Recently I was the subject of another Security Professionals Blog. My name was never mentioned in the blog itself because I have never been publicly identified, but the entire subject matter of the blog was my current task here at McAfee. Now I would believe that the majority of security professionals out there would not want their work to be criticized, but I actually feel the opposite. With all of the talk about the McAfee Secure Standard and how it could be improved, as a security professional myself, I fully agree. I do believe that Client Side Vulnerabilities such as Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) should be a downgradable issue, however business decisions are rarely up to the security professionals themselves.
Now I was planning on identifying the PROs/CONs of being under current scrutiny of Security Professionals, but honestly, I could not find any CON's about it. Not only did the blog serve as a small acknowledgment that what I am doing here, is actually making a difference, but it also served as a tool that I could exploit to verify that this current issue was serious and needs to be addressed.
I wont go into details of how I used this Blog Post to my advantage, but I will tell you that it involved sending the link to multiple parties. This raised the severity of the issue to a more critical state and teams were placed immediately to resolve the issue. It is amazing how someone you have never spoken with or met, can make such an impact on your current position, by pointing out the obvious. Sometimes I guess the obvious is rarely understood until it is made an example of.
I would like to finish typing for a while (because I am lazy today) by asking if anyone out there would like to blog about our salaries or the impact that we actually have on a company. I feel that these are two topics that affect me directly and I would love for them to be open to scrutiny.
4 weeks ago
Posts
0 comments:
Post a Comment