With apologies to the Daily Show, I present- your Moment of Zen:
"Your systems are vulnerable and will be compromised"
It may be shocking at first, but it is true and you know it. You may argue about the definitions of "vulnerable" and "compromised", but that misses the point. Our systems are vulnerable and will be compromised. Now what do we do?
- Focus on the things you can actually accomplish.
- Accept that we really do need a "Plan B", (and maybe C, D...)
- Work on those plans.
- Prioritize work based on real exposure.
- Think about risk
- There are many "deep thinkers" in the Risk field, but start with a little "shallow thought" and work your way up.
I have been thinking about this for a while and a panel discussion at RSA really crystallized the idea for me (and many others). It is not a new idea, Chris Hoff has expressed it in his move from "Rational Security" to "Rational Survivability". Mike Rothman's "Pragmatic CSO" includes elements of it. My belief that moving forward, even incrementally, is better than trying to solve all of the big problems also touches the idea.
Possibly more significant than the agreement of esteemed panel (Mike Rothman, Ron Woerner, Rich Mogull, David Mortman and Martin McKeay) was the general agreement from the audience. It has always been true, but now it is OK to accept it- and move on.