Don’t revel in the failure of others, particularly when it comes to security

Wed, 10/21/2015 - 05:00

In the first part of his six-part series of blogs for Totally MSP, LOGICnow’s security lead, Ian Trump, sets the scene for a roller coaster info sec ride.

“They were doing it all wrong” is a phrase that is all too often Ian Trumpgleefully uttered by the MSP taking over from whatever organization just failed. In the weasel-eat-weasel world of modern IT service provision, this begs the question: “why do we keep tap-dancing on the failures of our colleagues?”

It’s one thing to revel in our own success(es); but is a virtual victory lap really necessary? Are process and procedures so diverse between providers that somehow your way is the ONLY way to deliver a service? Cybercriminals are here to induce a healthy dose of hubris in all providers. So, whether you’re internal IT, external IT or extraterrestrial IT (I’ve just registered the TLD .mars, it’s going to be huge one day!), an MSP or a break-fix shop – you can’t afford to get complacent.

I’m Ian Trump, Security Lead turned white hat hacker, and I’m going to create a bit of a cyber-ruckus with my thoughts in blog posts in the months ahead.

Like most IT security practitioners, I have a dysfunctional relationship with many things, including the Internet. The Internet is both the source of criminal and foreign intelligence service attacks and at the same time, the repository of information on how to detect and mitigate those attacks. It’s like being held hostage by Hamas only to be rescued by Hamas. No wonder people are confused about the content, ownership and ultimately security of the Internet – the thing we use both kills us intellectually (Candy Crush), but also gives great insight into our human condition (think Ars Technica).

Brittney Postnikof, robotics specialist, AI hacker said, “Hackerspaces are the new churches”. Twitter was invented for awesome stuff like this. It’s a great thought, and a passionate idea. When Martin Luther started the Reformation in 1501, he made some comments, nailed them to a church door and changed Christian thought for the next 500 years. I don’t think I’m going to alter Information Security thought for the next 500 years, but this was an introduction piece and I wanted to sound witty, sophisticated and urbane.

Over the past 20 years, I’ve failed at security – lots. I’m going to talk about some of my mistakes, give you some insights, maybe even spark some lively debate – like if you happen to say “Adobe Flash” is awesome; you’re just trolling me which will be fun for one of us.

What can you expect in the months ahead? Well I’d like to say pure info sec comedy genius – I’ve been told if the info sec thing does not work out I could open for acts in Swansea. In reality, what I hope to deliver is some pain-free perspective. Info security gets hard – only if you let it. We’re going to start winning at info sec if you pay attention and take a moment to reflect on the fact that some one else’s failure is the reason your customer is under attack.