Skip to main content

Wrong Automation

For those curious about cybersecurity but lacking any practical knowledge of the domain, it is often hard to come across articles that easy to follow along. This one about the myth of workforce shortage in cybersecurity is a good read.

Traditionally, enterprises have treated vulnerability management as a manpower and triage problem. They assembled lists of CVEs that their scans turned up and argued over which ones to patch. Every day the list grew, and every quarter CISOs tried to make the case for additional hires.

Application of data science to this problem has shown that companies can — and do — make meaningful risk reductions with available resources. That's because the small cadre of hackers capable of developing new exploitations are highly likely to follow well-worn patterns. A complete analysis of decades of threat data bears this out.

I wonder if there is another contributing factor to this workforce dilemma. The exploits are carried out by hackers and there is a cult of personality that goes with it. If vulnerability management is automated for the most part then its takes away from the super-powers of the people who are in charge today. It's the fight between good and evil where the personalities behind the stories matter. Reminded me of this very ludicrous movie Swordfish which makes a joke of the world of hacking. Imagine replacing Hugh Jackman with an algorithm - that would be untenable.

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Part Liberated Woman

An expat desi friend and I were discussing what it means to return to India when you have cobbled together a life in a foreign country no matter how flawed and imperfect. We have both spent over a decade outside India and have kids who were born abroad and have spent very little time back home. Returning "home" is something a lot of new immigrants like L and myself think about. We want very much for that to be an option because a full assimilation into our country of domicile is likely never going to happen. L has visited India more often than I have and has a much better pulse on what's going on there. For me the strongest drag force working against my desire to return home is my experience of life as a woman in India. I neither want to live that suffocatingly sheltered existence myself nor subject J to it. The freedom, independence and safety I have had in here in suburban America was not even something I knew I could expect to have in India. I never knew what it felt t...
111 comments
Read more

Cheese Making

I never fail to remind J that there is a time and place for everything. It is possibly the line she will remember me by when I am dead and gone given how frequently she hears it. Instead of having her breakfast she will break into a song and dance number from High School Musical well past eight on Monday morning. She will insist that I watch and applaud the performance instead of screaming at her to finish her milk and cereal. Her sense of occasion is seriously lacking but then so is mine. Consider for example, a person walks into the grocery store with the express purpose of buying detergent because they are fresh out of it and laundry is only half way done. However instead of heading straight for detergent, they wander over to the natural foods aisle and go berserk upon finding goat milk on sale for a dollar a gallon. They at once proceed to stock pile so they can turn it to huge quantities home-made feta cheese. That person would be me. It would not concern me in the least that I ha...
5 comments
Read more

Under Advisement

Recently a desi dude who is more acquaintance less friend called to check in on me. Those who have read this blog before might know that such calls tend to make me anxious. Depending on how far back we go, there are sets of FAQs that I brace myself to answer. The trick is to be sufficiently evasive without being downright offensive - a fine balancing act given the provocative nature of questions involved. I look at these calls as opportunities for building patience and tolerance both of which I seriously lack. Basically, they are very desirous of finding out how I am doing in my personal and professional life to be sure that they have me correctly categorized and filed for future reference. The major buckets appear to be loser, struggling, average, arrived, superstar and uncategorizable. My goal needless to say, is to be in the last bucket - the unknown, unquantifiable and therefore uninteresting entity. Their aim is to pull me into something more tangible. So anyways, the dude in ques...
6 comments
Read more