Offense vs. Defense

Last Update: Jan 09, 2022

A lot of time is dedicated to offensive InfoSec; perfectly understandable when you think about it.

After all, offensive InfoSec is where all the glory is. Ultimately I believe we all want to be recognised and as such I think it’s perfectly understandable that people aspire to be the next Dan Kaminsky or Charlie Miller.

Defensive InfoSec on the other hand is markedly different. While there’s no lack of vendors playing in this space peddling their wares, as a community it feels as though we are missing celebrities that can rival those found in the offensive space.

Defensive InfoSec also suffers from a fear of disclosure; the premise that sharing information around mitigation of threats can be used by an attacker to further strengthen their attacks.

Perhaps there’s also a fear that standing up in this space makes you a target, particularly if you work for a large organization. InfoSec professionals like to make light of organizations that get breached (think Sony, Hacking Team) but the truth is that we all know that securing an organization is no small feat and a near impossible task. The odds are quite simply, stacked well against you.

I guess it may be a while until defense is seen in the same light as offensive InfoSec but here’s to hoping that in the coming years we have a champion in this space that can bring promising people into the industry in much the same way as the celebrities in the offensive space have done.