"Security is not important, when you have it.(*)" - a constructive blog on security

Hello everyone! As you can see, I decided to start blogging on security, maybe sometimes on interoperability. To be honest, if the blogosphere was the solar system, I could be found closer to Neptune than Mercury. However, I’ve been spending more than the last five years meeting with people on security and every time I have had a discussion with a customer, a partner, a home user, a security expert or a crisis management specialist the exchange was very valuable. In fact, security is such a wide topic that one can learn something every day. What’s more there are many sources of inspiration in other industries. I hope that this blog will be a way for me to share with you some thoughts and for you to provide feedback, to both me and the readers (if there are some:-)) . I’ll try to cover a wide range of topics. I plan to share pointers to content from people at the border or even outside of this industry whose work or ideas can provide food for thought. And I’ll also post on technical subjects. After all, this blog is hosted on TechNet!

(*) Well, you might be wondering what I really mean there. I was inspired in the choice of this ironical sentence by a colleague saying “for a computer science engineer, technical skills are not important; as long as he has them”. I like transactional jokes and decided to paraphrase it. I think it actually emphasizes pretty well that security is paramount (in fact maybe my colleague was himself paraphrasing someone else but after some quick research I did not find the original, so if you know, let us all know) .

Some people seem to still consider security as a impeding and boring thing that is at best a necessary evil. Having tried to convince some of them that security can be fun, I must admit that I wish they were totally right in not being interested in security, and maybe thinking security is not important. That would mean they would have mastered security enough to not worry about it anymore, because they would have managed to achieve and maintain the right level of security. The first part of this tag line also emphasizes that a company is usually not about security, it’s about its core business. Therefore for any regular business, security should not be the most important thing as it should be granted that any of its competitor would achieve a comparable and reasonable level of security. Well let’s face it, the day any company can say that security is not important may never happen. And if it is ever close to arriving, which I don’t really believe, that will take a lot of efforts. After all, it’s maybe why you decided to be a security professional: to have a lifetime insurance against unemployment, isn’t it ? ;-)