Marcus Ranum has a podcast out on... well he called it with his title - Ranum's Rant. Now, I expect quite a bit from Marcus because he is usually contrarian and entertaining and provides thoughtful commentary along the way. Not this time.
I was disappointed to find out that his current podcast at http://www.rearguardsecurity.com/ - #2 on Past Episodes - is just a generic security rant. Whine, really. Oh, with a twenty-year window for nirvana! Hah!
Hey, I'm prone to it as well, but talk about cliche - non-security folks (especially! senior! management! yay!) are stupid and don't care and we (caring, serious, important, smart security professionals) try really, really, hard (really) to do a good job except we know they are stupid anyway (darn them!) and don't care about us (damn them!) or technology or anything at all...
I hate to burst anyone's bubble or anything, but wallowing in self-pity is not going to change anything. And, in fact, all executives are not stupid. We don't try hard enough to understand business problems. We can't even come up with a consensus on what set of significant risks exist in the IT world, so why would anyone believe us anyway? ((a good example? Well, Marcus uses passwords. Let me tell you, anyone fighting the "strong password" battle is completely missing the new(/old) threat models out there.)
No, successful Internet generation executives twenty years from now will have learned the same things today's executives have, so that won't help. WE'RE THE ONES THAT NEED TO CHANGE!
Co-dependent? No. Alcoholics on a binge encouraging each other to "fight the good fight" till our BAC is our body temperature and we wonder why we are constantly being relegated to lower and lower levels on the corporate ladder*? Yep, that'd be us. Sure, this stuff plays well to our crowd when we are drunk, but there are plenty of sober folks out there not buying it for a minute.
*If you haven't noticed, the top security spots in enterprises today are more and more frequently being given to folks outside of the security profession that understand how businesses manage risk.
Hat tip: Shrdlu at Layer 8.