Written by: Paul Oor | Conclusion
The IT industry can still learn a lot from the aviation sector. About a hundred years ago, a round of flying around the church tower was still 'daredevil'. Nowadays we take a plane to get us routed to the other side of the world, with great confidence in technology and professionals. This is why this time a bit about the (flight) lessons that I apply in my daily practice as Chief Security Officer.
Training for a pilot's license is very instructive. Just like real flying and the accompanying theory in various subjects such as communication, planning, meteorology, aerodynamics, engine technology, procedures and even the limitations of the human body.
Giant fascinating, but during the many hours with an instructor in the cockpit I learned the most, also about myself. And that still has a lot of impact on my daily, professional acting as Chief Security Officer.
The instructor has a challenge. He must assist you in the transition from 2-dimensional thinking and planning to 3-dimensional. Except that, even in an environment where speeds are much higher than you are used to and roads only exist on your flight card and navigation equipment. The number of factors that you have to take into account when making decisions is also much larger than you are used to and then you are ultimately completely dependent on yourself as a 'captain'.
As Chief Security Officer you regularly have times when many and unexpected issues require your attention at the same time. That is no different with flying. During takeoffs and landings you are really extremely busy, while you just have to radiate peace and quiet, because your passengers will find that exciting moments after all.
Inevitable crowds? Partly, but a good instructor teaches you ' staying ahead of the airplane' . If you know that there are times when you are getting very busy, you will use every available moment to do everything you can do beforehand. You buy a lot of time and you reduce the workload at times when you have a lot to do. Partly because of this approach, flying has become a very safe activity.
Related: 6 Top Tips From Cyber Experts for Securing Your Organization’s Data
OK, staying ahead of the airplane, what is the parallel with IT and specific IT security?
The developments in the IT domain are also going fast.
Apart from that, we also regularly have to deal with surprises. Often we are also very incident-driven as Security Officers. We are very busy with that. Spectacular and certainly nice finally all that - temporary - interest from the management and business. But there are times when you want to be less busy and reactive to work. We have seen many examples of short periods with enormous attention and pressure such as WannaCry and (not) Petya. Security in the spotlight!
If you are honest, a lot of activity was avoidable by making sure that you are less vulnerable. Organizations that keep track of their security patches & fixes had 'Night rest as a Service' in the same period and could continue to focus on the execution of their regular flight plan ...
Sounds simple, but apparently that is not the case. Sounds simple, but apparently that is not the case. More about this in my next blog, 'Staying ahead' part 2!