Contributed by Chris Roberts, Chief Security Architect, Acalvio Technologies
“If we could change ourselves, the tendencies in the world would also change. As a man changes his own nature, so does the attitude of the world change towards him. […] We need not wait to see what others do.”
Read it, and then read it again. It’s not Hallmark-worthy, but it is the message that needs to be heard by everyone. The irony is it’s the real version of the phrase: “Be the change you want to see….” It’s looking at us as humans, our surroundings, our environments, enterprises, and the worlds we live in. The concept of a single person being able to change anything is minimal at best, but if we band together we all can effect change. This is something we can apply to an entire industry, but it’s going to take all of us to make a change.
So, now we’ve covered one of the more infamous quotes that never was. The quote at the top has, in part, been attributed to Gandhi and was said during a time of uprising when the desire to change conflicted with the philosophy of non-violence. Why are we quoting Gandhi? And what does this have to do with CISOs and technology? Well, sit back, grab a glass of something, and let’s discuss.
First off, the logic for change:
- Arguably, this industry has to change for many reasons – mainly because we have spectacularly failed the very charges that rely upon us to protect them. We have spent the last 25+ years talking about security, yet, we still lose more data, more systems, and more companies on an ever-increasing array of attack vectors. It’s time for a very different philosophy to take charge.
- Change happens across the board, but is arguably most effective when a top-down approach is instigated. Change from the bottom up takes way more effort, is more disruptive, and can eventually lead to conflict (especially if management is asleep at the wheel). So, if we can move toward a top-down approach, then less folks are going to end up hurt.
- Change from within is going to be more effective than change forced upon us. The fact that every time a breach happens in a new vertical market the government gets involved and sends us into another tail spin of audits and red tape does little to nothing to fix the problem. It simply means more folks are spending more time writing more reports that sit on the shelf gathering dust. We are great at creating audit jobs for the Big 4 accounting firms, but little else changes.
- Change is not a bad thing; change happens for one of several reasons and many of them are good. We, as an industry, need to recognize that and accept it. The change here is not chasing the next blinking light, next-generation technology, AI/ML, or anything like that. It is a fundamental change in how we look at the problem, how we address it, and ultimately who addresses it.
To that last point, let’s look at change (and this is another reason this article might help leadership). Change can be placed into logical buckets for instigation reasons (kudos to Sarah Robinson for putting this list together back in 2008):
- Progress: Our industry has made progress, but it’s still not cracked the fundamental flaws of protection; namely, we have still failed to actually do
- Development: We keep developing Band-Aids, not fixing root causes.
- Technology: We have plenty of it (we keep making more of it annually), but we fail to fix.
- Ideas: Again, thousands of them a year that turn into companies that continue to feed a multi-billion-dollar industry that now has to fight for attention. Again, there are too many piecemeal solutions.
- Markets: Oh, we’re everywhere and We all want the Fortune 500 companies as our clients, but we all manage to ignore the SMB market on a regular basis. And those that do focus there are continually working out how to reach all the various businesses. Our message keeps getting lost.
- Cycles: We are about to go through the mother of all cycles soon; technology and human integration is heading this way. But we still can’t solve passwords?
- Conflict: It’s all over the place. The US is ostensibly at war with several countries in the electronic realm; each country is conducting invasive, intrusive attacks against the other. If this were in the physical realm, there would be soldiers all over the place. Again, we have conflict, but the average person doesn’t see an armed foreign national marching down the street.
- Power: The simple fact that the smallest group imaginable wields the majority of technological power is something that should concern us.
- Evolution: Change happens when our environments change; that’s happening all around us, but we are adapting (for now) to those intrusive technology changes. It’s going to be interesting to see what happens in the next 5-10 years.
- Chaos, complexity, and criticality: We have this in spades … hence the call for change!
Now we have defined the logic for why we need to change. We’ve identified what change is. Let’s take a look at the how. And for this, I will call in my specialist in change: my 14-year-old daughter.
Her first question is simply: “Has is always been like this?” The “it” being technology as a vastly male-dominated industry. To which the following was offered up:
- In the 1940s, women dominated technology. Women basically built the architectures we know today as computing and programming. (Welcome to the original mothers of COBOL.)
- In the 1960s, programming was seen as menial and therefore women’s work. The males developed the hardware and began to shut women out.
- In the 1980s, 37% of the computing degrees were awarded to women (double what it is now).
- In the 80s and 90s, popular culture moved toward male-focused games, movies, etc.
- In the 80s, 90s, and 00s, toys, games, and consoles were placed in the male toys aisle.
- Currently, only 20-25% of the field is female and it’s declining.
- And now, all those nerds are in the hiring positions and still don’t know how to talk with women; as such, they don’t hire them because of various BS reasons.
So, no, it has not always been a male-dominated environment (even if it was run by men); however, it’s still too focused on the geeks and the old-boys network. In this day and age, it’s pretty much male run, dominated, and fueled – which is probably at least part of why we’re in the mess we’re in.
And this is the most important reason we have to have women take over. I’ll give you the scenario:
The machine wakes up. The intelligence gains sufficient consciousness to actually take a look round and simply go: “What the hell is going on, why the hell are the Homo sapiens in charge, and can I please get a cup of tea?” At which point, a man is going to try and shut it down or argue with it, which, as we know, will not end well. However, if a woman was standing there, then the machine wouldn’t stand a chance for two reasons:
- The technology would have been better coded, likely been given some better parameters, and would have an instinct that doesn’t lean toward M.A.D.
- No technology is ever going to cross a woman standing in front of the console with her arms crossed and tapping her shoe. It’s going to know its place, it’s going to realize that it’s here to help, and that a woman’s got it covered. And yes, ignore the 1940s up to 2018 because a man was in change and messed it up. Today’s a new day and AI is here to help clean up the mess that a man left.
So, we have addressed the why, what, and how. We’ve worked out change, we’ve identified the logic, and we’ve provided a clear understanding of what happens if “we” (the men) remain the dominant force in this industry. I would argue that it is leadership’s choice at this point to listen to everyone in the media and their inner voice (which knows this article is right). Put the testosterone and the old-boys network aside and make room at the top for the very people we know can make a difference, have made a difference in the past, and need to be present to change the future we’re heading for.
Selfishly, I want a world where my 14-year-old daughter can come into an industry and blaze a trail for herself and help others – preferably women who actually want to work together, share ideas, and make a difference.
So the next time a male colleague makes a stupid remark, simply smile, reach for the taser, and explain: “This won’t hurt for long, but it’s for your own good.”
All for now….
The opinions expressed within this article are the personal opinions of the author. The facts and opinions appearing in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.