Biggest lesson in IT Security

The biggest lesson I had to learn in my career of IT Security is that not every issue or vulnerability is going to be remediated. When you enter the field of Cybersecurity, all you know and care about finding all the flaws and fixing them. Sometimes you can, but alot of times, you meet resistance and don't understand why. The solution is obvious and easy, so why doesn't everyone see this is an issue that must get fixed. Well, as I finally learned after frustration of being told we can't or won't do that, the reason is because I, along with so many other Security professionals did not take the business into account. The largest question that must be answered from the outset is, "what is the impact to the business?" This one simple patch breaks the functionality for a $5,000,000 system and we cannot provide service to our clients or customers, that is not going to happen.

We must continue to find and note issues, but that does not mean we are going to resolve them. If something critical comes along, knowledge of what we have is imperative. Sometimes fixing an issue just means acknowledging it and moving on. Stop finding problems and start finding solutions.