Throughout 2011, “Occupy Wall Street” protesters camped out in public parks across the United States. They were angry about something.

They weren't sure what.

Their messages were incoherent. They wanted the government to fix things. They wanted the government to stop corporate greed. But for all of the idealism behind the movement, the protesters missed one important fundamental point: corporations (like nation states) have escaped human scale. There is no “man” to fight, just a sprawling entity whose goals are perpetuation and expansion.

What does this have to do with information security? Everything. Until you've worked for a massive corporation, it's difficult to really understand how they function; a collective of affiliated business units bound together through uncompromising process. A CEO is a figurehead, nothing more—someone to put a face to a new product in the case of Apple or someone you have to look up to know their name in the case of Verizon or whoever.

Pharmaceutical companies are no strangers to protest and 2011 was no exception. Groups picketing Novartis or Pfizer are so common as to not be worth a mention. Of course, expressing your objection to corporate policy (in this case animal testing) by waving a banner is at best ineffective precisely because of these reasons. One day, one of these groups will learn basic system intrusion skills and they might achieve something.

Who knows?

When I attended the scoping meeting to discuss an APT modeling ...