from Hacker News

Ask HN: What is missing in the IT security world?

by darxius on 2/22/15, 2:42 PM with 3 comments

I've been toying with the idea of a security-related startup - possibly geared towards getting other startups to be more security minded by making security easy.

However, I'd like to hear from some people in the security field (or sys admins) to get their opinions on the state of security at their company and in IT in general. What's missing? What are the different pain points when dealing with security? Ever wish a certain product existed?

I'm going to take what I learn from you guys, draft up a survey, and send it out to my network and see what sort of feedback I can get from them.

  • by fabulist on 2/22/15, 7:19 PM

    It would be incredibly nice if there was a home security system that was actually difficult to defeat.

    The existing ones are susceptible to denial-of-service attacks against their communications infrastructure (cutting the phone line, jamming their GSM, jamming the communications between the sensors and the base station.) It would be nice if they were able to fall back to redundant communication lines.

    For instance, in my city, there is an ISP which provides service over point-to-point microwave. If the phone line was cut, and the cell line was jammed, this would still be available to report break ins.

    Having multiple redundant means of communication also opens the possibility of reporting a break in if communication with the base station is lost. With just one line, the rate of false alarms would probably make this impractical. But with three, you can be pretty sure that someone is deliberately disabling your device.

    One final note; whatever you end up doing, get another company to audit your product before it comes to market. Too few companies actually do this, but it is quite necessary. By their very nature, mistakes tend to occur in places you (/your engineers) wouldn't think to look.

  • by jimkri on 2/22/15, 6:11 PM

    I think that is an awesome idea. I am currently a Business student with a computer science minor so I consider myself very technical. What I have seen is that business students now are not technical at all. They are going into a lot of businesses without a knowledge of how important security is, or they have the mindset, “I never will be hacked” or let the programmer worry about that. So when you have managers who are not technical and don’t know shit about security they push the programmers to focus on other things. There needs to be a shift in how management thinks about security. That is what I think, I could talk about security for a while, it’s an important thing for businesses to follow yet they don’t, I am now talking about more than startups. Look at all the security breaches that have happened, businesses wait till a breach happens, a startup that does the security for companies would be big. Take the hassle and worry from the company.

    I went on a little rant, so I apologize. haha

  • by jnazario on 2/22/15, 5:52 PM

    in a nutshell, close the skills/talent gap. not enough people qualified for the million or so open roles. close that gap somehow.