Surprise?

Published: 2011-08-23
Last Updated: 2011-08-23 17:12:59 UTC
by Chris Carboni (Version: 1)
6 comment(s)

"The nice thing about being a pessimist," as the old saying goes, "is that every surprise is a good one."
In our industry, it's easy to be pessimistic for any one of a hundred reason that don't need listing here.  (Disclaimer - yes, I'm a pessimist) 

Whether your glass is half empty, half full, or as one friend recently told me, broken, what is it that surprised you so far this year?
Give us your comments on what surprised you and what you learned from it.  Just maybe you can save someone else (less pessimistic) from a painful surprise.

 

Christopher Carboni - Handler On Duty

Keywords:
6 comment(s)

Comments

I'm an engineer. That glass is twice as large as it needs to be. ;-)
There are people who won't set root passwords if it doesn't specifically say to do so in the security plan.
Some users (especially engineers) seem to think that they're smarter than people in IT and set up their own WiFi equipment in remote offices even though it's expressly forbidden in company policy.

That management won't punish users who compromise the security of the company by "doing their own thing" in violation of company policy... provided the user is an important enough person. Apparently some users really are above trivial things like "rules".
I'm jaded. The glass is half full, but it's the wrong damned half.

What surprised me this year was an Albanian being arrested at a nearby motel a couple of weeks ago. His kit consisted of a backpack with a solar cell on top, and a (cellular) netbook. He used dating sites to find / sucker in new mules in whatever region he was in. His "circuit" consisted of about six states and part of Canada. While mules and dating sites are nothing new, the risk of actually meeting to create confidence took me quite by surprise.
What has surprised me is the number of Federal agencies that are still getting the cheapest, most simple checkbox-check security assessment they can get, and may not even hire an actual security company to get it done.. more interested in having the right documents over protecting their systems.
I like turtles.

Diary Archives