We in cybersecurity have lots of room to grow as an industry

Everyone I know hacks in gloves and a ski mask

A few of us were discussing this situation between Orca Security and Palo Alto Networks described here https://orca.security/cybersecurity-community-transparency/ (disclaimer — I work for Virtru, a software product company that doesn’t really compete with either firm) and I thought it was worth highlighting. While this is one side of the story, this type of issue with transparency happens all of the time. Whether it is on product capabilities or comparisons like this case, or on something like pricing maybe there is a fear that public information will somehow give competition an advantage? My own firm has gone back and forth on whether to publish pricing for all products and features and have landed somewhere in the middle with some price tiers listed, but some not.

It seems incredible to think that an organization would not allow testing results of their product published unless they approve of it. On the other hand, these are tools that can be configured in many different ways, so who knows if the testing was done with an appropriate configuration. Folks like NSS Labs (they are worth another blog) and others have tried to do independent testing, but how neutral and independent those tests are is constantly being called into question.

I don’t have an answer to this (in my time in government a cyber Underwriters Lab concept was discussed and there are ongoing efforts by smarter people than me) but we have to do a better job of informing people. Every organization is a technology firm and every individual is doing more online, especially since March, so we as an industry need to fill the gap with clear and helpful information to make sure that people and organizations trying to manage these new risks have information they can use to make decisions.

These transparency issues are in addition to challenges that are not unique to cybersecurity but may be worse for us such as diversity and being welcoming to folks who are new and trying to learn. This is frustrating and I want to help make it better as I really like cybersecurity and am fascinated by the intersection of the technology involved, individual and organizational behavior that impacts security, and policy that can help or hurt security outcomes. Moving forward we will only need better products, a larger and improved workforce, and a public that at least knows enough to try and make small improvements personally and professionally and we as an industry should do whatever we can to make that possible.

--

--

Trying to figure things out working at the intersection of cybersecurity, business, and government

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Joe Stuntz

Trying to figure things out working at the intersection of cybersecurity, business, and government