Tuesday, July 5, 2011


Risk is a four letter word.

Today marks the anniversary of when I entered the security field.  Some security mishaps over the long Independence Day holiday, and several strange twists of fate, prompted me to be "promoted" to be the head of security - both physical and computer security.  It was a field I knew little about then... and what I learned has kept me up nights ever since.

But one crucial component has stuck with me, and I now want to pass it on to you.  Security is not about eliminating all risk and making something perfectly and totally safe... such a goal is impossible.  There will always be a level of risk that, at some point, you have to accept because to eliminate that risk would cost too much (in some unit of measure of cost), and it would not be worth what you are trying to protect.  You can protect yourself from stubbing your toe by wearing steel toed boots day and night - but is that really worth it?

We all take risks on a daily basis - we just don't think about them.  We have accepted the risk, and it is part of our daily lives.  If we did not risk anything - we would also not gain anything.

Safe.  Risk.  Gain.  Three strangely related four letter words.  Keep them in mind.