It won’t happen to you, right? After every breach you see all sorts of former employees and others crawl out from under their various rocks to talk about how screwed-up their former employer was. And how the breach was inevitable. It is a bit comical at this point. The latest example is a bunch of former Home Depot employees talking about their old shop.

Yet five former staffers describe a work environment in which employee turnover, outdated software, and a stated preference for “C-level security” (as opposed to A-level or B-level) hampered the team’s effectiveness.

Well, here is BREAKING news. Every big company is screwed up in some way. Every company – big or small – needs to make tough choices. Some companies consistently choose wrong. Others do a good job of making those decisions – or they get lucky, it doesn’t really matter. But the truth remains: they will all get breached… sooner or later.

In the aftermath of a breach – or really any mistake – there are always things that could have been done differently. But most security folks need to toe the corporate line, which may be to deal with mediocre security. Job #1 is often not to disrupt business operations.

As a security person such directives may make you sick. And if your shop consistently makes decisions like this, maybe you should work somewhere else. That’s always a choice. And sooner or later (likely sooner), you will get called by journalists looking for dirt. Then you can say you told them so and they didn’t listen. Good for you.

Photo credit: “Black and white hindsight” originally uploaded by Tim J Keegan

Share: