Does Security Have to be Technical?

I had been a software engineer for at least 3 years specializing in digital security. A month ago, I attended a small workshop which talked about IT Security for corporate and the speaker said this somewhere in the middle of the workshop:

“Security is a process. It does not have to be really technical and the most important part is the process.”

I stunned for a while and suddenly my mind wondered away from the workshop deeply thinking, what is the speaker trying to deliver? I started this serious thinking simply because it is not said by some non-technical or sales person. Instead, the person speaking in front of me is a Certified Ethical Hacker.

A padlock key on a keyboardAt the end of the workshop, I begin to understand what he is trying to deliver. After 3 years of writing programs for the benefit of security, I turned out saying that security is a process. Why would I say that? Look around us. All the tech that you need to protect yourself from cyber crime is there. Anti-virus, firewall, anti keylogger, parental control, password manager and many more are all available in the software market. There is no reason for us to say in terms of technology, we are not good enough in security.

What makes so many of us a victim of computer or internet threat is the lack of proper process in computer and internet security. Security is not a short process where you only apply if you need it. For instance, you don’t only apply security when you had just downloaded a file from an unknown site which required a security scan.

Security is an end to end process. This means that the moment your computer boots up, security should be applied until the time your computer shuts down. People usually failed to stay secure simply because they don’t apply security from the very start. Agree?

So what’s your view? Do you still think that security has to be something technical?