Optimistic Thinking in Security...
Chakradhari ????????
Domain Expert - Physical Security & Close Protection (Design, Training & Deployment) | Security Culture Architect | Close Protection and Counter Terrorism, ISA ???? | REX Karmaveer Chakra Recipient??| ExCivilian? |
Wishful thinking while ignoring an open door, don't work quite well in
keeping maliciousness out.
Introduction
Without hope, humanity will perish. And to hope, one needs a certain level of blind belief, that doesn't ask for proof. A feeling that there is something better, more secured, more safe. While in my interaction with the security domain I have seen a lot of optimism among security professionals. Superbly confident in their threat assessments, their security designs/architecture, their trainings, their deployments, their follow through, etc... But in some cases, there was something extremely alarming in that confidence and optimism.
Negative thinking has 2 aspects. One that paralyses you into fear and uncertainty. The other that pushes you to find a way to mitigate the worst. The 2nd kind is what can keep you safe from maliciousness.
Its called Optimistic Negative Thinking...
The Real Face of Optimism ?
The moment the audit identifies and highlights a vulnerability that has a very low possibility of being exploited but when done, will deliver a massive impact....the spotlight falls on the real face of this tremendous confidence and optimism - The Face of DENIAL. The fact that one understands the theory of a High Impact - Low Possibility Vulnerability, but is super sure of the same not being exploited and that too with no factual evidence to support such a claim is nothing less than a ticking time bomb. And then when pushed harder the reasons that come out are not even worthy of mention. The reasons completely destroy the reputation of the individuals intent and capability to be able to mitigate such threats.
If DENIAL was a social networking site, it's membership would surely
surpass LinkedIn and Facebook combined.
Why Do We Subscribe To Denial ?
Many factors. I'll mention the ones I think we can address together. And these factor are not limited to the domain of security alone.
领英推荐
I'd rather PREDICT the worst, PREPARE for the worst and then hope that my preparation for the worst, will PROTECT me during the worst. That's my kind of optimism.
Best Practices ?
Transparency with clients in this domain is critical. It does happen sometimes that your point of contact at the client's side is a weak and timid person. And I can totally imagine discussing a threat assessment report with such a kind. However, being completely transparent in our interaction is vital to winning a lasting partnership with a client. Also, if the client expresses a budget constrain, you could always give him the option of paying a nominal fee to keep a contingency plan ready. Give them some pre-incident indicators they should be looking out for. This could help you delegate a small part of your job to them and also give them the ownership of having all situations under their control.
However, the client must have the interest to learn about how they can help you secure them, better. Else, it won't go very well. And such an interest can be developed by identifying a good point of contact on the client side. This is just a suggestion. I implemented it in a couple places and it worked great for me. And I must admit, it didn't work out in few places too. But it's worth trying.
I hope I have made some sense. And if you feel I have, or I haven't....do share your thoughts in the comments. So don't just like....comment as well.
Till next time....Stay Safe - Stay Alert
Regards
SOLOIST!!
1 年Beautifully explained CR. The knowhow and the desire to mitigate threat is a quality very few possess. The threat assessment is the starting point of any security matrix to be employed, if a security expert can't do this, then I am sorry for the client. Very neatly crafted and explained brother. Keep up the good work. Regards
Founder Director - Private Eye Private Limited
3 年Very very true obsevations Chakradari
Director @ Mantis Security | Security Management Diploma
3 年Excellent. Thanks ??
Building People & Businesses from Scratch | Founder, Tech-RPO | Stealth Mode
3 年Chakradhari Rowe This is absolutely a true fact, Chakradhari, that positive thinking (not positive attitude) has two aspects of it. And that's where the famous quote comes from: "positive thinking has killed more people than we can imagine!!". History has sufficient examples to second that. While, positive attitude is to take the pain to learn self defence, take all security and safety measures, making oneself physically and mentally strong, and be battle ready for any adversary who could get through those measures and still challenge us!
Veteran
3 年Excellent