I’ve noticed that there are two types of security people: anal “type A personalities” who live every moment by the rules, and those that realize that there is no real security. Please understand that these two mindset don’t seem to have anything to do with talent. I’ve met talented people with both mindset. A talented security professional is mindful, aware, and always pays attention to detail. The very best seem almost psychic in their ability to spot wrong doing, security breaches and even malicious intent.
Type A security people seem to thrive on “catching bad guys”. Its like they are kids playing cops & robbers. These people thrive on structure, order and regulations. In information security they know how important it is to have lots of centralized control and a stardard configuration for all systems. In the Meyers-Brigg’s personality test, these people are ESTJ’s (Extraverted Sensing Thinking Judging). The thought of any getting away with breaking the law (ANY LAW) is unacceptable. These guys make great Directors of Security, CSO’s and other policy creators as long as they don’t micromanage their people. Their employees will either love them as a great mentor or hate them with every fiber of their being.
Those who realize that there is no such thing as security are hackers. They are many times INFP’s (Introverted iNtuitive Feeling Perceptive). Unlike the ESTJ’s they don’t care about structure and rules because the realize that rules are only suggestion to keep an acceptable level or order. For them the most important rules are in a persons heart. ESTJs will usually see these people as lazy and don’t really care but these people are just trying to find an easier way to do things. If they don’t enforce certain rules or cut corners, it because the sincerely believe that the rule or enforcement (in that particular situation) is not needed. Employees will usually love INFP’s unless they happen to be ESTJ’s.
I am a bit biased because I am in the second camp, INFP. I don’t believe there is a such thing as “security”. No one is ever completely safe. All a malicious intending person needs is the element of surprise, time, and pressure an they can get away with anything they want. Further, anyone at anytime can have malicious intent: employees, kids, bosses, friends, family not just random strangers.
Security is just an illusion. The one good thing security does is ensure you are faster than the slowest person, organization, network or whatever on the block. Those with malicious intent will typically go for the easiest target.
Since many crime happen from people that the victims know all we can really do is not worry about it. Life is too short to waste too much time fretting about every possible thing that can happen to you.
I guess that is what Ben Franklin meant when he said:
“Those Who Sacrifice Liberty For Security Deserve Neither”
If you worry so much about security that you can’t enjoy the fruits of your labor, then what is the point of the living and if you can’t enjoy living whats the point of protecting ANYTHING. – elamb