On Fri, 11 Jan 2008, Suresh Ramasubramanian wrote:
disclaimer: Names replaced by X, Y and Z solely to render this little
story fit for public consumption .. it took place at a nominally
closed meeting. It wont take you too long to arrive at reasonably
plausible guesses for X, Y and Z, so I will leave you to the guessing.
No points for the right answer, no comment either .. what I'm pointing
out is general enough that it could be any X, Y and Z companies,
Yep, and X, Y and Z could be companies in any industry. I've been at
conferences where the A/V presentor didn't know the other part of the same
A/V company. And conferences where the ASP presentor wasn't aware what
the other part of the same ASP was doing about the same problem. And so
on.
Likewise, banks don't seem to be as concerned about identity theft as
the victimes of identity theft who call their customer service reps;
anti-virus vendors doesn't seem to be as concerned about malware as the
victims of malware who call their customer service reps; mail service
providers don't seem to be as concerned about unsolicited messages as the
victims of scams contacting their customer service reps; law enforcement
agents doesn't seem to be as concerned about crimes as the victims who
contact their emergency numbers.
Q: What do anti-virus companies really think about security issues?
Q: What do banks really think about security issues?
Q: What do law enforcement agencies really think about security issues?
That's why I suggested to Rob and other folks the importance of listening
to what they tell you how to work their particular processes. Every large
organization has them, although often the real processes are unwritten.
Once you understand how the organization works, its much easier to figure
out how to make it work for you.
Shouting at the mountain won't move the mountain out of the way, and will
just leave you frustrated. But ask a native nicely for help, and you
might learn about the trails and passes over the mountain.
