Examining the risks of IT hero culture
This ISACA article examines a situation that is commonplace - since people often have an uneasy working relationship with technology, such that if one is able to help such a person out of a jam and save hours or more of work, for instance, then one is lauded as a hero in the eyes of the person saved.
This article presents how this model is sub-par, wearing on both the heroes and those counting on them, resulting in an unsustainable situation.
This is directly related to the sorts of relationships that project and program managers have with cybersecurity: they bring in cybersecurity expertise to apply patches on-top of code and systems to perform 'cybersecurity' rather than making it a fundamental characteristic of the built system - from design through maintenance.
Unfortunately we are in a time and world of persistent threats and supply chain vulnerabilities. Cybersecurity is an everyday, everybody, all-the-time activity, broken out of the bounds of the Security Operations Center.
It makes me think of the saying "keep your eye upon the doughnut and not upon the hole".
Comments