In my time in the IT Industry, both sysadmin and security, I have always believed that we are not looking at the problem through the right prism. The paradigms from the 80’s and the 90’s of what a “Enterprise” network is, do not seem to apply now. Security breaks down to Fundamentals…

Fundamentals of infrastructure design…
Fundamentals of operations…
Fundamentals of SECURITY…

I firmly believe that 80% of security happens with fundamental design. Industry wide we have this obsession with the difference between “External” and “Internal” networks. We need to get our heads on straight. We think tactically. There are very few “trusted” networks.

Fundamentals are not sexy, and some of it might “fly in the face” of what the industry is trying to sell you right now, and many of the things we call “Best Practices” simply are not. The “no two environments are the same” argument does not fly here… Repeatable, Reusable, and Secure.

If we ever hope to have secure environments lets borrow some ideas from what we expect of software development, but more then anything lets keep it simple.

I welcome and encourage you to contact me. Comments, Emails, Tweets… Bring it on…