Two years ago (estimated), the security industry started making ground on the rift between management/business and the geeks in the security operations center. This rift is being reduced much to everyone’s relief.
But I wonder if this is at the expense of a rift growing between the security experts involved with the business side and the geeks in the security operations center…
This whole business about the DNS exploit smacks of a fundamental breakdown change in priorities, or a very distinct rift between two groups who used to be very much in agreement.
Profitability of crime is a result of the maturation of the malicious attacker. Is this rift a result of the maturation of the security industry?
It could be the result of a stronger focus on risk, which itself appears to be a juxtaposition of a business sense and technical background.
It could be the result of an aging (but not old) set of geeks growing into more business-side positions, similar to those hackers who fought against The Man growing up, taking a job, and becoming The Man.
Nonetheless, I’m convinced there is some rift or change that has subtly occurred that is resulting in this not-so-subtle dogmatic difference. I’m just attempting to better understand it so I won’t be so easily peeved about it. 🙂 And so I can make sure that I, as a person and a security guy, can act consistently no matter how unhyped or overhyped an incident is. (If you know my personality type, you’d understand that sentiment; or as Emerson would say, “Know thyself.”)