Optimistic Thinking in Security...

Optimistic Thinking in Security...


Wishful thinking while ignoring an open door, don't work quite well in 

keeping maliciousness out.

        

Introduction

Without hope, humanity will perish. And to hope, one needs a certain level of blind belief, that doesn't ask for proof. A feeling that there is something better, more secured, more safe. While in my interaction with the security domain I have seen a lot of optimism among security professionals. Superbly confident in their threat assessments, their security designs/architecture, their trainings, their deployments, their follow through, etc... But in some cases, there was something extremely alarming in that confidence and optimism.

Negative thinking has 2 aspects. One that paralyses you into fear and uncertainty. The other that pushes you to find a way to mitigate the worst. The 2nd kind is what can keep you safe from maliciousness.
Its called Optimistic Negative Thinking...

The Real Face of Optimism ?

The moment the audit identifies and highlights a vulnerability that has a very low possibility of being exploited but when done, will deliver a massive impact....the spotlight falls on the real face of this tremendous confidence and optimism - The Face of DENIAL. The fact that one understands the theory of a High Impact - Low Possibility Vulnerability, but is super sure of the same not being exploited and that too with no factual evidence to support such a claim is nothing less than a ticking time bomb. And then when pushed harder the reasons that come out are not even worthy of mention. The reasons completely destroy the reputation of the individuals intent and capability to be able to mitigate such threats.


If DENIAL was a social networking site, it's membership would surely 

surpass LinkedIn and Facebook combined.    
        

Why Do We Subscribe To Denial ?

Many factors. I'll mention the ones I think we can address together. And these factor are not limited to the domain of security alone.

  • Lack of Knowledge & Skill: This has been a common reason I have come across. The concept of - I don't need, what I don't have, don't apply to a domain like ours. In security, we do what ever it takes to acquire what can help us to secure and defend Man, Material & Space, under our guard/protection. We all have done it as kids, it's a wrong question when you don't know the answer. But guess where such an attitude landed us ?
  • Balancing Between Cost & Service: It is more than evident in our industry that we don't get paid enough for the kind of work we do. It's a fact. We hire an untrained, incapable security guard (watchman in reality) pay him 8K to 10K a month and expect him to put himself at risk to mitigate a threat that is upon you. In most cases we are well aware that he would probably be the one running first, at the slightest hint of a serious threat. That being said, as security professionals, it is our duty to put on paper all forms of threat that exist to a certain client and offer our earnest solutions. If they can't afford your solution, you at least will be at peace that you PREDICTED a threat, PREPARED a mitigation plan and offered the client PROTECTION, that he rejected...what ever may be the reasons.

I'd rather PREDICT the worst, PREPARE for the worst and then hope that my preparation for the worst, will PROTECT me during the worst. That's my kind of optimism.

Best Practices ?

Transparency with clients in this domain is critical. It does happen sometimes that your point of contact at the client's side is a weak and timid person. And I can totally imagine discussing a threat assessment report with such a kind. However, being completely transparent in our interaction is vital to winning a lasting partnership with a client. Also, if the client expresses a budget constrain, you could always give him the option of paying a nominal fee to keep a contingency plan ready. Give them some pre-incident indicators they should be looking out for. This could help you delegate a small part of your job to them and also give them the ownership of having all situations under their control.

However, the client must have the interest to learn about how they can help you secure them, better. Else, it won't go very well. And such an interest can be developed by identifying a good point of contact on the client side. This is just a suggestion. I implemented it in a couple places and it worked great for me. And I must admit, it didn't work out in few places too. But it's worth trying.

I hope I have made some sense. And if you feel I have, or I haven't....do share your thoughts in the comments. So don't just like....comment as well.

Till next time....Stay Safe - Stay Alert

Regards

No alt text provided for this image


No alt text provided for this image

Beautifully explained CR. The knowhow and the desire to mitigate threat is a quality very few possess. The threat assessment is the starting point of any security matrix to be employed, if a security expert can't do this, then I am sorry for the client. Very neatly crafted and explained brother. Keep up the good work. Regards

PODUVATH RAVINDRANATH

Founder Director - Private Eye Private Limited

3 年

Very very true obsevations Chakradari

Mark Kramer

Director @ Mantis Security | Security Management Diploma

3 年

Excellent. Thanks ??

Anirban Mukherjee

Building People & Businesses from Scratch | Founder, Tech-RPO | Stealth Mode

3 年

Chakradhari Rowe This is absolutely a true fact, Chakradhari, that positive thinking (not positive attitude) has two aspects of it. And that's where the famous quote comes from: "positive thinking has killed more people than we can imagine!!". History has sufficient examples to second that. While, positive attitude is to take the pain to learn self defence, take all security and safety measures, making oneself physically and mentally strong, and be battle ready for any adversary who could get through those measures and still challenge us!

回复

要查看或添加评论,请登录

Chakradhari ????????的更多文章

  • Suicides: A Multi-Level Security Failure

    Suicides: A Multi-Level Security Failure

    DISCLAIMER: Do not read if the subject triggers emotions you cannot handle. You know who will answer that door when you…

    11 条评论
  • The Brutal Reality About Martial Arts/Self Defense

    The Brutal Reality About Martial Arts/Self Defense

    Every time a crime occurs, which the media reports with all the fanfare, one specific aspect draws our…

    10 条评论
  • Security Awareness Lessons: The Saif Ali Khan Assault Case

    Security Awareness Lessons: The Saif Ali Khan Assault Case

    Disclaimer This piece is written to benefit Resident Welfare Associations and those living in apartment complexes. Feel…

    11 条评论
  • The Three Faces of Social Commentary: Know Them Well.

    The Three Faces of Social Commentary: Know Them Well.

    In today's digital age, social media platforms have become the new battleground for ideas, opinions, and debates on a…

    3 条评论
  • Secularism - A Threat to Security ?

    Secularism - A Threat to Security ?

    Preface: I've wanted to write this one for a very long time. Like my other strong opinions, this one would have been…

    11 条评论
  • So, What is Causing All The Stress ?

    So, What is Causing All The Stress ?

    In today's corporate landscape, the pressures faced by young professionals are mounting, leading to an alarming…

    1 条评论
  • What Would Nirbhaya Do, If...A Hypothetical Case Study

    What Would Nirbhaya Do, If...A Hypothetical Case Study

    Understanding personal security is crucial for every woman, especially in today's world where the threat of crime looms…

    21 条评论
  • Kalki, The Blade of Grass & The Kshatriya

    Kalki, The Blade of Grass & The Kshatriya

    I read that the avatar of Bhagwan Vishnu, designated to arrive next will be that of Bhagwan Kalki. The one who will…

    6 条评论
  • Securing Your Home & Family From MOB-VIOLENCE

    Securing Your Home & Family From MOB-VIOLENCE

    ***Disclaimer: the below pointers are DEFENSIVE ONLY. They are to help you defend when your homes are attacked by…

    8 条评论
  • Insider Threats in Business and National Security

    Insider Threats in Business and National Security

    In today's rapidly evolving business landscape and geopolitical environment, the issue of insider threats has emerged…

    3 条评论

社区洞察

其他会员也浏览了