What do you think this is?

Just thoughts of a restless mind...

Training headaches

I appreciate training and am always eager to learn something new, but I have yet to settle on a preferred form of instruction. However, there is one that I find particularly challenging, and since I've recently been considering the possibility that the effectiveness of the security training and awareness we provide may vary depending on the mode of delivery, I thought I would write down my thoughts. Here are my personal choices.

Steps in no-man's land

Some major breaches have seen the light of day lately, and everybody agrees that they will keep coming. I don't believe you will find any security professional respecting himself to tell you that this will stop. The reasons are many, but the most important one is the (lack of) security design. Systems, processes and services have been moving to production without security design for years. And unfortunately in many cases they still do.

In our (security) profession it is becoming common to jump on each other's throat; and the result is the public blaming of the CISO involved - like leaving them alone to take some hard steps in the middle of no man's land.

A Star leader or a Star Wars leader?

Even if you're living in a galaxy far, far away, you're probably familiar with the scene: In an imperial star ship, a lower ranked Admiral talks to Darth Vader. Darth Vader disagrees, turns to his higher ranked General and says "General Veers, prepare your men". General turns to his Admiral and says "Admiral"... That's all!

No two managers are worth the same

It is not uncommon that I see job advertisements with specifically stated salary ranges. It is actually a good thing, as it allows potential and interested employees to know if they want to get a job with that amount, before they apply. It is also very common that recruiters ask for salary expectations during the introductory phone call; before the actual candidate evaluation. Obviously this is driven by the salary range that the hiring company has set to them and they want to minimize the time wasted in a candidate whose salary expectations are not within this range.