It starts with “Why”
When I started in Information Technology (IT) over 25 years ago, I was already fascinated by the principle that was published a few years ago by the American optimist and writer Simon Sinek: Always start with the “Why”. Actually all my life, I have always been the “Why”-asker in the room. Curiosity is an important characteristic in the incorporation of knowledge and the acquisition of methodologies. Inseparable from this is questioning what you are being served. We all know what is said about assumptions…
IT is about exchanging information; from sending a simple E-mail, all the way to controlling the Hubble telescope. So information is the most basic part of my field of expertise. And in this day and age, the world. Information can be vital, which is precisely why it is important that it must be protected on the basis of 3 important pillars: the C.I.A. No, not the US intelligence service, but Confidentiality, Integrity and Availability.
In this context, the principles mentioned “Start with Why” and “Doubt and Control” are truly important. Doubting and checking needs little explanation, but the Why is often less obvious.
Why then that “Why”; why am I passionate about information security? Because information is valuable. For yourself, for your family, for your company and sometimes also for the big picture. And what is valuable must be protected.
There is a paradox in protecting information; information also wants to be shared. That is ingrained in the intention of information. After all, without sharing and spreading, it is a “dead” thing. Nobody can do anything with it.
This is also the case in IT. There is a paradoxical line between protecting and sharing, between private and public. This is where my company name was born: Borderline Internetworking.
Guarding the border with technological means and communication between networks. The easiest example is the firewall between the corporate network and the Internet.
IT is all about processing information with technology. The technology must therefore support and counter the above mentioned paradox; the information must be valued. What can I share and what do I want to keep to myself. This calls for awareness.
Information security is often seen as an IT responsibility in the 21st century, but can only be effective as part of the company culture. Protecting information, disclosing it and raising awareness to recognize the difference. This is possible through consultancy and training. The Why, How and What are the questions that need to be raised at the beginning.
When it comes to information security in cyberspace, no organization can be “bulletproof”, but one can strive for “bullet-resistant”. And the best way to do that is to hire the right talent, which helps the organization keeping the border closed to criminals and open it up to the exchange of information, needed to run a business.