WSJ needs a smack upside the head

WSJ needs a smack upside the head

4 Comments on WSJ needs a smack upside the head

I know I am late on posting about this (I am out of whack – trying to sell the house, been sick, had my parents in for two days, my middle child turned 5, working on multiple RFPs, etc, etc, etc.).  But when I saw Andy’s post about this WSJ article about how to evade your company’s security measures, I about crapped my pants.  What an idiotic article!


About the author:

My name is Michael Farnum. I am a Practice Principal at HP Fortify on Demand. I live in Tomball, Texas. I have been in the IT and InfoSec field since 1994. I am the founder and chairperson of HouSecCon, THE Houston Information Security Conference. These are MY words, not my employer's or anyone else's.


  1. Wolfgang Leithner  - August 9, 2007 - 7:31 am

    As a IT Security Consultant for the better part of the last decade I think it largely depends on the basic intelligence of the CEO/CIO/CFO you are talking to.
    The smart ones will see the necessity for awareness training while the not so smart ones will make it an “IT only” issue to stay ahead of their users to keep the company safe from harm.

    Unfortunately in times of twindling IT resources this is a battle we cannot win and so I personally got *very* scared when I read the article because of all the (mostly unnecessary and tidious) work this will produce, because virtually everyone *will* test all the proposed ‘workarounds’.

    I am not sure if in the long run the posted article will be considered good or harmfull.


  2. The Compliance & Security Connection  - August 8, 2007 - 12:39 pm

    Wall Street Journal post Raises Ire of IT Security Pros…

    The Compliance and Security Connection Home Page A recent Wall Street Journal post by Vauhini Vara, Ten Things Your IT Department Won’t Tell You, provided suggestions for doing an end-around your IT department. As you might expect, the topics centered…

  3. Michael Farnum  - August 2, 2007 - 3:32 pm

    Damn it, Tim! Stop being so optimistic! I am trying to spread FUD here! :)

    Actually, very good point


  4. Tim Wagner  - August 2, 2007 - 3:16 pm

    While I agree this was not a very smart thing to publish, I think it really just gave the security community ammunition. For those of you who focus on Awareness training, this is definitely something I would be bringing to management. The conversation is simple, look we are doing everything we can to protect the company, but then WSJ goes and tells the average user how to overcome our defenses, we really should invest in awareness training so our users understand why NOT to do these things. I’m not sure how a resonable and responsible CEO/CIO/CFO could defend against this. Maybe Santa will chime in on this.

    My point, for every idiotic experience in this world, there is an equal opportunity to learn and teach.

Back to Top