ahead nero uk 3D Home Architect Design Suite Deluxe 8 adobe photoshop elements 2.0 serian number adobe creative suite premium upgrade mac Abbyy FineReader 9.0 Professional adobe art clip illustrator adobe photoshop elements 4.0 keygen ACDSee Photo Editor 2008 adobe photoshop with jpeg 2000 plug-in adobe illustrator cs keycode ACDSee Pro 2 adobe illustrator trial expired adobe illustrator cs tips Acronis Disk Director Suite 10 ssg adobe acrobat 8 upgrade adobe 5.5 photoshop 5.5 Acronis True Image 11 Home adobe photoshop elements digital photography review adobe photoshop tools and uses Adobe Acrobat 9 Pro Extended adobe photoshop online help open source adobe illustrator Adobe After Effects CS3 Professional keygen adobe premiere pro cs3 putting video in adobe acrobat Adobe After Effects CS4 MAC adobe creative suite 3 serial adobe acrobat standard free trial Adobe After Effects CS4 adobe photoshop support adobe acrobat 7.0 activation error codes Adobe Captivate 3 adobe photoshop premiere buy adobe creative suite 2 Adobe Contribute CS4 adobe acrobat pdf adobe acrobat newsletter enjoy pdf Adobe Creative Suite 3 Design Premium converting adobe flash to avi adobe acrobat blank page error Adobe Creative Suite 3 Master Collection re adobe illustrator remove white background adobe photoshop elements 2.0 troubleshooting Adobe Creative Suite 4 Design Premium adobe acrobat v7.0 full download adobe acrobat reader palm pilot Adobe Creative Suite 4 Master Collection MAC adobe after effects 6.5 keygen free adobe photoshop trial Adobe Creative Suite 4 Master Collection adobe illustrator sdk adobe photoshop sepia Adobe Creative Suite 4 Web Premium adobe photoshop elelments adobe dreamweaver cs3 crakz Adobe Dreamweaver CS3 adobe acrobat most recent version adobe photoshop cs2 serial crack Adobe Dreamweaver CS4 MAC image editing using adobe photoshop adobe illustrator tutorials blend Adobe Dreamweaver CS4 adobe illustrator patterns adobe acrobat 6 standard Adobe Fireworks CS4 ahead nero 7 ultra edition adobe photoshop latest pc Adobe Flash CS3 Professional adobe creative suite activation code adobe photoshop cs3 maximum memory Adobe Flash CS4 Professional adobe acrobat uninstaller download adobe acrobat 8 trial Adobe Flash CS4 Professional MAC 5.0 acrobat adobe mac acrobat adobe reader 7 Adobe Illustrator CS4 MAC adobe acrobat professional create postscript file fonts for adobe photoshop Adobe Illustrator CS4 adobe illustrator 9.0 serial numbers adobe acrobat 7.0 multi user license Adobe InDesign CS3 preview adobe acrobat ms access free adobe acrobat program Adobe InDesign CS4 adobe illustrator cs3 crop marks adobe after effects 6.0 professional crack Adobe Photoshop CS3 Extended adobe photoshop 7.0 upgrades

Posts Comments

An Open Letter to CEOs

Posted by Michael Starks on March 10, 2009 · 2 Comments Print This Post

by Michael Starks

Dear Chief Executive Officer,

I want to help.

When you hired me as a security professional, I had certain expectations. I expected that you would come to me for guidance when evaluating new technologies. I expected that you would solicit my feedback when engaging in risky ventures. I expected that, as a professional, my security expertise would be valued.

I want to help you pass audits. In order to do that, you need to understand that passing the audit is not the actual goal. To pass audits, we need to have a security program that is perpetually healthy–one that creates and builds a security culture. It needs to be healthy enough where passing audits is a natural consequence of how we handle information.

I want to help you stay safe from attack. In order to do that, we need to not only perform risk analysis, but also act on the results. We need to take these results and turn them into action plans. We will sometimes need a budget to make these things happen.

I want to help you avoid fines, bad publicity and more regulations. In order to do that, we will need to actually enforce the security policy we already have, and which you signed off on. Yes, that means consequences for those who willingly violate.

I just wanted you to know that when you put systems into production and say, “we’ll do the security stuff later,” I can’t help you in the best way possible. When you start audit activities two months before the audit, then try to negotiate away the exceptions, I can’t help you in the best way possible. And when you don’t approve a critical patch on a production system because it might break something, I can’t help you in the best way possible.

I want to help you sell your product. In order to do that, the business has to stay safe enough to meet your goals. Let’s work together to find creative ways to protect the business.

Yours in security,

The Security Professional

Filed under Blog, Security Catalyst Contributors · Tagged with

About Michael Starks
Michael is an Information Security Professional specializing in host-based security, IDS, log analysis and compliance. He believes in applying basic security principles to an ever-changing threat landscape, and is currently exploring the various ways in which human behavior affect the success of security programs. He is a founding member of the Rochester, NY chapter of ISSA and has served for both ISSA and OWASP. He currently holds the CISSP, GSNA and A+ certifications. In his spare time, Michael enjoys spending time with his wife and daughter, and listening to early twentieth-century blues.

Comments

2 Responses to “An Open Letter to CEOs”

Chris Burton says:

March 10, 2009 at 12:23 PM

Amen to that.

But I would suppose it is not just CEOs but anyone who pays for a security consultant.
Sam Van Ryder says:

March 10, 2009 at 3:36 PM

Dear Security Professional,

Please work with the CIO on this. She is the person responsible for managing the issues you are concerned about.

Thanks for your help,

CEO

In other words – Ever get pigeonholed in your own company?

The Security Catalyst

An Open Letter to CEOs

Comments

Engage with Michael

Recent Posts

Journey Into the Breach

Archives