When I attend conferences, I'm always amazed at how many of the talks hype up the challenges and problems facing the information security community. Some of these talks remind me more of a Las Vegas show than a serious security talk. In my experience, most security professionals are already well aware of many of the challenges, as they face them head-on daily. Granted, there is a place for raising awareness, both within and outside the security community. For example, business executives may not be aware of the risks, dangers, and challenges facing their organizations from a security perspective. In my opinion, there are better forums than a security conference to educate those audiences. Similarly, within the security community, there are always new topics about which we need to be educated. Unfortunately, I'm not seeing a lot of that these days, but rather, a lot of the same stuff given over again. In my opinion, part of the reason this occurs is that people don't have a lot of great answers, and so it's just easier to discuss the hype. Unfortunately, that won't solve any operational security problems for us.
Year after year, the consensus from the operational side seems to be "throw me a bone." In other words, enough of the hype -- give me some practical, sensible, tangible advice and insights that I can evaluate and consider implementing. This blog, and other blogs, forums, and publications like it, strive to provide that practical, sensible, and tangible advice that operational users want to hear. But sometimes, it is difficult for the "hands-on" information to be heard above the marketing, noise, and hype that pervades our profession.
FUD, marketing, and entertainment, unfortunately, will probably always get the press and lauds. Fortunately, news readers, strong peer networks, and trusted information sharing communities provide us good tools that we can use to share and consume the information we really need. My hope is that talks will become less hype and more hands-on in the coming years, but either way, we'll likely have to keep throwing each other those bones.
Year after year, the consensus from the operational side seems to be "throw me a bone." In other words, enough of the hype -- give me some practical, sensible, tangible advice and insights that I can evaluate and consider implementing. This blog, and other blogs, forums, and publications like it, strive to provide that practical, sensible, and tangible advice that operational users want to hear. But sometimes, it is difficult for the "hands-on" information to be heard above the marketing, noise, and hype that pervades our profession.
FUD, marketing, and entertainment, unfortunately, will probably always get the press and lauds. Fortunately, news readers, strong peer networks, and trusted information sharing communities provide us good tools that we can use to share and consume the information we really need. My hope is that talks will become less hype and more hands-on in the coming years, but either way, we'll likely have to keep throwing each other those bones.