What's the connection between the computer security industry and prostitution?
At first sight there's very little but a conversation I had at the Infosec show reminded me of an old story.
The story (probably apocryphal) is about George Bernard Shaw sitting in a train compartment with a young woman and has him asking her if she'd sleep with him for a million pounds. She says yes (a million quid was a lot of dosh in those days) and he then asks her if she'd sleep with him for a fiver. "No", she says, "what kind of woman do you take me for?" "We've already established that," says Shaw, "we're just haggling over the price."
What made me think of that? A conversation I had with two IT luminaries in which we discussed security breaches and, in particular, human weakness and the ways in which criminals would prey on that human weakness to exploit security breaches. We've all heard of cases where lowly members of staff have revealed information for financial reward.
"What would be your price? Mine would be Â£25m" said a very senior industry figure. He quickly explained his reasoning: he would never be able to return to public life, would need to live the rest of his days in relative comfort and that the money that he'd receive for his nefarious activities might not be easy to invest for the highest possible return. The rest of us thought our price was a lot lower than that.
But it got me thinking, do we believe, like Shaw, that everyone has his or her price? And if so, what is it? What would your price be for betraying your company? Perhaps for revealing everyone's passwords; perhaps for opening a fictitious account; perhaps for selling your company's secret design. Or are you incorruptible? Perhaps you'd like to think about that - I understand that Â£25m goes a long way in the Cayman Islands.