I was recently quoted in an article on my experience where firms and teams fell victim to venial sins, you know the classics (lust, gluttony, greed, sloth, wrath, envy, and pride). I found it fun to dig into my experience to categorize behaviors and thought the writer did a good job of maintaining the integrity of my comments. Check out the article here.
Reading through the comments posted I noticed an opportunity to expand beyond the sins of management to encompass ‘other’ sins. Of note: Focusing on the Short term; Not properly allocating resources to efforts, and poor communication. Perhaps our New Years resolution as security professionals should be to close the gap that exists between the customer and the underlying technology.
One point of expansion from the InfoWorld article – I mentioned an example where an update was occurring in an organization to a newer version of Oracle that would require new HW & SW to support the upgrade. A commenter correctly highlighted that Oracle would not need anything special to run with a ‘Xeon’; however, my client was actually having to deal with a huge jump in HW that required additional power (due to the 4 cores) and such carry-on costs. Thanks for highlighting what could be interpreted incorrectly!