Sunday, August 28, 2011
Give and Take
The cyber security community is a community built almost entirely on trust. This is especially true in the Security Operations Center (SOC)/Incident Response (IR) world. Relationships are built over time through a give and take. In other words, an organization should expect to give to the community before expecting to take from the community. At the very least, an organization should attempt to truly understand the community and its nature before attempting to wedge in. It amazes me how many organizations attempt to take from the community with no history of or intention of giving anything back. The SOC/IR community is a close knit one, and this type of behavior is often perceived as untrustworthy and/or exploitative. Needless to say, these types of organizations aren't very successful in making any headway in the community. Perhaps what amazes me even more is how surprised some of these organizations are by the lack of progress, despite being advised to the contrary. I believe the psychological term for this type of behavior is "cognitive dissonance".