Dark days in information security

To be honest it’s been a while since I’ve worked in a security conscious environment. When I first started out my career I was extremely interested in security (and I still am) but the organizations I worked in were not as interested in the end-result as much as the process itself–ie. meeting and checking off certain requirements rather than actually being secure.

As my career continued it just became too hard to do the things I thought were required to achieve reasonable information security, so in effect I gave up, and instead of being a security system administrator, or security analyst, whatever the title, I became a plain old systems administrator and started to focus more on storage and research systems, and now “cloud” technology (such as OpenStack), and the devops mindset.

However, I still consider information security my true calling in terms of my IT career, so you can imagine how disappointed I was to read wave after wave of articles and news items regarding the various privacy invasions, alleged illegal spying, etc, etc.

Even though it’s been a few months since the revelations brought on by the leaks made by Edward Snowden and others, and the snowball effect that has created more interest and information around global information security, I find it difficult to properly analyze and discuss the events. It will likely take some time to sort out the damage. Suffice it to say that I hope that as we continue to use more and more technology that politicians, entrepreneurs, teenagers, security experts, government employees, police and security agencies…everyone…takes some time to consider how things are changing and what security, sovereignty, freedom, privacy, patriotism, and democracy really mean to them.

Certainly societal norms can, do, and should change over time, but I think it’s important to occasionally take a step back and try to make sure that we are consciously working towards achieving our true, long term goals as a society. It’s easy to slip into a reactionary posture and make changes that–while seemingly beneficial in the near term–may do more harm than good over a longer period of time. On one hand the future is hard to predict, but on the other…we do make our own future.