

Ask HN: What is missing in the IT security world? - darxius

I&#x27;ve been toying with the idea of a security-related startup - possibly geared towards getting other startups to be more security minded by making security easy.<p>However, I&#x27;d like to hear from some people in the security field (or sys admins) to get their opinions on the state of security at their company and in IT in general. What&#x27;s missing? What are the different pain points when dealing with security? Ever wish a certain product existed?<p>I&#x27;m going to take what I learn from you guys, draft up a survey, and send it out to my network and see what sort of feedback I can get from them.
======
fabulist
It would be incredibly nice if there was a home security system that was
actually difficult to defeat.

The existing ones are susceptible to denial-of-service attacks against their
communications infrastructure (cutting the phone line, jamming their GSM,
jamming the communications between the sensors and the base station.) It would
be nice if they were able to fall back to redundant communication lines.

For instance, in my city, there is an ISP which provides service over point-
to-point microwave. If the phone line was cut, and the cell line was jammed,
this would still be available to report break ins.

Having multiple redundant means of communication also opens the possibility of
reporting a break in if communication with the base station is lost. With just
one line, the rate of false alarms would probably make this impractical. But
with three, you can be pretty sure that someone is deliberately disabling your
device.

One final note; whatever you end up doing, get another company to audit your
product before it comes to market. Too few companies actually do this, but it
is quite necessary. By their very nature, mistakes tend to occur in places you
(/your engineers) wouldn't think to look.

------
jimkri
I think that is an awesome idea. I am currently a Business student with a
computer science minor so I consider myself very technical. What I have seen
is that business students now are not technical at all. They are going into a
lot of businesses without a knowledge of how important security is, or they
have the mindset, “I never will be hacked” or let the programmer worry about
that. So when you have managers who are not technical and don’t know shit
about security they push the programmers to focus on other things. There needs
to be a shift in how management thinks about security. That is what I think, I
could talk about security for a while, it’s an important thing for businesses
to follow yet they don’t, I am now talking about more than startups. Look at
all the security breaches that have happened, businesses wait till a breach
happens, a startup that does the security for companies would be big. Take the
hassle and worry from the company.

I went on a little rant, so I apologize. haha

------
jnazario
in a nutshell, close the skills/talent gap. not enough people qualified for
the million or so open roles. close that gap somehow.

