With All Due Respect to Larry Wall
There is a strange to relationship between laziness and efficiency. To put it into terms, laziness is really just irrational efficiency, which then means that efficiency is really just rational laziness. Think about it.
I regularly find myself on my soapbox preaching that diligence in security processes means being consistently pedantic and strict about adherence to the rules, and not rushing anyhing through as a favor to anyone. Let the process takes its time. Yes, I know that it frustrates people. I sympathize; I have to put up with it too. But, if you start rushing, if you start cutting corners, you'll make a mistake. And, when that mistake happens, it'll be an embarrassment you won't forget.
Twice this week, I had to jump people's cases for putting plain-text passwords in emails and documents (one from a notable IT vendor). Seriously! And, one resulted in an outage of several hours while techs rushed to change that password (for a service account) on a number of servers, and the the director took the time to apologize and thank me for my diligence.
Yes, I'm one of those people who actually does take security very seriously. The question is: do you thank me or want to punch me in the face? Are you one of those CEO's that says "we just sell hammers"--and then later say "we take security very seriously", or do you actually listen to your people when they say you've got security problems? And, when do I get my damn merit raise?
--Signed: Warriors in the Trenches Defending Your Data
Biting the hand that feeds IT
