Book review: Stiennon On Security: Collected Essays Volume 1


Posted on by Ben Rothke

As I wrote about Security Yearbook 2020: A History and Directory of the IT Security Industry, by Richard Stiennon, it was like a walk down information security memory lane. Security Yearbook 2020 details security firms we all know and sometimes love, such as Symantec, Check Point, Palo Alto Networks (where Stiennon is persona non grata) and more; and then companies that have faded away or been absorbed, such as Network Associates, Vigilinx and many others. 

In Stiennon On Security: Collected Essays Volume 1 (IT-Harvest Press 978-1945254062), he is back with more than 100 essays of his, written between 2010 and 2020. 

About two-thirds of the essays in this volume are from 2010-2013. Of the many companies that Stiennon mentions, Symantec is one that gets much mention. Symantec is on his wall of shame in large part due to several disastrous non-strategic acquisitions they made and had little profit to show for it. The Symantec board brought in many CEOs in an attempt to straighten the ship and mature the organization. 

But in what may be seen as the ultimate in industry heresy, Stiennon writes that information security is not only not mature, but it is also one of the few tech businesses that will never mature. He notes that information security is a very different animal and that the primary driver is not the customer. Instead, the primary driver is the threatscape, which evolves continuously.

When dealing with the failure of the Trusted Platform Module (TPM), also known as ISO/IEC 11889, around a secure crypto-processor, he astutely writes that products generally do not sell unless they solve a real problem, and security products, in particular, do not sell unless they address a real and present danger. 

In an essay from 2011, I read in humor about a DDoS attack sending 60,000 requests per second. Jump to 2020, and Amazon said it mitigated the most massive DDoS attack ever recorded as 2.3 Tbps.


A lot has changed in the past decade, which is about half a century in information security years. Stiennon On Security Volume 1 is another interesting walk down information security memory lane. And those who don’t remember the information security past; well, you know what happens.

Contributors
Ben Rothke

Senior Information Security Manager, Tapad

Hackers & Threats

hackers & threats

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community