Finding The Hidden InfoSec Story

Security on a Plate


As a security professional with ambitions to become a chef, I keep discovering strong parallels between the two activities…..

For example, one of my cooking teachers remarked to me: “Fast food doesn´t mean it is prepared faster, it just means it’s served faster”.

And it’s true. When making a hamburger, you can grill it quickly, put it in the bun with some ketchup and serve it up straightaway. Or you can make it special, by adding some condiments like spices or sauces, letting it cook for 10 to 15 minutes. You may then add lettuce, onion, tomatoes and mushrooms, cut in small pieces and placed in the bread with some cheese and then finally serve it. The time taken to prepare it is not wasted time, it’s the good way to make it special.

Now, security is much the same thanks to the experiences in some companies. You can set up a firewall quickly, plug it in and leave it on the default settings. Or you can start to change users, identify functions and setup or disable them, identify all the permissions and finally deploy with a change management activity to reduce “user trauma” . The conclusion is quite simple, you can do the things faster and maybe wrong, or you can take the time to do the things right and get better results, whether in food, or security.

And here’s a thought. Just as no dish produced by a top chef is ever going to please everyone, so it is with security. No matter how much money or time you spend to protect information, people or anything in the company, there will always be threats with the power to ruin all and make the risk real.

We should admit this when we sell security to our companies: we can’t achieve total security as there will always be something new to deal with – just like the chef who has to deal with the hard-to-please diner. We have to learn that the fight against data breaches is normal; maybe someday an attack will be successful and the impact will be severe, but that is no reason to stop trying to be secure.

In some ways security can be as subjective like gastronomic opinions.

From today, you might consider when you are working on security (or maybe cooking some delicious food) that these two worlds have a lot in common. We should try to prepare as well as possible the security we provide to companies or the food we serve for our families or just for us. And remember that just as food is tasted with our senses like smell, sight or even touch, people need to live and sense the security to know that it exists and it’s necessary.

Bon appetit!

Share This Post On