What are Your IT and Information Security Nightmares? Experts Weigh In

It is safe to say that all IT and information security pros have had frightening IT challenges from time to time. Whether transitioning to the cloud or remedying false positive alerts, IT engineers are often asked to think on their feet and adapt to change quickly. And although the industry as a whole has come a long way, there are still some incredible stories lurking in the shadows of IT past.

I recently asked a handful of my colleagues and industry experts to share their worst IT and security nightmares (and lessons learned), as well as their analysis of DevSecOps. Just in time for Halloween, they have weighed in.

And to begin I answer my own questions:

What used to give you nightmares in the IT/information security world that doesn’t anymore?

Infrastructure issues. Throughout my career, whenever I would get a call for an outage, it was always due to some infrastructure or networking issue (misconfigurations of a router, etc.), which is really hard to troubleshoot. Now, as more businesses move to the public cloud, the issues are more focused on applications and data, things that are core to the business.

Is DevSecOps a “trick” or a “treat”?

It’s a treat. I am finding that whether it’s a buzzword or not, DevSecOps is leading to more automation in the security space, which I haven’t seen before. Working more tightly coupled with other departments within an organization is great.  It may be a trendy term, but we’re reaping the benefits and I imagine other organizations are, too.

Frederico Hakamine, CISSP, CCSP, Workforce Identity, APIs and Protocols, Okta

What used to give you nightmares in the IT/information security world that doesn’t anymore?

Pop-ups, toolbars and browser plugins and just thinking about it gives me chills. In my first job, I was in charge of managing the IT infrastructure in a small college, so you can imagine how hard it was. I’m so glad the browsers of today have vastly improved and this is a problem of the past.

Is DevSecOps a “trick” or a “treat”?

(It’s d)efinitely both. I really love how DevSecOps automates and delivers security throughout the Dev life cycle and how it removes friction between security and developers. My caveats are around the blind spots: Some people implement DevSecOps only on code, call it a day and ignore other items such as the user login and the runtime environment. On top of that, some people also forget to keep their DevSecOps automation/scripts up to date. Just make sure you cover the blind spots and DevSecOps will be a treat.

Ben Newton, Director, Operations Marketing, Sumo Logic

What used to give you nightmares in the IT/information security world that doesn’t anymore?

In a past life, I once had security guy take down all of our production servers because he was running a personal instance of VMware connected directly to our servers in the data center. I haven’t seen a server in the flesh in 10+ years. So, no longer worried about that one.

Is DevSecOps a “trick” or a “treat”?

One would hope for it to be a treat, but like many IT trends, it is just a trick if used as an excuse to relabel outdated security practices. Much like that costume with the fake muscles that is great for a 4-year-old on Halloween, but super creepy on an adult.

Jeremy Proffitt, Staff Site Reliability Engineer, LendingTree

What used to give you nightmares in the IT/information security world that doesn’t anymore?

Seeing those flickers that geeks recognize, whether slow load times, missing information or just old-fashioned errors, without direction or focus—we found ourselves lost in a sea of intertwined systems. Those horrific moments of thinking something might be wrong have progressed to checking our alerts and being able to see in almost real time, the performance and errors in our systems.

Is DevSecOps a “trick” or a “treat”?

It’s important to remember the trick to DevOps is to treat them only with facts, the hard evidence. A query link showing the issue makes understanding issues satisfyingly sweet.

Ken Tidwell, VP of Security Engineering, Sumo Logic

What used to give you nightmares in the IT/information security world that doesn’t anymore?

Scalability used to be a nightmare that haunted every information security process. The ascendance of cloud deployment with microservice architectures and on-demand lateral scaling has largely banished that nightmare.

Is DevSecOps a “trick” or a “treat”?

DevSecOps is a treat. It provides the hard candy shell that protects all of your valuable intellectual property and processes. But remember that tricksters are out there. Mind your threat and intrusion indicators and don’t just count on the invulnerability that a good DevSecOps process works toward.

George Gerchow

Avatar photo

George Gerchow

As Sumo Logic's Chief Security Officer, George Gerchow ‪brings over 20 years of information technology and systems management expertise to the application of IT processes and disciplines. His background includes the security, compliance, and cloud computing disciplines.

george-gerchow has 3 posts and counting.See all posts by george-gerchow