I don’t know how to explain it. I don’t know how to make it relevant to you or others. I can see it, feel it, and know it. It isn’t war. It isn’t a battle. It isn’t personal.
When you sit in the position of a security leader you make relatively few decisions. You are balancing between the logic of business, the relativistic profession of statistical and probabilistic risk, the known principles of confidentiality, integrity, and availability.
You are squeezed by the realities of budget, shareholder value, human resource constraints, poorly aligned regulatory standards and audit requirements that may be counter productive and increase risk just by gathering them
The only secure firewall is still in the box. The minute it is configured latent risk will accrue. Same for most technologies.
Our most succesful tools are found in the sales cycle, graphic arts, hostage negotiations, structured narrative when put through the lens of information security.