We, as in, all of society, really should stop blaming the obscure machine, and start taking responsiblity for maintaining the outdated designs that went into the initial creation. Why do we ignore necessary changes? Here are a few reasons:

• "It is not broken, so don't fix it!" Although this applies to many manufactured things we use everyday. It does not apply when other factors influence the integrity of the functionality. Since changes in cyber technology happen everyday, maintenance of software and systems is critical to maintain product quality and Integrity. The cost/benefit of re-tooling software is a committment to quality that each company has to review for themselves. However, when it comes to Cyber Security, updates simply must be made.

There is no static environment in technology. We can't make a tool that lasts forever and doesn't become obsolite; or more importantly a piece of software that continues to be secure.

• No money in the Budget - This is a top down decision. In the near future it will be the Board of Directors that are held accountable for cyber failures, but for now it is all about blaming the machine, as stated above.

An individual or piece of code that intends to cause harm or control data elements in your network; storage devices; email servers; or even in RAM does not care if you protect your customers or not. In fact, they prefer that you fail to update your software and/or infrastructure.

• Maintenance is For Low Talent Developers - So the truth is that the attention and accolades go to the Money Makers. If that means that the latest and the greatest get the company in the headlines, then those teams get the attention and the better bonus based on the perception that the work brings in more money. However, often the truth is that the existing tried and true products are actually so stable that their income allows for additional funding and keeps the lights on. We humans always give attention to the flash and glam, however, a good System Operator could actually save the company hundreds of thousands of dollars by just using Kubernetes correctly.

  One solution is to give equal credit to all teams for their contributions. When doing so, your top talent will be equally dispersed making you a stronger company.

Belinda's Bio:

Belinda has over 25 years of experience in the IT field. Since there was no opportunity for an MIS degree at the time of her undergraduate studies, she switched majors from software programming to Business Administration with all electives being in software development and computer theory.

Finding her true calling in Cybersecurity, she has had the opportunity to experience many aspects of cyber threats, risks, and compliance. She has the tenacity to get to the root of risks and issues, and the ability to communicate with the business stakeholders to create a plan of action.

The most important factor when implementing a security plan is Business Continuity - this should always be held first and foremost when developing and executing preventative measures in the plan.

SECURITY BUSINESS ANALYST / IT SECURITY PROJECT MANAGER:

Cyber Security Incident Response; Threat Remediation Tracking; Software Patching Compliance; Business/Operational PCI Process Assessment, EndPoint Protection, WAF, Business/Operational Process Documentation, Requirements Gathering and Analysis, Needs Assessment, PCI Compliance, Functional Requirements, Technical Requirements, Change Advisory Board (CAB), Governance Risk and Compliance, FIPS, NIST, SOCS, GAP Analysis, Policies and Procedures, PCI Compliance, Information Systems Audits in compliance with FISMA, Physical Security, CCTV, Software Design Specifications.

SOFTWARE & OPERATING SYSTEMS:

MS Office 2016 - including Visio 2013 and MS Project 2013; TeamTrack, HP ALM Quality Center v11.00, HP Service Manager 9.31, SharePoint, Team Foundation Server (TFS), Adept (SGML), HTML, JAVA (minimal), XML Spy, Coffee Cup (html + ftp); Audacity 2.0; Paint Shop Pro 8, Gimp, Writer} online tour development and graphic software.