I know that you all watch Star Trek and that you know what “warp drive” is. The basic premise is that you can get from “here” to “there” in 1/10 of the time (or 1/100 of the time) of the speed of light.
Did you know warp drive is a real thing? It’s definitely possible to do and we have good ideas on how. Some smart people are working on it and they are far enough along that they are even starting to communicate delivery timelines. It’s decades away, but it’s in the pipeline.
Also, it is not possible to go faster than the speed of light.
Wait… what!? How can I get there faster than light even though it’s impossible to go as fast as light?
Albert Einstein is at the root of all this. His famous formula, E = mC^2, says it all. It says, quite literally, in terms of physics, it is impossible to go faster than the speed of light.
What Einstein said was: “These are the rules, and you cannot break them.”
He put us in a little box.
But as people started to expand his formula into all the places it applied, they discovered he had also shown us lots of ways we could “bend” the rules.
That’s how warp drive works. It literally bends the rules – bends space itself.
Einstein showed us how to re-imagine what it means to be in our little box. And suddenly, that little box seemed as big as the whole galaxy, if not the whole universe.
In cyber security, here are some rules you absolutely cannot change:
– Attackers are smart, creative, talented, innovative and agile. They are as tough as, perhaps tougher than, your toughest business competition.
– Attackers are more numerous than security experts, perhaps even more numerous than IT workers. There are more of them than there are of you.
– Attackers are motivated. They have deep-seated passions, and they can get paid a lot of money when they succeed.
Here are some ways you can re-imagine your box and “bend the rules:”
– You may not have to hire more security staff. You may not need to hire any new staff at all. Instead, you may need to re-imagine where and how IT budgets are allocated and where certain skill sets are best applied.
– You may not need a man-to-man defense. Instead, you may need to invest in technology that continuously ensures you have the home-field advantage.
-You may not need to hire “talent.” Instead, you may need to update your understanding about incentive packages and market rates, bottom-line costs vs. true margin and ROI, certification and on-the-job-training, and team resourcing and culture.
If you’re still pounding your fist that someone, dammit, ought to be able to build you a spaceship that can literally travel the speed of light, then you’re stuck in an old paradigm, and you’re not going to get anywhere. You’re insisting, not innovating.
If, like today’s cyber attackers you can find your way to both respecting the rules and understanding how to bend them, then you’ve entered the new reality, and you are going to go farther than you ever imagined.
I’m always talking about how we need more security workers. Not just experts, but tiers. Not just mavens, but teams. And I do try to give ideas and concepts on how we could get there. But I admit, and I bet you’ve critiqued, that I’m missing the details of execution. At the end of the day, where is the road map, the step-by-step, to getting there?
A guy named David J. Bianco is building that roadmap. He’s crowd-sourcing it in fact, and building community in the process.
David J. Bianco, thou rockest most righteously.