Tech Talk Live Blog

The Key to Information Security: Relentless Incrementalism

Kevin Beaver

Now that the 2014 Tech Talk Live conference is over and you have gotten your fill of IT and information security content, now is the time to keep up the inspiration and motivation. How to find out where you are weak and ensure things are kept secure is no longer a mystery. It is now up to you to make things happen – a matter of choice and discipline.

The worst thing you can do about information security at this point is nothing. Everything you do – every decision you make – counts toward the end goal of minimizing your information risks. I am not saying go out and spend money and implement controls for the sake of ‘security theater.’ Wait until you have a problem to solve. Reality is showing us that we all have quite a few of those. A security assessment is all you need to uncover the critical areas that need attention.

Meditation expert Jon Kabat-Zinn said, “We may find ourselves resisting innovation and change and becoming overly protective of what we have built because we feel threatened by new ideas or requirements or by new people . . . it’s not what you know; it’s what you are willing to know you don’t know.” This is one of the most important aspects of being realistic and practical in IT and managing your information risks.

Stop following someone else’s “best practices.” Create your own that work better than any others based on your own specific needs. Stop letting documentation (i.e. security policies) represent reality. They never have and never will. Rather than getting caught up in the minutiae being thrown your way in security, look at the bigger picture. Find and eliminate the low-hanging fruit that is on your network right now and will continue to resurface in the future. Focus on the urgent and the important for now, and then drill down to eventually address the other areas of security that matter.

Rather than being resistant to change, step up and take charge of your information security program. Success in information security lies on the far end of failure. It is okay to make missteps as long as you are doing your best with what you have. Take the Thomas Edison approach, he said, “I have not failed. I’ve just found 10,000 ways that won’t work.” Just learn from others about what doesn’t work and vow not to repeat the same mistakes.

Develop a habit of these approaches to information security through the process of relentless incrementalism. You will see results of which you will be proud, instead of results you regret. Here’s to a new outlook on information security for the rest of 2014 and beyond!

Also, don’t forget to check out my whitepaper Information Security Essentials You Can’t Afford to Overlook.

Kevin Beaver is an information security consultant, expert witness, and professional speaker with Atlanta-based Principle Logic, LLC. With over 25 years of experience in the industry, Kevin specializes in performing independent security assessments in order to help business executives understand their information risks that matter. He has authored/co-authored 11 books on information security including Hacking for Dummies (Wiley) and The Practical Guide to HIPAA Privacy and Security Compliance, the second edition of which is coming out in 2014. In addition, he’s the creator of the Security on Wheels information security audio books and blogproviding security learning for IT professionals on the go. Kevin can be reached at www.principlelogic.com and you can follow in on Twitter at @kevinbeaver.

Tech Talk Live Blog Comment Guidelines:

One of our main goals at Tech Talk Live is to build a community. It is our hope that this blog can be a forum for discussion around our content. We see commenting as an integral part of this community. It allows everyone to participate, contribute, connect, and share relevant personal experience that adds value to the conversation. Respect counts. We believe you can disagree without being disagreeable. Please refrain from personal attacks, name calling, libel/defamation, hate speech, discriminatory or obscene/profane language, etc. Comments should keep to the topic at hand, and not be promotional or commercial in nature. Please do not link to personal blog posts, websites, or social media accounts that are irrelevant to the conversation. This is considered self-promotion. We welcome links that help further the conversation and reserve the right to delete those we deem unnecessary. The appearance of external links on this site does not constitute official endorsement on behalf of Tech Talk Live or Lancaster-Lebanon Intermediate Unit 13. You are solely responsible for the content that you post – please use your best judgment. We reserve the right to remove posts that do not follow these guidelines.

Leave a Reply

Your email address will not be published. Required fields are marked *


Tech Talk Live is the only conference of its kind in the region specifically designed for IT pros in education.

1020 New Holland Avenue, Lancaster, PA 17601

(717) 606-1770