Obscurity by Security

What do I mean by “Obscurity by Security?” Keeping watch over the security requirements of simple applications, websites, large data stores containing sensitive information, or even the IT holdings of multi-million dollar corporations is unlike most other jobs.

When a team cranks out a new iteration of the product with significant UX enhancements, noticeable performance increases, or demonstrated results in analytics, techies and non-techies alike can realize the enhancements and verbalize praise for the effort. After trying out the new sign-up form, a CEO may exclaim in the weekly executive meeting, “Great job! The new sign-up really flies, and my wife loves the look.” An office assistant may point out over lunch that the new website looks great on their brand new smart phone. And, customers will sometimes go out of their way to contact the company to let someone know that “Cheryl Smith provided fantastic customer support by quickly helping me recover all of the images I’d thought I’d lost.”

Sure, the feedback isn’t always positive (sometimes the CEO hates the new sign-up form, etc.), but the potential for fellow employees, industry peers, and/or general customers to notice and compliment nice work is there.

When do those in charge of security get noticed? When the bored script kiddie gets through the hole in the legacy system that was supposed to be patched last week. When the new programmer’s little omission of an input check leads to a big buffer overflow, allowing the mob compromise the companies digital assets. When the company blogger opened an email that “seemed legit,” only to realize days later that someone has logged into their website and posted porn throughout.

In contrast to their coworkers, security professionals good days are when their work is barely a footnote in the executive meeting. Good days are when they’re contributions are tolerated by team leaders. Good days are when customers say absolutely nothing about security in their survey responses. When working on security, obscurity is the highest compliment.

Leave a Reply

Your email address will not be published.