I lead an information security ops and response team. This site is a collection of interesting notes and brainstorms on the protecting from, detecting of, and responding to badness. You can read more about me or my site here.
You can subscribe to my blog via rss 
, or if you're looking for older items check out my archive of previous posts.
I help organize a small infosec meetup in baltimore called charmsec. If you are looking for charmsec details you probably want to go here.
RSS
Posted Jun 19, 08:23 AM by ben
There are a lot of go-to sayings that are generic enough that folks will use as an ice-breaker. A way of getting you to nod your head as they build their premise. “security is a process” is one of those.
Who started that? The presumption with that is to point out that security is not a product. “You are not your firewall”. I get that, but I do not like the expression anymore than any other watered-down talking point that politicians use on an election year.
I had at least one guy who privately objected to my 140 character assessment of this. I got the sense that such an expression is a truth; and to rail against such a truth implies that you should at least have a replacement. “If it’s not a process then what is it?!?”. It’s rhetoric that helps you setup discussion. But hey, i’m game. Some replacements (off the top of my head):
Comment [1] | tags (rant, brainstorming)
This work by http://electricfork.com is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.