Passion for what you do

A few months ago I ran across a new (to me anyway) blog called The Trustedtoolkit Blog. He was doing a series of posts on Security Policies and I linked to them. Since then I've been following the blog and today as I scanned the 500+ unread posts that were in my RSS reader this one caught my eye again. This quote is what grabbed me.

I write for this and The Breach Blog because I am passionate about information security and protecting people when dealing with confidential information.

I thought what a perfect candidate for the Security Catalysts Community because that is exactly what we are looking for is passionate people. So I pulled up the site to read the rest of the article and get contact information. As I looked around I didn't see any contact info but I did see a link to the SCC so I'm assuming that He is already a member. It seems that at one time I had his name but it completely escapes me and apparently he wants to remain anonymous to the rest of the world.

As I read the rest of the post I must say that I was please with what I saw and wanted to share it with the rest of you. He shares a story about a seemingly minor security slip up. I'll let you read the story here and then come back if you want to read my comments.

Ah, there you are! Pretty good post, huh. Did you see the same thing that I saw? Passion. He's right. It would have been so easy to just say "no big deal". Call HR tell them this is wrong and move on. But what about the unknown? If the easy way had been taken then they wouldn't know if the data had gone outside of the company. The potential for the seemingly small thing to become a big thing is pretty scary. If this had gotten into the wrong hands or had just been stored on a drive that was accessible to others then these 50 people could have been exposed (beyond the "small" exposure).

I commend the Masked Toolkit Avenger for his foresight in this and his passion for taking this seriously and not just sweeping it under the carpet. He would have passed up an opportunity to educate his client and those of us who read his blog. He would have passed up a chance to really make a difference in how information is protected.

I just hope that the rest of us (myself included) would have done the same and that we will keep this in mind when situations arise that seem small. Sometimes these small things turn out to be like Snoopy's Dog House. Little on the surface but HUGE on the inside.