Pledge drive

This week the Cybersecurity and Infrastructure Security Agency (CISA) announced the Secure by Design pledge for K-12 education technology providers in order to shore up cyber defenses in the classroom.

This caught my attention for a couple of reasons. One is that this is just another of several similar proposals I’ve seen issued lately, I think this is the second one from the CISA? I know that I’ve talked to a few CEO’s who take these pledge’s seriously, or at the very least want to appear that they do. I’m curious how effective it is on the process overall. Legislation would surely be more effective, However, in the time it would take to even propose that I’m certain I’d die of old age.

This current pledge asks participants to do three things:

• Take ownership of customer security outcomes
• Embrace radical transparency and accountability
• Lead from the top by making secure technology a key priority for company leadership

I feel like those first two points will be a stickler for those now hot-under-the-collar lawyers working at said companies. They’ll still probably endorse this pledge though because it will look really good for them in the short term. Also, the part where it’s not legally binding.

Oh, and the other reason I noticed this? Well, my brother is a computer technician for a school and looking at some of the names for companies and software on this list, I can promise you I have been on the receiving end of several lectures on how they have personally wronged him. More secure is all well and good, but I think he’d prefer they actually worked first.

Next week I’ll be live at GSX, See you there.