“The future is not set, there is no fate but what we make for ourselves.” John Connor, Terminator 2
There is a prevailing viewpoint among security professionals that security breaches are inevitable. They have adopted the mantra, “It is not a matter of if but a matter of when.” As recently as the day I wrote this post, I attended a meeting where this attitude was used to justify accepting easy to mitigate security risks. This attitude is nothing new and it has a name: “fatalism.”
Merriam Webster defines fatalism as, “a doctrine that events are fixed in advance so that human beings are powerless to change them.” Ask yourself as you read this, is that the truth? Are you powerless to change events or do you make your own choices?
When you make the choice to choose compliance over security, that&rsquo…