Thu 27 Jan 2011
This post repurposed and amended from a recent dispatch on Infosec Island.
Coming soon, either “Social Media is my Job Pimp” or “The Mobile Security Arms Race” Feel free to vote in the comments below. And now, without further ado…More than 88 Lines:
For those of you without an insatiable addiction to 80s punk, goth and new wave, the title of this post is inspired by the ’80s classic by The Nails — 88 Lines about 44 Women. This song was the first thing that came to mind when the folks at Infosec Island asked me to join their band of security crazies as a regular contributor.
Flattered to be sure, given that I’ve only begun to cut my baby teeth in this space as a former vendor marketing hack.
Now, before you stop reading, one thing you should know is that my background (visit me on LinkedIn) has trained me all too well to take the tangled mess of Cyber, rootkit detection and eradication, Application (In)Security, common exploits, etc. and turn it into something that end-users actually understand and want to avoid.
With that in mind…and with your indulgence…here are my observations after nine whole months in the IT security sector– 88 lines about less than 44 weeks in Infosec. Let’s start with my Top 5, which, given my tendency to drone on, may end up being 88 lines.
1. From Week 1 to present, you have all sufficiently scared the holy hell out of me with how real, lucrative and mostly unavoidable cybercrime/cyberwar/cyber espionage is for targeted companies and people. Good show!
Any thoughts on taking your act on the road to senior citizen homes, community-sponsored events on online safety, schools, etc? Layer 8 (aka people for the uninitiated) needs you! It’s time to take what you know to the street and quit telling each other what you already know.
I’ll offer myself up as your first community leader in my hometown of Portland, Oregon… I’ll just need your brains and a help with a curriculum that makes sense. Help me help you!
I know millions of people even more ignorant than I on the perils of Internet stupidity. And they need to be reminded daily, not once a year in a thin public service announcement or press release by DHS during Cyber Security Awareness Week.
2. Information security isn’t about you. It’s about protecting the weak from the valley of darkness. Be the Shepherd, not the self-congratulating rancher. You can be smart, revered and successful without being a prick.
Call up your alma mater and offer your skills or consulting advice for free. Help a newbie gain his stripes in the industry (thanks @falconsview @jackdaniel @BrianHonan @DeathwishDuck @Wh1t3Rabbit @TripwireInc @andrewsmhay @briankrebs and so many others!).
Celebrate the fact that somebody actually respects you enough to ask for your guidance. And then give it away…freely.
3. I love that people in the IT security community are so far out in front on the usage of social media tools like Twitter to not only engage with each other, but use it as a means of revealing new threats, testing theories and furthering the global #infosec community.
I know the medium is also used for evil on the social engineering front, but those leveraging it for good will prevail. Expose the shitheels at the speed of “Send.”
4. Cloud computing has got to be the dumbest, most innocuous name for something so vital and potentially dangerous.
Can we please call it what it is: A Digital Data Trailer Park susceptible to methed-out dudes breaking in to steal your valuables, with more-than-occasional, seemingly targeted, natural disasters that may put you in the bread line and delivering a nagging, persistent gut ache and brain traffic that circles the unanswerable question “Is my valuable data secure?”
C’mon you’re doing this to save $. Is it worth it? Are you sure?
5. And this is probably the most crystal clear and personal observation over the last 40+ weeks in infosec.
Like security itself …it’s a never-ending journey that unearths painful truths, nerve-wracking challenges to your beliefs and confidence, and it keeps its clutches in you with the lure of fighting the good fight or making an obscene amount of money and wreaking a new kind of havoc on the world if you’re donning the black hat.
Damn you, Infosec. I’m hooked. A reluctant data security junky with a dangerous amount of semi-informed knowledge, eager to fight alongside you. I’m not going anywhere.
For better or worse. I’ll be taking what you know and sharing it with the computer users getting pummeled by their own laziness or uninformed mistakes… until further notice.
Until next time.