A while back there was a thread I saw talking about the difficult things about being a security professional. I enjoy these kinds of things, because it’s always enlightening to hear how your peers and colleagues see the world—and how differently they may see it from you.
Of course there’s the obvious, “focusing on the basics” because that’s effectively the root of almost all the high-profile security breaches, but I’m going to save that one for another day.
The one in particular that I hear quite often – and probably surprises me the most, at least on one level – is the one that goes along the lines of:
“I’m just overwhelmed. Every day there are new vulnerabilities, and it’s nearly impossible to keep up with it!”
Now one thing you may or may not know about me is that I’m a big fan of animation, so I tend to watch a lot of animated movies—with or without my children. One of the ones I saw recently was Secret Life of Pets 2, which, admittedly, I didn’t think was quite as good as the first one.
I won’t get into the whole thing, but there’s two dogs: a city dog named Max and a farm dog named Rooster. Now, Rooster’s a pretty cool dog, not to mention being voiced by Harrison Ford, and he pretty-much runs the farm.
He has everything under control. One bark stops a sprinting turkey dead in his tracks, and to get the cows or sheep in line, all it takes is a stern look and maybe a short, “Get back in there!” command.
Rooster is THE BOSS.
Max on the other hand is quite different. He’s generally pretty skittish, and makes his own trouble that somehow, and mostly by accident, he manages to solve thanks to the help of his friends—or simply blind luck.
And in the second movie, Max’s owners have a new baby, so of course, Max is about as over-protective as you can possibly get. Everything’s a possible threat, and he jumps at just about everything.
In fact, Max is the pretty typical dog who’d be happily lying there, and then see a squirrel, and tear off after it, forgetting what he was doing (provided he wasn’t afraid of it). Hours later, he’d return, thinking himself the bad-arse, having chased all the squirrels away and protected the world from harm.
Of course, the squirrels are likely sitting in the trees, pissing themselves laughing at having kept the dog occupied for so long with such little effort.
Given the same squirrel, Rooster would probably just raise his head, look at it, and if it didn’t get the message, maybe give a soft, “Woof!” and send it on its way—if he bothered to engage with it at all.
So it strikes me that there are a lot of security professionals who behave like Max, and there are far fewer security professionals that behave like Rooster.
And the primary difference gets back to my email yesterday about classification. Rooster’s much better at understanding what’s a real threat that needs to be actioned and what’s already been assessed, actioned and should be under control.
In my experience, there aren’t a lot of security programs that can do this effectively.
They simply don’t know how.
Or…if they do, they haven’t managed to put together the tools that allow them to actually learn from their experiences and leverage it for the future.
Back to Max and Rooster after Max explains why the toddler’s locked in a portable crib so that he can’t get out and hurt himself.
Rooster says, “Kid gets hurt, he learns not to do it again. You know how many electrical cords I chewed?”
Max asks slowly, “Like…multiple cords?”
“One,” Rooster says reverently. “It shocked me,” he said. “I walked backward for a week, but I never chewed a cord again.”
So, which dog would you rather be? The one afraid of everything, reacting the same way every time, or the one that learns, is able to leverage what they know so they conserve their energy (and their budget) for the things that really matter?
If you want to develop the skills to learn effectively, codify that knowledge in ways you can leverage in the future so you can stay focused on adding real value to the organization and be the Rooster of security architects…
Here’s the link for how you can do just that: https://archistry.com/besa
Eventually, we all get tired of chasing squirrels and find a better way—or we get out of the game. It’s always your choice which one you do.
Stay safe,
ast
—
Andrew S. Townley
Archistry Chief Executive
