I answer the phones here in our office. Often I take calls from people who occupy very important positions in their companies, but who have no clue how to manage information security.
Although this might seem like a negative basis for a business relationship, the truth is that I admire and respect these people. It takes courage and humility to admit when you are unable to solve the problems you have been tasked to conquer. I commend anyone who calls our office looking for help and advice: you give me hope in our species.
A more morbid rabbit hole my mind sometimes travels down starts with, “What about all the high-level executives pretending—maybe even to themselves—that they know what they’re doing when they really don’t?”
Ignorance and naiveté are potentially dangerous in the best situations. And the landscape of escalating information security threats we face is very far from a “best situation.”
“…take a lesson from “Star Wars: Episode IV – A New Hope” and find yourself a trustworthy guide…”
There’s no shame in getting the right help to accomplish a critical task. Luke Skywalker couldn’t have destroyed the Death Star on his own; he needed Obi Wan and Yoda to get him up to speed. Likewise, it’s unlikely that anyone can individually know enough to effectively address CCPA compliance, get a SOC 2 Type 2 attestation, read and operationalize the results of a penetration test report, effectively manage third-party risk, educate employees on phishing and social engineering attacks, and fulfill any number of other, equally important information security related tasks… not without some help.
It doesn’t have to be Pivot Point Security. But if you are drowning in responsibilities you have no hope of conquering on your own, take a lesson from “Star Wars: Episode IV – A New Hope” and find yourself a trustworthy guide before the bad guys get the upper hand.