Comments on: Being the “Bad Guy” http://www.thesecurityblog.com/2009/09/being-the-bad-guy/ Security Threat Research News Sat, 24 Dec 2011 17:33:42 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: denniskuntz http://www.thesecurityblog.com/2009/09/being-the-bad-guy/comment-page-1/#comment-129 denniskuntz Mon, 14 Dec 2009 17:51:37 +0000 Thanks for the kind words, and you reiterated my point very well. In addition to what you have to say in the post, I would offer this: As well as educating users about restrictions, and looking for converts, etc., we need to make sure that _we're_ open to education and "conversion" as well. That way when we do indeed need to employ something that might seem to be draconian, we have that much more credibility. When you have that credibility, even if education and/or conversion didn't take hold, you might get a response similar to: "Well, [insert security professional here] is normally pretty considerate, so if [he/she] needs to implement this, it must really be necessary." That's definitely not a bad thing. Thanks for the kind words, and you reiterated my point very well. In addition to what you have to say in the post, I would offer this: As well as educating users about restrictions, and looking for converts, etc., we need to make sure that _we’re_ open to education and “conversion” as well.

That way when we do indeed need to employ something that might seem to be draconian, we have that much more credibility. When you have that credibility, even if education and/or conversion didn’t take hold, you might get a response similar to: “Well, [insert security professional here] is normally pretty considerate, so if [he/she] needs to implement this, it must really be necessary.” That’s definitely not a bad thing.

]]>