In today’s tech world, the developer is king — and we know it. But if you’re letting us reign over your app dev strategy, you might be in for some surprises, thanks to what we aren’t saying.
Stories by Anonymous
I was having lunch last week with the senior executive for one of the large agencies in the government organization where I work, when I asked about the agency's information security officer. I'd heard that the ISO had left his job rather quietly and quickly a few weeks earlier, but I hadn't been able to get a clear answer or reasonable explanation as to why. This isn't as strange as it may sound. Our government organization is very decentralized, and the agency ISOs don't work directly for me. I don't have any real authority over them other than to ensure they institute the enterprise security policies within their agencies (but that's a whole different story).
The senior executive told me that he'd been meaning to bring me up to speed on the situation but that it was very complicated, and after the ISO left, he didn't feel a sense of urgency to close the loop. Because the senior executive was relatively new in the position, he'd spent some time trying to get to the bottom of the whole situation himself. My antennas were now wagging in anticipation.
Contract review is tedious, particularly when it comes to going through all the fine print with a security guard provider. This can be especially problematic if your interaction (like mine) with contract guard agencies is for supplemental work only and not as a key component of your program. For today's extremely busy CSO--and that's all the CSOs I know--there is little time for such painstaking work. But it's crucial. Consider the following three scenarios:
We have a chief financial officer who's always been a nut on quantitative measures. But he's recently decided to make a metrics march on all his direct reports -- and that includes me. So every department in the company has engaged in a great exercise identifying the metrics appropriate to their business processes. And since all the service functions (including corporate security) report to him, I determined that compliance is the better part of valor.