Posted Mar 17, 07:47 AM by ben
After reading this blog post about security being “creative” I remembered something I jotted down in my moleskin back in October.
A disadvantage [security teams] face is the fact that we do not lead architecture changes that improve both security and enable individuals or the company.
To further explain that: security likes to tighten things down rather than put controls in place that can give perception of a more open environment. I suspect the entire “Security versus Productivity” argument is inaccurate; it’s just the easy way out. We can make both a productive and secure environment if we’re more clever.
// :: productivity/ rant
Commenting is closed for this article.
This work by http://electricfork.com is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
I lead an information security ops and response team. This site is a collection of interesting notes and brainstorms on the protecting from, detecting of, and responding to badness. You can read more about me or my site here.
You can subscribe to my blog via rss 
, or if you're looking for older items check out my archive of previous posts.
I organize a small infosec meetup in baltimore called charmsec. If you are looking for charmsec details you probably want to go here.
RSS
I agree the argument is twisted, however, unless security can do a better job of presenting control functions as enablement advances they will never be considered as architectural visionaries. They will continue to be relegated to the role of security placeholders called upon when needed to address inherent security weaknesses.
— Frank · Mar 17, 10:17 PM · #