A decade and a half ago, before information security became so important, I would often hear and use the phrase “security is a process, not a product.” I’m not sure who coined that term, but it was very fitting, even back in the earlier days when security was often an organizational afterthought.
At that time, the threats were not terribly advanced, and vulnerabilities were not nearly as prevalent. Fast forward to today, where things are much more dynamic. The threats have matured and have much greater financial backing. Vulnerabilities are a dime a dozen across everything from desktop operating systems to Web and mobile apps. Entire careers and businesses are at the mercy of that dreaded system outage or data breach.