It is interesting how an idea pops up in your daily life. I was reading through the torrent of email that is the FD mailing list and the phrase “Technical Debt” was mentioned. It started me thinking about security and how companies treat it when they develop their systems and infrastructure. I then thought that we all need a little Dave Ramsey in our SOCs.
So now the question becomes, how do we measure our “security debt” when performing an audit? Because we really need to realize that our debt will be paid by our partners and our customers. It is commonly skipped over that the penalty for not securing our systems, sadly, is never paid by the people who chose not to secure the systems.