Synopsis
Security has an interesting view on "business decisions", and in this podcast episode recorded at GrrCon 2012 in Grand Rapids, MI I sit down with some of the talent behind MISEC and we discuss #SecBiz topics of interest including the ugly phrase "it's a business decision" and why we say that. We also dive into how decisions are made, and why security and business are still often at odds on goals and acceptable 'risks'... and why our recommendations and guidance still falls on seemingly deaf ears.
We sample some of the sage wisdom of J.W. Goerlich as he runs his IT and security organization, and how he asks his security employees to think business, and put themselves into the frame of reference of the business when making decisions.
Jen Fox brings up Miller's Law, and teachs us to ask "What is that true of?" when framing discussions in the business context with non-technologists. Jen makes us think about frames of reference. She tells us that we must assume that a statement someone makes is true ... from their frame of reference and we simply must get inside their frame of reference to understand their thinking.
Steven Fox gives us a little bit of a glimpse into the government world where you can't always go sit down with the decision maker, and have to depend on your relationships, cooperation, and sometimes back-room politics to get things done.
I invite you to listen in, this is a timeless discussion that everyone should participate in.
Guests

J.W. Goerlich - @JWGoerlich - Information Systems and Information Security Manager. Regular InfoSec practitioner, occasional speaker and writer. INTJ. #MiSec, #BSidesDetroit, #CSA, #Owasp
Jen Fox - @J_Fox - Making security accessible to the end user. Independent consultant, biz analyst, tech-to-biz translator, and diplomat. CIPP/IT and locksport enthusiast.
Steven Fox - @Securelexicon - I am a Security Architect at the U.S. Dept of the Treasury & Penetration Tester passionate about security as a business value and differentiator.