Cybersecurity

Dispelling The Fantasy That Cybersecurity Is Sexy

The so-called "election hacking" is a fringe issue for the vast majority of security professionals, and the oft-discussed dark web is largely overrun with amateurs. The process of hacking (anyone who's actually done it can tell you) is mind-numbing and repetitive. The business of conducting cyberattack campaigns against corporations or government entities is just that: It's a business. Think about your job. That's what cybersecurity is like.

That said, the outcomes of insecurity are fascinating: Nearly half of all Americans may have had their Social Security numbers exposed in 2017, not one but two ransomware strains swept across the world costing industries (shipping most dramatically) more than $4 billion and all the while, there seems to be a continual game of spy vs. spy playing out between the world's great hacking powers. The process of securing, however, the actual business of defensive security, is not exciting.

In truth, security is about methodology and analytics. It requires patience and discipline. It's about applying repeatable business processes to detect and mitigate threats and forever training ourselves to keep our eyes on the ball and ignore the noise, no matter how loud or seemingly exciting that noise is. This is an unfortunate reality for those of us who scrounge for a slice of that corporate budget by hook or by crook. In my experience, business leaders aren't exactly enthusiastic about spending on security, and there is little financial incentive for them to do so, which is one reason security focus is misaligned toward that which is ostensibly exciting -- toward noise rather than signal.