I should preface this post with the fact that this is to be read with tongue firm planted in cheek. I think.
Some number of years ago I worked for Nortel. One particular morning, I recall attending a ‘town hall’ meeting being held with the CEO at the time. We won’t use his name, but suffice to say it was during a period of ‘initial decline’ at the company. During this town hall session, we heard about the usual suspects: new product introductions, R&D innovations, customer success stories and financial performance. The last point was of keen interest for many; despite not being accountants, everyone had learned a little something to better understand the situation Nortel found themselves in. Even a graphic designer could tell you DSO was Days Sales Outstanding, and why that was bad if it got too big.
As the session progressed, it was explained that the Optical portfolio was seeing some decline in growth. It was pretty clear for us all to see that ‘some decline in growth’ was secret accounting-speak for ‘the bottom has fell out of the market’. What followed was a great demonstration of the difference between Generally Accepted Accounting Priciples (GAAP) and Nortel Accepted Accounting Principles (NAAP). Under NAAP, correcting this minor decline in growth was simple: just reclassify your portfolio so that almost everything becomes an ‘Opto’ product. How to achieve that? Why, if a product contains any kind of optoelectronic component, then rack up it’s revenue under the optical portfolio. Of course, almost everything had an LED power light… so we were in business! Optical revenue had never been stronger.
This redefinition hit me again today. As security professionals, we often work with a number of tools to help secure our networks, systems and information. Sure, security folks will all recognize tools like Nessus, Snort, WebInspect, nmap and so on. There’s even a nice list of the Top 100 Network Security Tools — people love lists.
But it’s flawed. The real number one security tool vendor is Microsoft.
I’ve asked a few security professionals what tools they use the most in the field. The most popular isn’t Nessus or nmap; it’s not Snort, Metasploit or Core Impact. It’s Microsoft PowerPoint.
That’s right, in my extremely unscientific survey, and re-classifying PowerPoint as a security tool (under the rules of NAAP)–I confirm that Microsoft is the #1 provider of security tools. We spend buckets of time creating presentations to pitch security, presentations to position how it will be improved, presentations to get funding, presentations to measure progress. It’s a wonder we don’t create presentations about creating presentations. Oh–maybe we do.
So congratulations Microsoft, on your great achievement in the field of information security! I do have one small suggestion… and judging from the ‘Windows 7 was my idea’ advertisements on TV right now, I think you are listening. Could we please have one of those lovely security seals, something like ‘Protected by PowerPoint’, that we could put on our web sites, or stick to our servers?
That’ll keep the bad guys out.