NOT certain I could say it any better myself….
From the Chris Hoff”s blog
The “Cloud Security, Meh!” crowd are an interesting bunch. They don’t seem to like change much. To be fair, they’re not incentivized to. However, while difficult, change is good…it just takes a lot to understand that some times.
It occurs to me that if we expect behavior to change in the way in which we approach “security,” it must start with a reset of expectations surrounding how we evaluate outcomes, how we’re measured, and most importantly the actual security leadership itself must change.
Most seasoned CxOs these days that have been in the business for 15+ years are in their late 30?s/early 40?s. Most of “us” — from official scientifical research I have curated [at the bar] — came from System Administrator/Network Administrator roles back in the 80?s/90?s.
…
This change…it’s natural. It’s evolution, and patterns like these repeat (see the theory of punctuated equilibrium) even in the face of revolution. It’s messy.
More often than not, it’s not the technology that’s the problem with “security” when we hit one of these inflection points in computing. No, it’s the organizational, operational, cultural, fiscal, and (dare I say) religious issues that hold us back. Innovation breeds more innovation unless it’s shackled by people who can’t think outside of the box.
That right there is what defines a dino/plesio/mosa/ptero-saur.
Come to think of it, maybe we do need an OpSec extinction-level event to move us forward instead of waiting 20 years for the AARP forced slide to Florida.
Or, in the words of Gunny Highway from Heartbreak Ridge, we must “Improvise, adapt and overcome.”
If that’s not a DevOps Darwinian double-entendre, I don’t know what is 😉
Don’t be a dinosaur.
Leave a Reply
You must be logged in to post a comment.