In talking security to various organizations, I often find varying opinions and methods of securing the environment.  One thing that does come across in a number of discussions is how security is veiwed.  Often security is veiwed a necessary evil that IT people avoid or ignore in the deployment of IT systems.  IT people outside the security organization often do not involve security because of the fear of security of stopping a project becasuse of security issue.  This thinking is often brought on by the security organization themselves.  The security organization views themselves as simply as a approving/disapproving organization.  If project does not meet certain published or in some cases unplublished standards, the project is blocked and is sent back to the drawing table. This is a poor way of running security as it builds resistance between the groups and delays projects.

My view of security has always been one of as enabler which I developed in my years in the military.  The "Start Now" title to my blog is how I feel security should be involved in a project.  Security should be a core part of the project from inception and every team member needs to take responsibility for developing/deploying a secure system.  By involving security from the start, the security team is better understand the project have input into the overall development rather than a simple barrier to pass.  Systems deployed with this type of security involvement are much more secure by the simple fact the system is designed as a secure system and not "patched up" at the end to pass the security "test".

Now that you understand my view of security, my blogs will focus around how to securely build and deploy systems.