So I’ve been getting a few emails and tweets lately. It seems there has been much speculation around my whereabouts and lack of online activity. Some have said that I’ve returned to my home planet. Others have said that I have lost out to my arch nemesis the Sarcastic one,
All these rumours aside, all my PR agent is allowing me to say right now is, “no comment”.
Anyway, one thing that keeps cropping up from time to time is the question as to why I don’t blog much about information security anymore. Well, the truth is:
a. When you talk about something all day, you sometimes don’t want to blog about it too.
b. The art of information security is not in discussion information security.
Allow me to explain using convoluted analogies and examples.
Why do they put brakes in cars? If you answered “to make you stop”, you’re kind of wrong. The correct answer is, they put brakes in cars so that you can go faster. It’s kind of an upside down world. Few people ever ask how good are the brakes on a new car. They’re more concerned about acceleration and torques and fuel consumption.
In many ways, security is similar. No-one really asks their bank how secure their processes and systems are. But security, when implemented properly helps the business move faster and make more money. It reduces inefficiencies and helps you isolate problem areas before they occur.
However, unlike brakes, security doesn’t just bolt onto a business. It’s a mindset that has to intricately weave its way through the very fabric of an organisation. That means not just having the tools in place, but educating staff, partners and customers about the importance and value of security. It’s a journey you must take everybody on.
Now, you may be thinking, “he’s talking about security awareness training” and you’re right. But not the kind you’re used to.
Security doesn’t need to be IN YOUR FACE, with an arrogant consultant imposing his technical wizardry onto you. Or posters warning you that you could be faced with disciplinary action if you don’t lock your machine when walking away from it. Rather, it can be subliminal and fun, engaging and entertaining.
Barclays Bank has been leading the way in some innovative and fun ways to raise security awareness. A couple of years ago they had an award-winning series of comedy videos made by Twist & Shout that showed a lighter side to awareness training. This year they published a book, which is a collection of short stories and articles, which at first glance don’t even appear to be related to information security. But leave a far more lasting impression than any other awareness material generally does.
I’m not quite sure what any of that has to do with my original bit about not being active online. But enjoy this promotional trailer made by Twist & Shout. They make some great awareness videos – even if I am a bit biased ‘cos Jim is a good friend of mine and there’s a good looking hacker in this vid.