ROI the White Whale of the security industry

Call me Ishmael. Some years ago – never mind how long precisely – having little or no money in my purse, and nothing particular to interest me, I thought I would secure a little and see the digital part of the world…Whenever I find myself growing grim about the mouth; whenever it is a damp, drizzly Patch Tuesday in my soul; whenever I find myself involuntarily pausing before rooted boxen, and bringing up the rear of every malware infested windows device I meet; and especially whenever my black-hats get such an upper hand of me, that it requires a strong moral principle to prevent me from deliberately stepping into the street, and methodically knocking people’s hats off – then, I account it high time to get back to security basics as soon as I can. This is my substitute for pistol and ball…

Finally, I always go digital as a security professional, because of the unwholesome exercise and impure air of the internet. For as in this world, stealth malware are far more prevalent than script kiddies (that is, if you never violate the Pythagorean maxim), so for the most part the profit driven executives back at corporate get his security information at second hand from less than expert journalists, snake oil salesmen and security charlatans through the Google. He thinks he secures it first; but not so. In much the same way do the commonalty lead their leaders in many other things, at the same time that the leaders little suspect it. But wherefore it was that after having repeatedly smelt the DoS attacks as a network security engineer, I should now take it into my head to go on securing a large enterprise; this the invisible police officer of the Fates, who has the constant surveillance of me, and secretly dogs me, and influences me in some unaccountable way – he can better answer than any one else. And, doubtless, my going on to seure this large enterprise, formed part of the grand programme of Providence that was drawn up a long time ago. It came in as a sort of brief interlude and solo between more extensive performances…

Though I cannot tell why it was exactly that those IT managers, the executives, the CFO put me down for this shabby part of security, by demanding ROI, when others were set down for magnificent parts in high visibility breaches, and short and easy parts in lost or stolen data, and jolly parts in virus outbreaks defeated – though I cannot tell why this was exactly; yet, now that I recall all the circumstances, I think I can see a little into the springs and motives which being cunningly presented to me under various disguises, induced me to set aboutperforming the part I did as security ROI guy, besides cajoling me into the delusion that it was a choice resulting from my own unbiased freewill and discriminating judgment.

Chief among these motives was the overwhelming idea of the great whale himself – security ROI. Such a portentous and mysterious monster roused all my curiosity. Then the wild and distant excel spreadsheets and profit/loss calculations where he rolled his distant calls; the undeliverable, nameless perils of security ROI; these, with all the attending marvels of a thousand abacus armed accountants, helped to sway me to my wish. With other men, perhaps, such things would not have been inducements; but as for me, I am tormented with an everlasting itch for return on my investments. I love to secure insecurable environs, and beat back the demon hordes. Not ignoring what is good, I am quick to perceive a horror, and could still be social with it – would they let me – since it is but well to be on friendly terms with all the black hats of the place one surfs in.

By reason of these things, then, securing a large enterprise an providing ROI justification was welcome; the great flood-gates of the wonder-world swung open, and in the wild conceits that swayed me to my purpose, two and two there floated into my inmost soul, endless processions of an unattainable security ROI, and, mid most of them all, one grand hooded phantom, like a lone security voice with only fear, uncertainty and doubt to sway the captains of industry…

Too much coffee – perhaps, but the whole security ROI blog debate is our equivalent of the White Whale (here), (here), (here), (here) and (hoff) who you should not Hassell.


3 thoughts on “ROI the White Whale of the security industry

  1. Pingback: ROI the White Whale of the security industry | MS Office Security Watch

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s