4. Ask questions! Every time you hear a vendor, a conference speaker or read an article that makes statements without providing context or gives statistics without providing the data, ask yourself what are they trying to achieve? Don’t be afraid to challenge these sources and get clarification on how they are using data to support their arguments. Always ask why.
5. Finally, let’s work together and share information on how we can better protect our networks, systems and data. If you’ve managed to successfully implement a solution to a particular problem, share it with your peers. Post it online in a blog post or as a white paper. Consider li presenting it at a conference. It need not be a major conference - start with your local chapters of ISSA, ISACA, ISC2 or OWASP.
Our job as information security professionals is a challenging and exciting one, but let’s make sure the work we do is based on facts and logic and not on hyperbole and headlines.
Brian Honan is an independent security consultant based in Dublin, Ireland, and is the founder and head of IRISSCERT, Ireland's first CERT. He is a Special Advisor to the Europol Cybercrime Centre, an adjunct lecturer on Information Security in University College Dublin, and he sits on the Technical Advisory Board for a number of innovative information security companies. He has addressed a number of major conferences, he wrote the book ISO 27001 in a Windows Environment and co-author of The Cloud Security Rules. He regularly contributes to a number of industry recognized publications and serves as the European Editor for the SANS Institute's weekly SANS NewsBites.