Being periodic and consistent – that's the formula for success in every aspect of life. From practicing a sport, such as golf or tennis, to examining our personal health with check-ups with a doctor, to analyzing the financial well-being of our businesses, doing these things periodically and consistently over time is the only way to set ourselves and those around us up for success over the long haul.
This same concept can be applied to security vulnerability testing. It's more than just satisfying a check box or determining the level of risk at any given time. When you run automated vulnerability scans and perform manual analysis on your network systems and applications time and time again you benefit from:
• Protection against the latest vulnerabilities
• Getting to know your network environment better
• Adapting to the complexity and fluidity of your network environment
• Learning more and more how to think like the bad guys
• Gaining experience using the security tools you have at your disposal
We've all seen what happens when we don't stick to a routine and stay on top of the things that are important to us. We gain weight. We get blindsided by cash flow problems. Or, perhaps worst of all, we get hit with a data breach or downed systems that impact us both personally and professionally in ways never imagined.
Writer and philosopher Elbert Hubbard once said “Self-discipline is the ability to make yourself do what you should do, when you should do it, whether you feel like it or not.” There's nothing magical about the security work that we do. You know what needs to be done – it's mostly a matter of choice and habit and 'stickuitiveness.'
As humans, each of us has a tendency to let our guard down. We get busy, we're tired, and there just doesn't seem to be enough time in the day to make everything happen. This is especially true when everything seems to be clicking in going along smoothly. It's still no excuse to become complacent. Experts say that it takes 21 days of repeating something to make it a habit. Start working on positive habits that will impact security in your organization. Start working on positive habits that will impact security in your organization. You may need to change your methodologies, improve your time management skills, or acquire better tools to do the work.
Once you figure out what's needed, practice what I call "relentless incrementalism," and proceed doing the things that will help make your network, your business, and your career more secure. And do them over and over and over again. As the motivational poster says about persistence: the race does not always go to the swift but often to those who keep on running.