One of the issues I personally run into is walking into a new environment and people asking me about my experience. The issue, or so I am told, is that I look young for my age. The problem this creates is that when I state that I have 25 years of experience in the secure data world people begin to wonder if I am overstating things or intentionally inflating them. No the reality is I am progressing in age and my college age kids will attest to that. I just seem to be gifted with good genes.
Now what does that have to do with security and identity. Well for those that have been around I think it will be obvious - things are not always what they seem. "That cant't be - it's too good to be true" "Really you saw that online?" are just different ways of saying the same thing. Security is about diligence. In my example the customers are being diligent, they are making sure they are getting what they paid for. In these other cases - it is quite likely someone will get what they deserve if they were not diligent.
In the corporate and government security world we try to make diligence programmatic. We black or white list things. We take out what is bad or we close everything down and open up what meets the security requirements and need. We define policy and practices to adhere to. We have firewalls, intrusion detection, intrusion prevention, virus scanners and on and on. But we still need to remember we have people involved.
In the past year we have had lots of cases where the person was the problem - a Citi exec charged with wire fraud and UBS and Countrywide execs also charged or sentenced. The lesson from these is broader than just the specific financial mess that falls out but it is a lesson of diligence and oversight. It is a lesson of education. These are lessons that equally apply in building a security plan. No matter how good the technology and policy it these things have to get implemented. And that implementation needs to be done by well trained people with appropriate oversight dependent upon the associated risk profile.
