Many of us see flaws and problems in the way that we build software, as well as the way in which our infrastructuer is configured. There have been no shortage of times in my career when I, or a coworker, wondered why we didn't work to implement better security in our systems.

Perhaps it wasn't us. Perhaps it's not a lack of desire, but maybe it was due to a lack of knowledge. I ran across a piece in Enterprise Security that notes we should have security training starting at the top, with our C-level executives. Far too many of them don't necessarily understand the threats or nature of the threats because many of these threats didn't exist 20, or even 10, years ago.

I think there's certainly room for most of us to learn more about security, especially database security and SQL Injection as these are fundamental issues around some of our most important assets: our data. However when we want to implement stronger security, or limit access, we need the support of management, who themselves need to understand the issues, not just respond to whoever makes the best case, or complaints the loudest.

The world has changed, in that our valuable assets can be transferred to our competitors, or common criminals, and we aren't away of the disclosure. Or perhaps worse, our enemies could change some data and we might never know without the ability to perform comprehensive audits of our systems, something many of us might not be able to do.

I think there is a good case to ask our management make an effort to understand cybersecurity, and I'd urge you to pass this link along to your management.