I do write and think about using our powers for good, not evil. Risk management matters, of course, but I don’t focus on vulnerability management, asset classification, or preventive controls. Instead, I respond to threats. I have to show up and try to find and stop the bad guys before bad things become worse things.
Actually, perhaps I could state that first paragraph more accurately and precisely. I don’t write for MBAs and I generally don’t look at the entire risk equation. Lots of other people cover that well, and I read what they have to say. Compliance only matters when I want to get somebody else to do the right thing. If you do the right thing, you’ll end up compliant (even though it might cause some pain in the meantime). And I don’t do buzzwords, but I definitely do memes. ROFLcopter and Courage Wolf have a lot to teach us all, mkay?
Future posts already in the pipeline touch on topics like MIRcon, active defense, the slow and deserved death of antivirus, approximate maximum subgraph homomorphisms, and the intersection of civil liberties and human rights.