I have been meaning to write an actual blog for a few years. My personal incentive has not gotten me to the point of doing so - I mean, I consider a lot of what I do professionally as boring; I don't do cool research projects into passwords or hacking bluetooth or taking over a satellite network.
I came to realize a while ago that much of what we as professionals; not just the security product vendors, actually do, is hype. We have to wave our hands and fire flares into the night to get people's attention. We have to use brightly colored paper to share information - nay, we tend to have to justify our existence to management on a weekly if not daily basis.
So it is hype. I know one person that has firmly convinced themselves that everything has already been hacked by China because they have been telling stories; some in the news and some contrived, to customers for so long that they've convinced themselves.
One of the things I deal with is Contingency Planning for emergency events and computing system failures. We go through an organization's preparedness and then test it on a table or a real situation or realistic simulation. I try very hard to think of very real possibilities: floods where there are often floods; persons struck by cars where there are high traffic areas.. and the slightly esoteric like a radiation or chemical plume hazard.. but even then I know we often exaggerate a possibility in order to get the point across and make sure the checklists are correct.
Are you all about hype? Or do you sit and reason out the reality of a given situation for your customers or immediate work environment?
