Read at least the first few paragraphs of this post on 0x000000.com on how security is useless (wish I could remember who maintains that site, since their name isn’t apparent). If we’re into security or even have a smidgeon of security consciousness in our IT worlds, we’ve been there. In fact, I think we all need to hit this low point in the rollercoaster of life regularly. Really, that’s the point of what we do, right?
Every time I feel this way about security, I am reminded that skilled attackers are still rare and that security does not have to absolutely protect against them. We need to accept that and be happy with that if we’re to continue as an industry or even in our happy lives.
I like to think of security like herding cars, holding sand, or visualizing wind. These are all difficult, if not impossible tasks to do perfectly. That doesn’t mean we do nothing. Security is not black and white, perfect or useless; to believe so means a belief in a silver bullet to achieving a perfect security state. (Think about it for a while and what implications there are which follow certain beliefs.)
If it help you refresh your memory: the author does not seem to be a native English speaker. The impression that I get from his (very good) English is that he is probably Dutch.
Sir,
One of the things I like to remind myself, when I start thinking down this path, is that we (security professionals) are heavily inundated with security related information. We monitor the top security professionals. We see the tools and accomplishments from some of the cleverest malicious hackers and criminals. And we try to understand a long, never ending, list of threats and vulnerabilities. No wonder some of us get overwhelmed from time to time. If you monitor other bloggers long enough you will see this creep into their behavior and writing.
In the end, however, individuals who feel like this often move out of their funk once they find a new project or listen to the sage advice of some of those other security professionals I mentioned. Your point about the number of skilled attackers feeds right into this. Not everybody is out to bring down the Internet or steal your identity or money. Only a few. And, by employing the basics of security we can protect ourselves even from the very best of malicious hackers and criminals.
Go forth and do good things,
Cutaway
His name is Ronald, and he used to go by jungsonn. Active user on sla.ckers.org