Thanks for Nothing

As we embark on the U.S. Thanksgiving holiday, we’re supposed to be grateful for our gifts. And I am certainly thankful for my family, my health (injured knee notwithstanding) and being able to work at Techstrong, which is a very cool gig.

But to be honest, I’m just not feeling very thankful from a security standpoint. As we wrap up 2022, it still feels like Groundhog Day. I’ve been doing this for a long time, and although the names and business cards change, we (as an industry) still suck at protecting data. Users still do the same stupid things resulting in ransomware outbreaks and the alleged magic bullets offered by the vendor community to help (security analytics, anyone?) amount to nothingburgers.

So yeah, I’m letting the frustration get the best of me this Thanksgiving Eve. Even the stuff that promises to help change things suffers backlash. Evidently, we now need to “shift right” because it’s too hard for developers to practice secure coding. Come on, man. And don’t even get me started on zero-trust—the term has been so manipulated by the industry that it barely means anything anymore. And the software bill of materials (SBOM) that is supposed to help protect complicated modern applications? In the best-case scenario, we’ll know we’re pwned sooner. But if it moves the goalposts and gets enterprises to spend more money, bring it on!

I’ll admit that we are better at detection, but the adversaries are better at attacking. So it feels like we’re moving backward. Security automation can help streamline operational processes, but the use cases are so limited that it barely scratches the surface of the security ops challenge.

I know I should be thankful for the progress we’ve made. But it’s hard when no matter how hard or how long you row, you end up further from the shore.

But you know what? Tomorrow is a day to recharge, reconnect with those you care about, reflect on the goodness in life and get ready to reengage in the fight. 

So that’s what I’ll do. Regardless of how bad it seems and how frustrated we are, we will come back tomorrow and engage the attackers again. We’re security people. That’s what we do.

I hope everyone who celebrates has a happy and safe Thanksgiving holiday. 

Avatar photo

Mike Rothman

Mike is a 25+-year security veteran, specializing in the sexy aspects of security, such as protecting networks and endpoints, security management, compliance and helping clients navigate a secure evolution to the cloud.

mike-rothman has 38 posts and counting.See all posts by mike-rothman