Documents in cybersecurity are unfairly unloved
In defense of documents
Most people who are in cybersecurity love love love technology. A command line, a PoC, a challenge, some source code to decypher, that is what lights up most eyes.
But besides the excitement of the hunt when chasing a cybercriminal, and the many hours of research that can take to unearth some deep problems in the technology we use all the time, there are down to earth, routine activities that many cybersecurity day jobs require. Patch the server, reset the password, configure MFA… the list goes on and on.
With all the benefits that documents bring, why are they so hated? I have seen many times the roll of the eyes when the time comes to write a procedure.
Obviously not all documents are worth our time, and compliance requirements lead more often than not to create a pile that is only revisited when and during the next unavoidable audit. I think much of the hate comes from this pile of b****shit detached from reality that is never used in our day to day activities.
But there are good documents, and they bring many benefits:
- Record decisions.
- Facilitate agreements. No agreement can be considered complete unless it is in writing.
- Enable many people to…
