Cybersecurity Integrity | It’s Harder Than You Think

by Tim Willaford

The word INTEGRITY, what does it mean? How does it apply inside the world of cybersecurity? These questions, while simplistic may be far more complicated than you think. Roles and responsibilities of our day-today are often tightly wound to words and phrases like personal courage and integrity. And while these words are commonly viewed in the context of military duty, the limits they can represent can certainly be tested in our professional lives.?

Integrity | The quality of being honest and having strong moral principles.

Security reporting can be simple or require substantial personal courage to see it through; maybe even a combination of both. So where can we begin this complex discussion? I believe it starts with something most of us see daily. And if you join the masses, as I do, it is not uncommon to receive a fraudulent text. Normally it will start with a random series of numbers, or worse yet, a closely relatable account notification. So tempting they are, but life has taught me a few valuable lessons regarding clicking in-message links. These days, I certainly know NOT to open such items; however, it is the act of deletion I would like to highlight. When I select the text and click delete, the most magical thing happens. The system asks if I would like to report it. Yes! Yes I would. It’s bothersome and annoying, and I’m willing to do whatever it takes to ensure I am not bothered in the future. This endeavor has already stripped three valuable seconds from my busy day.

But what happens next? For most of us, we move on, never thinking a thing of it until the next time we are disturbed by such unfruitful concerns. However, completely unknown to people like you and me, these reports provide valuable tracking data for security threat assessments and other high-level monitoring reports that indicate current security climates. Pretty amazing that items reported by some unknown users are fed into some distant database to help determine future cybersecurity preventative enhancements.

While it is great to have security reporting anonymity, most occurrences do not allow for such exclusion, nor do they happen at times of convenience. They happen at pivotal moments within the product delivery cycle. The truth is security reporting can interfere with delivery timelines, reflect on the work of others, and even produce significant departmental divisions. It is ONLY with great integrity, that such items can be raised; sometimes at great personal cost.

To set the tone for this discussion; we are on a 18-month project two days before delivery to a very eager and expecting client. Nevertheless, we have just discovered a security concern. What do we do? Surrounded by friends and colleagues, you would think this would require little effort; however, that could not be further from the truth. Reporting can evoke powerful reactions, sometimes dynamically altering career paths.

As a point of consolement, I would like to share something a mentor once told me.

“It’s up to the individual to stand with pride and ensure your word means something. If you know it’s wrong, it is your duty to carry that message forward, no matter the cost. If you choose not to, when you are asked in the future if you are a person of your word, do you hold your head high, or do you lower your eyes reflecting on past moments?”??

As we work through our daily lives we are faced with a multitude of right or wrong decisions. We navigate those treacherous waters based on our personal moral compass. Still, when it comes to our professional careers, whether delivering products or providing services to our clients, we are contractually obligated to do what is right. To hold to our values and our promise.

“The Power is Yours”

- Captain Planet