It seems like the industry always says things like, “the traditional way of securing things simply doesn’t work anymore.” I’ve been doing security for many years now, and we’re always behind. Even today in a landscape of targeted, advanced threats, we are too far behind the bad guys and are struggling to catch up.

Transforming Nature Exhibition, by Val Kerry

Those of you that have been reading my blog lately may have noticed that I finally made good on my promise to talk more than just PCI DSS. Payment security is something that I am passionate about, but I love some of the new things I am being exposed to and that means that I get to share them with you as well. It’s part of my new gig, and it’s quite exciting.

This year has been crazy for security professionals—me included. Regardless of how many breaches occurred or who was the actor, the C-Suite is paying attention to data security more than ever. I’m having some of the most thrilling discussions with business leaders about how to transform their companies from porous targets to better managed information-based enterprises. It’s the same type of discussions that a new CFO would have with the C-Suite when it comes to cleaning up the company’s finances and planning for the future. Except instead of a smattering of accounts, business leases, and other financial tasks, we’re talking about a smattering of remote access and workstation build types, data inventory and risk analysis, and a other information security tasks.

We have a long road ahead of us littered with “we’ve always done it that way” and the “just because you CAN doesn’t mean you SHOULD” conversations. If we think like minimalists, we can slowly reduce our breach liability and probability simultaneously, and get involved in those proactive business discussions as opposed to waiting to react to our environment in painful ways.

In the coming months, look for posts on a new theme, transformational security.

This post originally appeared on

Possibly Related Posts: