How Can InfoSec Change the World?

Something that has been really bothering me lately has been the subject of changing the world. I'd like to, but I'm having a tough time figuring out how. So, I have a simple question for anyone who can chime in: How can you use Information Security to change the world?

Here's some further explanation:

• I realize that making the world's networks more secure can make the world a better place. Computers run our world, and we need them in order to do even the most basic things in life.
  
• Day-to-day work of enhancing network security isn't enough for me. I want to have a bigger impact.
• I don't want to sit in a room with a "working group" and talk about ways to make the world better, I want to actually do hands-on work to make a difference.

Soul Searching

In my quest to figure out life, I've discovered something that has proven to be very thought provoking. It's a video from TED of Rick Warren, who was the pastor that gave the invocation at my friend's (I wish) inauguration. There was some controversy around him and his views which made me hesitant to watch the video, but I'm glad I did. While I don't agree with his main belief, that being the existence of God, his video really got to the heart of my understanding of what it is we're supposed to do with our lives.

It's unfortunate that the debate of life's meaning tends to have a religious connotation, resulting in a lack of discussion among people. As Rick Warren points out, this is not a religious question, but rather, a human question. Here are the other things that I like about what he said:

• There's more to life than work, TV, sleep, work, TV, sleep...
• The environment does not belong to us and we are responsible for taking care of it.
• What we believe dictates our behavior which dictates who we become.
• It is imperative for us to break our materialistic ways to realize that life is not about what we have. This is accomplished by giving away our material possessions (money).
  
• We should use "what's in our hands" (career, income, and influence) to make the world a better place.
  

While all of those points are important to me, the last one strikes me the most. He points out that I've been given talent, education, and ideas that have made me the person I am today. I'm wired to do information security, because for some reason that's where my life has taken me. I should use my career, income, and influence to make the world a better place. It's not about me, it's about the world. It really doesn't matter what I do as a career, all that matters is how I make a difference in the world with what I have.

Yeah, this is all deep, I know. It's also important to me and I'm proud to be able to confidently say that these are things I believe in. I have made a lot of progress over the past year, and I hope that this will help someone else to consider these human questions. At some point I'll blog about security, but for right now I'm trying to figure out how my passion fits into my life's purpose. I figure that would be a good thing to know.

Gettin Stuff Done

I feel like I've made a lot of progress lately, and while it's probably not that much, I feel like I've figured a lot of stuff out.

First off, I've figured out what type of volunteer work I want to do. Ever since I stopped being involved in Boy Scouts, I've felt like a lazy bum because I haven't been doing any community service. I've had issues trying to figure out what type of work I wanted to do. I tried doing some volunteering with a local organization but I just ended up painting a mural for an elementary school. It was fun, but I didn't feel like I was really making a difference.

After a search for literally about 6 or 7 months, I finally figured out that I want to do IT work (why not, I know how) for a non-profit. Through the help of one of my coworkers, who happens to be on a board for a particular non-profit here in Chicago, I'm going to be meeting with some people next week to see how I can help them with their environment. It's a non-profit that helps homeless people after they get out of the hospital to make sure that they're healthy, and to help them put their lives back together. It's a great organization, and I'm really excited to hear more about how I can help them.

The biggest motivator for me to volunteer (besides Obama) has been my new interest in philosophy. I've been reading a philosophy book, and so far I've read about Socrates, Plato, and I'm starting to get into Aristotle. It's opened my eyes to an entirely new way of thinking about the world and human existence. I still have a lot left to read, but I feel good about what I've accomplished so far.

Other than that, I've been:

• doing some studying for the CISSP
• trying to find a parking spot for my car (since I got kicked out of my really nice parking spot, forcing me to park on the street)
• realizing that I'm really lucky to still have a job
• traveling to NJ, WI, and OH
• learning more about SAN security

I'm hoping that by writing all of this down, my brain will hopefully make more sense and quiet down for a while. I'm also trying to write here more so that people I know don't think that I fell off the face of the earth. It would be nice to get in touch with some people from college, but without a Facebook account my chances are dissapointingly low. Too bad I'll never give in and get an account.

Look...

Look...I really like Obama, but he's making everyone in Washington say "Look..." before they say anything. Seriously! Watch CNN or MSNBC or whatever news channel and whenever they're talking about anything related to the Whitehouse, they throw in a "Look..." every once in a while.

Seriously though, I think the reason they're talking like that is because of the economy. What else could be causing such a shift in the language of America? I'm not sure what will happen, but I'm going to tell my boss that I'm not coming into work the rest of the week because of the economy. I think it'll go over well.

Who's To Blame

I can't help but blame my bank for letting my information get stolen. They should have patched their systems. OK, I'm a bit sarcastic. My information didn't get stolen and my bank didn't get broken into. But if it had, my first reaction would have been to blame the bank for not patching its systems.

After the Heartland incident, I realized that by default I blame the company who "let" the information get stolen, as do most people. Is it because as computer savvy people, we know there are certain things that should be done to protect systems? We all live in the real world and understand that the best change management policies and even change management systems don't stop things from slipping through the cracks. In an enterprise network, there are always holes. If there weren't I wouldn't have a job.

So, do we expect institutions to have perfect environments? I don't think we can. Obviously they must do their very best to ensure someone can't just walk in the front door and walk away with data (please blame me if I leave my front door open and my apartment gets robbed). But, I think that we need to start shifting the blame to the criminals, not the victims, a concept described here.

It will be exciting to see if Obama's Cybersecurity office has any impact on shifting the blame to where it belongs. As information security professionals we need to begin to move the emphasis onto tracking down and prosecuting the criminals, rather than scaring companies into not reporting the crime. How effective would law enforcement be at tracking down car thieves if no one ever reported the crimes? Let's stop blaming people for parking their cars outside and start helping the cops get the bad guys.

As a side note, my blog's recent inclusion into the "CSH Blog Network" made me realize that I'm really bad at writing posts. So, rather than having an entire post about the lack-of-posts, I decided to write about something legitimate. Hope it worked out. I'll try not to be so distracted in the future.