{"id":2549,"date":"2020-07-28T09:15:34","date_gmt":"2020-07-28T13:15:34","guid":{"rendered":"https:\/\/zzzptm.com\/wordpress\/?p=2549"},"modified":"2020-07-28T09:15:34","modified_gmt":"2020-07-28T13:15:34","slug":"understanding-security-get-your-metaphors-right","status":"publish","type":"post","link":"https:\/\/zzzptm.com\/wordpress\/?p=2549","title":{"rendered":"Understanding Security: Get Your Metaphors Right"},"content":{"rendered":"\n

Forget any analogies dealing with pitched battles. Security professionals<\/a> are not generals, foot soldiers, commanders, admirals, missile base commanders, gunfighters, or X-wing squadron leaders. Thinking that we are such things puts us in the wrong frame of mind, where we expect<\/a> a conventional conflict. Even if such a conflict is edged in trickery or clever deception<\/a>, it’s simply not how things work in information security. We’re more in a world of trickery and clever deception, sometimes edged with conventional conflict, if anything.<\/p>\n\n\n\n

If we want comparisons to professions, we need to look at spies, pest exterminators, librarians, cattle ranchers, and forest rangers. These are people who manipulate knowledge, guard assets<\/a>, and who deal with hidden threats. If you still want military<\/a> metaphors, I’ll allow people clearing minefields, sentries, codebreakers and intelligence<\/a> analysts<\/a> (although those are technically spies), and military police. Let’s get rid of the glamour and focus on the dirty work, OK?<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

There are two major reasons to come up with the right metaphors and examples for cybersecurity. One is so that we get ourselves into good habits of mind for dealing with threats. Two is so that we can use real-world explanations to help people outside of the profession understand that we don’t simply identify all the PCs running “Hacker.exe” and then blow them up.<\/p>\n\n\n\n

I’ll even dare to say that much of our profession has a connection to organizations<\/a> that make us all uncomfortable. While I don’t want the NSA<\/a> to harvest all of my<\/em> data, I’m perfectly ready to recommend massive data harvesting<\/a> to organizations wanting to improve security. While I’d hate for my wife and kids<\/a> to spy<\/a> on me<\/em>, I’m always advocating that we set up as many sensors<\/a> and data collectors as possible in a customer environment, even getting PCs to report<\/a> on each other.<\/p>\n\n\n\n

In other words, you know you’re a security professional<\/a> when you read 1984<\/em> to get ideas about doing your job<\/a> better.<\/p>\n\n\n\n

Now, not everything in this series will go dark like that. Then again, dark is what we all deal with, so don’t be surprised to find metaphors in that region. They may not necessarily be the metaphors you want to share to explain the profession to others, but they could very well be the metaphors that unlock<\/a> the habits of mind you need to improve your focus.<\/p>\n","protected":false},"excerpt":{"rendered":"

Forget any analogies dealing with pitched battles. Security professionals are not generals, foot soldiers, commanders, admirals, missile base commanders, gunfighters, or X-wing squadron leaders. Thinking that we are such things puts us in the wrong frame of mind, where we expect a conventional conflict. Even if such a conflict is edged in trickery or clever deception, it’s simply not how […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-2549","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2549","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2549"}],"version-history":[{"count":1,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2549\/revisions"}],"predecessor-version":[{"id":2550,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2549\/revisions\/2550"}],"wp:attachment":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2549"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2549"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2549"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}