This one still amazes me every time I see it happen. I would think that by now, people would try to understand what they don’t know so they can deal with it.

I am dead wrong.

I’d like to reflect back to a conversation I had with an Information Security Director in a prominent company in the transportation industry. The reason why the industry is important here, is we met with this individual after the 9/11 attacks. Most people in the transportation industry were hyper-sensitive to security at the time.

We went in and were pitching enterprise security intelligence services–something that might be relevant to this individual. This individual welcomed us into an office, allowed us to talk about this service for 20 or so minutes, and then looked us in the eyes and said with a straight face…

“This service looks great, but I don’t want to know about threats out there because if I know about it, I have to do something about it.”


I could imagine some guy at a 5 man shop saying that, but this is a major company we are talking here. I don’t know if I held it together in front of the individual, but I was shocked to say the least.

This incident relates to the current corporate mindset in many companies today. If I don’t know about it, I don’t have to do anything, therefore I have plausible deniability. The hard problems are there to be tackled, not ignored. So go get ’em fella!

This post originally appeared on

Possibly Related Posts: