5 ways to kill your cybersecurity messenger

Cybersecurity professionals, by the nature of their job, are bearers of bad news. They routinely bring ‘possible risk scenarios’ to the table. They ask for resources to mitigate the possibility(sometimes remote) of something bad happening.

This is not a very pleasant thing to hear. Boards treat such individuals with disdain. They treat such people just like anyone would treat a doctor who, on a routine checkup, says - “Nothing is wrong with you yet, but if you don’t start exercising, something will go wrong”.

The messenger, therefore, is routinely killed. If you are a board member who is bored of the antics of these cybersecurity professionals, or just want some entertainment at the expense of your cybersecurity guy, here are 5 tips to help to kill the messenger.


The Info-Sec Idiots Guide



Info-Sec Idiots Classification

Info-Sec Idiots Classification

“Can you get us a security certificate in a week’s time?”

If you have been in the infosec consulting business long enough, you will, for sure, have come across this sentence. In this post, I want to vent my frustration and tell you the answers that I actually want to give - not the answers that I actually give!


Terrorist Outfit Seeks ISO 27001:2013 certification

I generally write long and boring stuff about obscure standards and esoteric practices. Sometimes, I do get bored of this and want to write some fiction. I tried to be Sir Arthur Conan Doyle here. This post is my attempt at faking a news report!

TORA BORA: An infamous terrorist outfit has decided to implement and get certified on ISO 27001:2013 as information related to critical projects it undertakes keep getting leaked to outsiders.


The case of the missing PDCA cycle

‘My dear Watson!’ exclaimed Holmes. “You are no doubt wondering about how they work in Japan.” I looked up in surprise. I was indeed pondering about the work culture in Japan.

“Have you started performing black magic, then, Holmes? There can be no other explanation to this” I spake with wide eyes. “How can you even know what I am thinking?”

“Elementary! I have been observing you for the past ten minutes. You started reading the new ISO 27001:2013. A few minutes later, your eyes widened. You left your seat, went to the shelf and retrieved the ISO 27001:2005.”

“And how can that possibly tell you that I am thinking about Japanese work culture?”