Connect with us

Hi, what are you looking for?


Management & Strategy

My Friends, it’s True. The Times, They Are A’changin.’

If you’ve ever heard that Bob Dylan song, you’ll know what I’m talking about. As the music legend serenades you with his unique voice, you start to realize that what he’s really saying is that nothing stays the same. The things of yesterday are not the things of tomorrow. 

If you’ve ever heard that Bob Dylan song, you’ll know what I’m talking about. As the music legend serenades you with his unique voice, you start to realize that what he’s really saying is that nothing stays the same. The things of yesterday are not the things of tomorrow. 

Who knew Bob Dylan would herald the regular transformation cycles that is information technology? 

I love that song. And it tells me if I listen carefully and apply the lessons to my work-life, I will discover the following:

It’s time to wake up! The world around us is changing on a regular basis. Right now the types of technologies that we’re just starting to understand are already becoming outdated. Every year that passes, the pace of change accelerates. It’s like gravity—you accelerate at an increasing rate—except I don’t feel we have a terminal velocity yet in technology. We just keep going faster. What’s critical in this is self-realization. Security professionals need to realize that we can’t rely on knowledge, process and tooling that was top of class a year ago because it’s most likely no longer even relevant. Acknowledge that security needs to continuously evolve with business, technology and adversaries. Start swimming, or you’ll sink like a stone.

Opportunity knocks daily. It feels like every week, sometimes every day, we security professionals have an opportunity to influence the next big technology revolution. I think it’s safe to say that we’ve pretty much missed most of them, so far. We pontificate, belittle and ask, “Why would you do that?” But change happens. When the world started going mobile, we were busy trying to keep them tethered to their desks with dependence on yesterday’s security paradigms. While we were telling IT leaders to backhaul all their web traffic through a central office, users were sitting at Starbucks using Dropbox and Salesforce, and completely ignoring security’s outdated mandates. Keep your eyes open—the chance won’t come again.

We must lead, follow or get out of the way. Many in security today still try to maintain they work for the department of “No.” Maybe you do, and maybe you can exert your power in some short-term way over a limited piece of your organization. But I promise you this: playing the “no” game is a losing proposition. I suggest you lead—meaning, get involved early and provide valuable guiding input. The alternative is following, which we’re all doing today and every day. Catching up to things that have already been released (Internet of Things, cloud, etc.) is hard, and the security value is always a delivery of compromise. The last and perhaps last-chance option is to simply let it all go and try to catch it as it falls—before it all goes catastrophic. There are plenty of organizations that operate this way. I don’t advise it, but it’s definitely one way of doing things. I think the net is you have to pick and then accept the consequences. He who gets hurt will be he who has stalled.

It’s time for a stack rebuild. We’ve been dependent on a legacy technology stack in security for 20+ years. Perimeter security, on-the-wire intrusion detection and prevention, endpoint security, local identity directory and a million passwords. That stack is rapidly becoming decrepit and a hindrance to business. What does the next stack look like? I think a large hint to the future lies in the cloud. Cloud-native applications and services are inherently build with elasticity, scale, and resilience. Security should match these qualities breath for breath. I think the stack of tomorrow’s security future has to address the cloud head-on and be born in it. Identity, workload, applications, data—these are the relevant components that security will need to build the security stack around. The exact delivery is still a bit nebulous, but I suspect the future is rapidly coming. Now is the time to think about modernizing your enterprise security stack. The alternative is a complete loss of visibility and unquantified risk. Your old road is rapidly aging.

Advertisement. Scroll to continue reading.

Who knew Bob Dylan was such a genius, other than his family and fans of course. The future is quickly approaching, and you can choose to deny it, but it doesn’t care. The future doesn’t need your permission, because the times they are a’changin.’

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.