(cyber)security first business model

I know you’re reading this section to learn more about the (cyber)security first business model. I’ve tried explaining it many times before. But perhaps it’s simpler if I just show you. Fair warning. You’re going to laugh.

For simplicity’s sake, let’s call the boxes nodes. The lines, then, are connections. The database is the knowledge base. The whole thing is a knowledge system. Any node and connection can be replaced or developed arbitrarily. A system can have multiple nodes and connections. A node can even be a completely independent knowledge system. The nodes are tools, and security is responsible for providing sustainable connections between them.

But what led to this model? It includes a bit of:

  • graph theory
  • neural networks
  • game theory
  • computer science experience
  • cybersecurity solutions
  • business development experience
  • behavioral science
  • economics
  • and, of course, a good dose of philosophy

I don’t expect you to understand it at first. We’ll have plenty of time to explore the topic. But then, what led to this simple diagram?

I’ve been involved in computer science for a very long time. So, I know a lot of computer science jokes. One of my favorites, which I heard from a friend:

  • What’s computer science? It’s a fight between the universe and the developers. The developers produce the code. The universe produces the idiots. So far, the universe is winning.

Racist? … I know. But what’s sad about it is that many people believe this statement to be true. This line of thought is hidden behind countless services. Just think about Dev vs Ops. The many security technical “Best Practices”. The worthless marketing ploys, and the list goes on.

What’s wrong with this approach? That we ourselves are customers to someone.

How could we break this cycle? Let’s just say it has to start on an individual level. That’s why I’ve divided my message into several categories.

  • Individual level. Here, mentality and philosophy can have more impact than the usual jargon.
  • Small company level. Maximum 5 people. This could be a business’s founders, smaller groupings. Here, communication is usually the biggest challenge.
  • Medium company level. Less than 50 people. Here, scalability is the biggest problem. How to replace the nodes.
  • Large company level. More than a hundred people. This is already a separate society. Here, bureaucracy causes problems.

What I want to make clear now, don’t try to make a change at the large corporate level. A single person’s voice never has enough impact in the crowd.