Skip to content ↓ | Skip to navigation ↓

Its amazing how often I come across organizations where security is either treated like a red-headed step child. As a result you come across four different types of folks who are in charge of keeping your networks safe from the l33t crackers of the world…the first is the bright eyed bushy tailed junior admin who just got their certification from SANS…the second is the grumpy old, long haired hippy dude whose idea of security still involves glass enclosed rooms, raised floors, and sacrifices to the gods to gain access to their systems.

In between you have the serious security professional who quite often find themselves caught between a rock and a hard place…on one hand they want to keep their systems as secure as possible but on the other hand they need to help the organization as nimble as possible. This by the way is what Visible Ops: Security is all about…read it…

Finally you have the bane of all security administrators out their…I like to call them Mall Ninjas… The Mall Ninja in a word is a wannabe. If you come across one, you can’t help but immediately recognize the type… they take immense pride in technobabble (even if they don’t understand), they have personally identified 37 security flaws in notepad since their third can of Amp this morning, and have a manic distrust of anything not open source…

There really is no reason for the vitriol in my first post. Just simply pointing out some of the folks I come across working for Tripwire. Three of the four folks labeled above understand security and its place in the company. The fourth believes that the sole reason their company still exists is due to their Herculean efforts to protect them from the baddies.

Of course these days with the ease of virtualization, the Mall Ninjas have to be going insane…servers are popping up all willy nilly and in all sorts of configurations…and in this…I find myself sympathizing… Virtualization has made the job of the security administrator so much harder… and finding the balance between security and operations becomes a much harder line to balance…that’s why in future posts I’ll be discussing with you my fine readers why security needs to be more integrated into the business side of the company and why, when security has something to say about virtualization security…we should all listen…

The Executive's Guide to the Top 20 Critical Security Controls
<!-- -->