commingled issues of cyber, software & technology development and deployment, software, intellectual property and acquisitions. He is focused now on automating and managing the enterprise cyber tools and the software supply chain. John drafted the U.S. Department of Defense policy for the use of open source software and is often called as an expert in this area. He founded Open Source for America, an advocacy group for use of open source software in government and the Military Open Source Software Working Group (http://mil-oss.org/). He holds a BS in Mechanical Engineering from Lehigh University and an MS in Systems Engineering from Virginia Tech and writes about defense software and acquisitions related issues, most recently at the Wall Street Journal “Send in the Tech Reinforcements” - 2/11/13
http://powdermonkey.blogs.com/
http://about.me/jms3
@johnmscott

Leave a Reply