Security Does Not Need to be Complex to be Effective

Even a 10 year old little girl can prove this factCaution.jpg

A 10-year-old girl thwarted an abduction attempt after asking a stranger for a code word that he did not know.

A man approached a 10 year old girl outside a public school and attempted to lure the girl into his vehicle.  The man told the girl her parents had sent him to pick her up.  But the girl and her parents had setup a shared secret code-word for anyone authorized to pick her up from school. 

The girl asked for the code word but the suspect got it wrong.  She told him it was incorrect and he drove away. 

I applaud the parents for a job well done in implementing a simple and effective security solution and to the little girl who deftly executed to it, likely without the need of understanding the grim impacts of failure. 

In the security and technology industry, we can learn volumes from this encounter.  First, a security savvy person is far more effective than a stack of technical security controls.  Second, complexity does not guarantee effectiveness.  In fact, simplicity can be more cost efficient and easier to implement. An elegant solution, is one which is accepted, applied, and delivers the preferred result.  

As security professionals, we have an opportunity to meet these requirements to deliver an optimal solution through a marriage of inherent human and technical considerations.  We must not forget, computer security is a combination of both.  The very best solutions enhance the user’s ability to be secure without being cumbersome.  Pure elegance.

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.