"Simplicity is the ultimate sophistication." --Leonardo Da Vinci
Let's face it. Information security is complicated and the industry - as a whole - hasn't done much to simplify it. In simplifying it, I'm convinced we'd be better at it.For the past few decades, I've had a hard time in cocktail party conversations. When someone asks what you do for a living, it's far simpler to say, "I'm a teacher" or "I work on Wall Street" than "I help companies secure their networks and data against bad people or simply bad mistakes". Don't get me wrong, it's far easier to explain now what I do for a living compared to 10 years ago. Or even 5 years ago. We have WikiLeaks, Chelsea Manning, Edward Snowden, and all the rest to thank for that.
Adding to this burden of complexity is a vast shortage of skilled information security professionals. IT operations teams are working hard to keep up with the pace of increasingly sophisticated attacks, but it's an uphill battle. Technology innovation can certainly help, but it's not a panacea.
What we can do is simply focus on the essentials, and work together to turn the tables on the attackers. By working together, we can all improve our defenses.
At AlienVault, we believe in the power of shared intelligence. And the goal of this blog is to contribute to that collective power, by sharing tips and tricks on information security concepts, defensive technologies, incident response best practices, audit checklists, and much more. All designed to help simplify our daily work, and in the process, help us all to be more secure, more effective, and less stressed out.
We encourage you to participate in this ongoing conversation. Let us know what questions you have, and remember... the only dumb questions are the ones you neglect to ask. We'd also appreciate hearing any lessons you've learned along the way that can also contribute to the greater good.
In the meantime, stay focused on the essentials.