What do you think this is?

Just thoughts of a restless mind...

The wrong solution to a major problem

Supply Chain Risk Management is the name of a big security problem in the business world. It is so important that there isn't a single security framework that doesn't include Supply Chain Risk Management in its agenda, guidance, and suggested controls. NIST has a set of resources on the topic, but it is not the only organization that is addressing this problem.

Disclaimer: Nothing below should be taken as a criticism of the services offered. Pointing out their flaws and inefficiencies does not mean they don't have any value.

The expectation of privacy

Everybody has something to say about the Facebook / Cambridge Analytica case. And I am annoyed by people saying that when you give your data to Facebook, you forego some parts of your privacy (true) so you should not be surprised (false). In simple terms, it was an actual data breach. Individuals who had not consented, had their data exposed. This was not supposed to happen. There are two aspects I would focus on regarding this issue:

Building up a SOC - the candidate challenge

Building a Security Operations Center from scratch is not an easy thing. But since it's not the first time I'm doing it, I am familiar with the challenges. These challenges include the building of the processes in a company-adjusted manner, the selection of the toolset and integrations to match the company's enterprise architecture, network architecture and of course my own security architecture, but nowadays, and due to the significant skill shortage in cybersecurity the major challenge is finding the right people.

Don't you want my money?

I remember reading that Game of Thrones was the most downloaded series in 2016. It's a pity; I'm sure that everybody needs and wants and deserves to get paid if they're doing a good job. I won't pretend to be a saint, but let's just say that if a series is available in the country where I live, in English, with English subtitles, I am more than happy to pay to watch it.

Recruitment: A failed industry?

The discussion about talent and skill shortage in areas such as IT and mainly Information or Cyber Security is getting significantly more intense. At the same time, the unemployment in EU ranges from 5% to 25% (1). And the usual time to fill a position is over 3 months, in cases can reach even to a year (2), with just the interview process to be close to one month in most countries (3, 4). These are alarming indicators about how effective the recruiting industry is - or is not.