The term “black swan event” was introduced by Nassim Nicholas Taleb in the book Fooled By Randomness. Black swan events have three major characteristics: they are rare, they cause a significant or extreme impact, and upon retrospection, they are actually predictable. As described very well in this Wired article, “getting hacked” is a black swan event. While “getting hacked” can mean many different things, let’s take the example as used in the Wired article of having your identity stolen by hackers. It is rare enough that many of us will probably never experience it. Some cases have an extreme impact such as having your identity stolen, losing funds from your bank account, or having your computer or mobile devices wiped. And as this blog and any number of[…]

I read a good article a few weeks ago, by Tom Mendoza of NetApp called 6 Powerful Ways to Embrace Change. It’s worth the short read. It got me thinking about how the Information Security industry is really in the business of change management. Change management seems a business term for “doing everything you can to avoid embracing change”. I’m going to take Tom’s 6 ways and rewrite them from an information security perspective. 1) Don’t look back Unfortunately, in the information security industry, not looking back is a sure key to failure. If you don’t continue to address the risks presented by your legacy system which no longer gets security patches, or pay attention to information that was long[…]