The intent of this blog is to be provocative. That is, ..... to provoke defensive cyber professionals into challenging their dominant paradigms around security. Remember a paradigm is what we think about something before we think about it.
Think along with me for a second.
Have you ever made a mistake? In anything . . . . work, family, relationships, neighbors ?
Raise your hand if you have ever made a mistake. (Be honest).
Ok. So after you made a mistake, did you ever say to yourself, "No matter what happens I swear I will never make that mistake again?" (Yea. You probably did that at least one time in your life. I know I have.)
Did you ever - after swearing you wouldn't do it ever again - go on and make the exact same mistake a second time? Yea. Crazy. I have. Just ask my wife or kids!
So trying harder and promising ourselves that we won't repeat our mistakes DOESN'T WORK. We usually follow that up with Laying Blame or Justifying our mistakes based on some external event or external force. We then try Massive Action to try to cloud our mistakes with tons of activity.
You see, you can be taking massive action in cyber defense, but if one is on the wrong track, it doesn't matter what speed you're going. You won't get there!
We know from the writings of R. Buckminster Fuller, that all know cases of biological, sociological and technological extinction flow from a common root cause. That root cause of extinction is OVER SPECIALIZATION. Few would argue with me that cyber security is highly specialized.
When one inbreeds specialization, one outbreeds ADAPTABILITY. (Star Trekkies, remember The Borg!)
The antidote to over specialized cyber thinking/doing is COMPREHENSIVE cyber thinking/doing. COMPREHENSIVE cyber thinking/doing considers everything in all 7 layers of the OSI model from the mobile edge through the software defined private or public data center. I have members of my technical team working on just such comprehensive cyber operating models, liking risk assessments to security architectures to security operations to proactive threat analyses and action taking to the business continuity and disaster recovery plan.
START THINKING ABOUT BUILDING SMALER PERIMETERS AROUND CRITICAL ASSETS. Th e dominant paradigm of defending all assets via a common perimeter has been rendered as totally OBSOLETE.
