On Tue, 2 Apr 2002, Christopher E. Brown wrote:
I think it comes down to being able to deal creatively with a lack of total control, and find ways to limit what you cannot eliminate.
Security specialists can't be everywhere, can't do everything, and can't stop every bad thing. The reality is the people who have the biggest impact on security don't have security in their job title. Instead of a neighborhood watch do we need a network watch? While we need a few people with "deep" security knowledge, we also need to spread a thin layer of security pixie dust throughout the entire organization. Is it really a lack of control. While some security specilists carry a big stick, on most projects security is just one of many specialities required to work together. If you are a security specialist, just getting invited to a project before its finished is a major accomplishment.