Breaking through the Matrix

From SecurityForest

Not a blue pill and not a red one.
People do not like it when you force them to choose, and anyway, methods have already been written for believing from whence forth came the light. So where indeed does the light come from?

Among all the experts, preachers and crazy people, there will always be one who constitutes the symptom for the errors of those who follow in his wake. And actually, it is quite reasonable to quote the man in the tie or ponytail on the stage delivering a rigorous theory from a book on one hundred percent security.
And the book itself was written by someone who had seen the light, and on the stage is someone who discovered the someone who had seen the light, and in the enterprise light is created by those who heard from others who had discovered yet others who had seen the light.
And in the end, we are left more-or-less in the dark. And change will commence when we come to know that we are in the dark, and only then, perhaps will we know that we must take action, and then perhaps we ourselves will see from whence came the light. And maybe also write a book about it.

And this is only symbolic, for we have all long since not been alike.
But they whisper the same words from the same texts in our language, and different eyes give different meanings to the words that pass judgement on technology and on an entire industry of promise, or even perhaps of a vision. And for all that, we are still all similar. Each and every person is born kicking, and then come the errors, followed by the apologies that protect us and our clear conscience, and your conscience constitutes the path to your confident truth and the path to your subsequent actions.

And to the matter at hand, the smart technologist is one who knows how to break out of the paradigm he is in and step out of his current world-view, and view reality from a new and novel perspective.
In the Matrix movie too, the screen writer transcended the conventional paradigm and the boundaries of outdated thinking on the nature of the human race. And in so doing, effectively started a new revolution that upsets man's perception of himself and his world.

Psychology and data security are so tightly bound, and yet people don't always understand why I insist on addressing
the psychological aspect rather than the technological one.
If we agree to link the two, then, the moment we are ready for change and to abandon the technological buzzwords, we may perhaps succeed in presenting real technological excellence.
This week I was present at a meeting in which the data security people wanted to develop the design of a secure system, and added complex technologies to the design.
I was even happy that they turned to implementation of IPSec between the SQL computer and IIS in order to restrict computer access and encode the information.
However, why was I so surprised when I observed that the design bore no relation to the enterprise's security problems - they had not yet performed an organized risk survey, and not even determined what the enterprise's critical information was, and the extent of the exposure of this information to the risks, but instead rushed to implement a new and innovative secure technology.
And conversely, the tendency of hi-tech people to develop a wonderfully secure technological design that is not in any way related to the actual problems of the enterprise.
To express a new idea, one first needs the readiness of the listeners to accept the innovation, before one can start making changes.

And they want us to repeat the promise about security, and expected us to grow to greatness by simply learning from others who had walked the road before us and showed us the way, who had repeated words and made promises. If we don't change and alter the path, the bullet will remain in the barrel instead of being cocked to start an era of change.
Are we the generation who will bring about technological change, transcending human limitations entrenching us in obsolete
viewpoints, or will it perhaps be left to others to clear the dust from technological stereotypes and well-formulated myths,
and to maximize security by developed thinking and not by products and technologies that are no more than a way to solving a problem, and not the goal.
Perhaps we will break out of the mold that defines successful technologies and their buzzwords that do not support any
international security standard.

And again, steam falls heavy like rain, casting shapes of castles and cavaliers in the sky, and set out to defend the light of day. And perhaps, most important of all, we should not fear change, because at the end of every road lies a new junction,
a new understanding, a new experience, a new promise, and hopefully, also new and intelligent security.