Examining the risks of IT hero culture This ISACA article examines a situation that is commonplace - since people often have an uneasy working relationship with technology, such that if one is able to help such a person out of a jam and save hours or more of work, for instance, then one is lauded as a hero in the eyes of the person saved. This article presents how this model is sub-par, wearing on both the heroes and those counting on them, resulting in an unsustainable situation. This is directly related to the sorts of relationships that project and program managers have with cybersecurity: they bring in cybersecurity expertise to apply patches on-top of code and systems to perform 'cybersecurity' rather than making it a fundamental characteristic of the built system - from design through maintenance. Unfortunately we are in a time and world of persistent threats and supply chain vulnerabilities. Cybersecurity is an everyday, everybody, all-the-time activity, broken out of t
Thoughts and Ideas of a working software engineer. Observations of the oft-forgotten, but painfully obvious. Remember: Experience pays, and experience costs.