Reality-based Consulting

One of the pillars of the Pythia Cyber philosophy is what one of our Founders, John Sebes, likes to call "reality-based consulting." As another one of our Founders, Ted Hayes, puts it: there are no Participation Trophies in Cyber Security.

This harsh truth is something Pythia Cyber addresses head-on because we want to leave our clients with formal, provable, self-sustaining  Cyber Security programs. In our previous careers, we all suffered through Security by Obscurity and Security Theater, two leading ways people avoid reality in this arena. We don't want to be part of either.

Your efforts either make you safer or they don't. It is not the thought that counts, at least not in this case. If your Cyber Security efforts  do not make you safer, then those efforts are a waste of time and money. Unless you merely want to feel safer instead of being safer.

Security by Obscurity is relying on being too small or insignificant a target to bother much with Cyber Security. There are two problems with this philosophy: first, it is very hard to guess the motivations of potential adversaries. You might be exactly what they are looking for. Second, the "protection" offered by this approach is brittle: when that "protection" fails it instantly goes from 100% to 0%. Things are unlikely until they occur, at which point they have occurred and their likelihood isn't relevant any more. For example, if you park in a crowded, giant parking lot, you can tell yourself that it is highly unlikely that your particular car will be vandalized or stolen. But if you come back to your car to find the tires slashed or the car gone, will it really matter how your car was selected? Or that 700 other car were not?

Security Theater is what happens when your leaders feel that they need to be seen taking action, rather than feeling that they need to accomplish the goal. Using laminates on your windows which block WiFi from leaving your building makes you safer. Big signs warning users not to share the WiFi password do not make you safer.

If you want to spend the time and money and effort to actually be safer, we are happy to help. If you will settle for merely appearing or feeling safer, you will want to hire someone else.