Well its been another great week in cyberspace.  Yes I jest.

This week I got a call from an "Expert in Cyber security".   I hung up after 45 seconds since I consider the term "Expert in Cyber security" a double nested contradiction in terms!  (Ok. It wasn't really 45 seconds but it was as quick as I could while being relatively polite.  I was introduced once as an "Expert in Cyber security".  I insisted the introduction be retracted before I started my talk.)

Folks, I don't see many things getting better.  Consultants like to talk about industry best practices.  Speaking from experience, most companies who have been breached thought they were doing industry best practices in cyber defense at the time.  AND THEY STILL GOT BREACHED.  HELLO?

Lets stop fooling around and lets dump the term industry best practice.  Lets call it what it really is INDUSTRY MOST PREVALENT PRACTICES.  Not best, just prevalent.  Ok?

So we have been talking about paradigms, Thomas Kuhn, Scientific reductionist thinking, Descartes, Bacon, and the fact that our current cyber defense model is in crisis.  That model, the current dominant paradigm, what everyone tells their auditors is that all assets can and are being equally defended through the use of a common perimeter.  Think about that.

If you are a front line practitioner, you are under funded and over worked.  You bought the latest tool sets only to find they came complete with unintended consequences.

No wonder you are under funded.  All funding flows from internal audit.  They are being told the current paradigm of uniform defense through a common perimeter.  So why would you need more money?

I really love it when clients tell me how important this all is because the have to brief their board of directors. Seriously?

In my talks I sometimes use this photograph

When it comes to malicious cyber activity, many companies think the bad guys have entered our safe environment.  You might consider that actually we are doing business in their world.  Think about it.

If you could actually defend your assets perfectly, what would you do and what would you do differently?

Stay tuned.