The Language of Security

The web is brimming with security sites and oozing with security advice. It has taken me years to discover what is relevant in starting my day as a security tutelary.

The current version of my day starts with Brian Krebs (, then the Wall Street Journal, and finishes with an ascension through increasingly esoteric security sites. No, I do not know or have a business arrangement with Mr. Krebs.

This structure has evolved to fit what I see as one of the biggest challenges in security, in that there is no lack of information or expertise in security; there is an issue of unification.

There is no lack of information or expertise in security; there is an issue of unification.

In a previous blog I stated that “It takes commitment to be secure and a community to survive”. The “community” I refer to is the entire ecosystem of an organization; from left to right, from top to bottom, the whole thing is required. Within this ecosystem, there exist communities that see the same business through different lenses and speak of the same actions in different vernaculars. A challenge to any leader who wishes to secure their organization is to unify these views and dialogs into a common cultural codex.

If you are a security expert and need to speak to your business, or a business expert and need to speak to your security community, start with looking through their eyes and hearing with their ears. Brian is unique in that regardless of the complexity, he is able to give me a view that I can quickly absorb and build upon for any “community” I am addressing. On more than one occasion I find myself reading a security site and hearing hoofbeats and thinking “Zebra!” and later reading Krebs and realizing it’s only a horse.

With Krebs, never forget:

Merry’s “Krebs Rule” #1: It’s always good to read Krebs, and never to be written about by Krebs.

– Gary Merry, CEO

P.S. I also pay attention to anything Bruce Schneier ( has to say.