I was recently quoted in an article on my experience where firms and teams fell victim to venial sins, you know the classics (lust, gluttony, greed, sloth, wrath, envy, and pride). I found it fun to dig into my experience to categorize behaviors and thought the writer did a good job of maintaining the integrity of my comments. Check out the article here.
Reading through the comments posted I noticed an opportunity to expand beyond the sins of management to encompass ‘other’ sins. Of note: Focusing on the Short term; Not properly allocating resources to efforts, and poor communication. Perhaps our New Years resolution as security professionals should be to close the gap that exists between the customer and the underlying technology.
One point of expansion from the InfoWorld article – I mentioned an example where an update was occurring in an organization to a newer version of Oracle that would require new HW & SW to support the upgrade. A commenter correctly highlighted that Oracle would not need anything special to run with a ‘Xeon’; however, my client was actually having to deal with a huge jump in HW that required additional power (due to the 4 cores) and such carry-on costs. Thanks for highlighting what could be interpreted incorrectly!
Best,
James DeLuccia
2 responses so far ↓
Kevin // January 8, 2009 at 4:50 pm |
I’m pretty sure that the sins you mentioned are mortal sins. If I remember correctly, venial sins are things that are bad, but do not put your soul in a state of damnation.
pcidss // January 8, 2009 at 5:09 pm |
Kevin,
Indeed you are correct. Thanks for the correction!
James