In Depth
Five Mistakes Security Pros Would Make Again
Whether it's getting fired for standing up for what's right or making a network configuration mistake that leads to better security, there are some mistakes worth making. Five security pros offer personal examples.
By Bill Brenner, Senior Editor
"I learned more about that particular network and our rules structure than I would have just working on them.
"Everyone in security makes mistakes. It is the one true way we learn to succeed in our field. Constantly testing and pushing the limits will break something. I prefer to be the breaker."
- 4. KIDNAPPING THE WRONG GUY
- Mistake maker: Douglas McGaughey
- Position: Security consultant
- Location: Washington D.C.
- The incident: Kidnapped the wrong person during a counter-terrorism operation
"I used to manage a counter-terrorism training team and one time, after conducting a lengthy target evaluation and feeling confident in our plan, we initiated it. We kidnapped the individual, who liked to take early-morning jogs. We hustled him into our waiting van and then identified ourselves.
"Long story short: It was the wrong guy. We came to find out that our intended victim had an overnight guest up from some assignment in Central America.
"But we came out smelling like a rose. The guy we kidnapped was so impressed with our stealth, speed and capabilities, and disappointed with himself for letting his guard down so quickly after leaving his last "high-paced" assignment that he offered to give a speech to our students [about his experiences]. His speech hit home and we lucked out big time.
"I wouldn't change anything, as it taught us some valuable lessons and the audience learned something."
- 5. RISKING THE JOB FOR WHAT'S RIGHT
- Mistake maker: Doc Farmer
- Position: Senior security specialist
- Location: Virginia
- The incident: Losing jobs for taking a stand
"I've lost a job or two by sticking to my principles and telling the truth to management who didn't want to hear the truth (not even diplomatically). When they've taken risks that put the entire organization at risk and asked me to sign off on them, I've refused. And I've been sent packing because of it.
"But even with that, I don't regret the decision. I have to be able to look myself in the mirror when I shave my head every morning, after all, and I'd rather be unemployed and honorable than being an employed liar."
Other stories by Bill Brenner
security mistakes
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
