It Isn't Brain Surgery: Dissecting the Cyber Cerebellum
Amanda Fennell: Welcome to Security Sandbox! I'm Amanda Fennell, chief security officer at Relativity, where we help the legal and compliance world solve complex data problems securely. And that takes a lot of creativity! One of the best things about a sandbox is that you can try anything. This season, let's explore how curiosity and personal passions inspire stronger security. Grab your shovel, and let's dig in!
For today's shift, our sandbox has been sculpted into an operating table where we'll be racing against the clock to stem and stitch up a nasty data breach. The surgeon general on call is my good friend and husband, Dr. Vernard Sharif Fennell, practicing neurosurgeon at Ochsner Medical Center. In addition to his intimate knowledge of the brain and spine, he also played defensive lineman at the University of Massachusetts, yet he's regularly pancaked by our three children. Also in the operating suite is my longtime partner in security, Darian Lewis, staff threat intelligence analyst on Relativity's Calder7 security team. He keeps his finger on the pulse and will be closely watching the blood pressure of this podcast.
One of the first things I want to get out in the open is, let's talk about the term "on call," because this means similar and different things for both of you. I'm going to start with you, Sharif, because as your wife, this is difficult. I have a long, strong opinion about this situation.
Sharif Fennell: Yeah...
Darian Lewis: You with an opinion? Come on. That's odd.
AF: Obviously, you two know each other. It's fine. It's fine. Sharif, please tell us all, what does the term "on call" mean to you?
SF: In short, it means being available at all times. Sometimes that means operating through the night or through the day. Sometimes that means taking phone calls through the night and through the day. Or any combination of the two for a day, a few days. And it means different things to different places, particularly if you're a trauma center.
AF: I've got an opinion here, too.
SF: Oh, I bet you do.
AF: "On call" for you, for me, means that you're sleeping on the couch because your phone's going off too much, and you're not drinking wine with me, which are the two takeaways that I have. Alright, Darian—I suspect that's not how you use the term "on call" in threat intelligence. By all means, what's your interpretation of the term "on call"?
DL: It's similar to "on call" for medical in some ways. It can happen literally any time of the day or night because the internet itself doesn't have global boundaries, and it crosses any time zone. You have to be ready to get up and go using years of experience to discover what has happened, because you never know what's going to happen, how it affects you or your organization, or what the immediate next steps would be. Also, who else is going to need to get up and get going working on the problem?
AF: Darian, let's talk about research. How do you approach it? How do you know when you've done enough research on a topic? What does "enough" and "good enough" look like?
DL: It depends on the level of panic attack that you're having at the moment. Quite honestly, we see things in the news that just incite firestorms, and it will stop organizations. They will stop functioning until someone understands what's going on. And so research for me starts with always keeping up your technical skills, but in the end, it really means digging until you find what the answer is.
AF: I'm going to ask Sharif the same question because I know he researches before a big case when he's doing a new approach, et cetera. I'll see him walking around with a book, and when I see him walking around with a book, I love to joke. I'm like, "What? You don't know how to do brain surgery"? And I know it's not brain, it's neuro. I know that. But same question to you.
SF: That's honestly one of the reasons why I like medicine in general. There's too much to know all the time because it's constantly changing. And so you kind of have to constantly keep up.
AF: Darian, does this sound slightly familiar?
DL: Yeah, I'm just kind of wondering—depth versus breadth. Medicine is this huge field. How far do you go width-wise and where do you stop? Do you literally just stop at the vessels and the brain, or are you whole body? Do you have to know everything about everything?
SF: At different stages, you have to know different levels of breadth and depth. From the medical school part, you actually have a very wide breadth of understanding. I remember people used to say this to me when I was a medical student: "Oh, you probably know this better than I do." The residents would say this, and sometimes even the attending would say this. And it didn't make sense to me. In retrospect, it's absolutely true. As a medical student, you're studying 16 hours a day. Now, my very simplistic way of looking at things from a surgical standpoint is, look at the disease entity itself, how it affects a person in terms of what their presenting symptoms are, and how that correlates to what area is affected. And similar to some sort of malware, maybe kind of reverse engineer and go back to what's happening around it right now.
AF: What has been your most challenging surgery?
SF: I've told you this before.
AF: I would hope I know!
SF: Yes, you do know. I think one of the most challenging cases took place when I was a fellow, and I had a tremendous mentor there, Dr. Robert Spetzler, who is a phenomenal teacher. He's a phenomenal surgeon, and he's a phenomenal person. We were doing this procedure on a young woman in her mid-20s, and she had what we call an AVM or an arteriovenous malformation. Sometimes these AVMs can be very compact, and they can have this ball of misshapen blood vessels with abnormal arterial flow and dilated veins coming out. They can rupture, they can cause seizures, they can cause massive headaches, and so forth. So a lot of times they need to be resected.
Hers was relatively small, but it had this larger component that looked like a cyst. In retrospect, it was not a cyst; it was a vascularized cyst wall. Part of it that made it challenging was underestimating this disease pathology—which is something I learned from that which I will never, ever do again—and making the approach vector probably a little bit smaller than it should have been to try and be, you know, quote-unquote, “cute.” It kept bleeding, and one of the most harrowing things about tumor vascular surgery is, when things are bleeding at you and it becomes very difficult to stop, there is a very visceral response that happens with your heart rate, with your mindset, with everything. That honestly made it the most difficult part.
And the funny thing is at the conclusion of that, doing this case with Dr. Spetzler and one of the chief residents ... and the end, he didn't yell. He was very calm. He was quick. He just turned to me and said, "Oh, that was tough." And that was it!
AF: I remember when Sharif went through that, it was harrowing. And he came home, and he looked at me, and he doesn't always tell me very much about what's going on, because I think it's nice for you to come home and you don't have to talk about the thing you just spent all day dealing with. Either that, or I'm just really self-absorbed. It's one or the other. Darian's laughing because he's like, yeah, that sounds right.
AF: So Darian, whenever we've had these incidents and we've said, "Stop the bleeding," and there's been paranoia and so on, which one comes to mind? The biggest adversary you've had to go up against, the biggest moment that you also had to look around and say, "That was tough."
DL: It's not always the biggest. In fact, I have to back up just a little bit. About 12 years ago, I decided that I needed to deal more with people than technology because I was kind of losing my humanity, sitting in front of electronics on a keyboard all day long. I decided to become a volunteer medic. It was two years to get to Basic, and then another two to get to where you could do drugs and cardiac and a lot of studying. I commiserate, certainly not on the level that you're at or anywhere close, but I certainly understand. One of the things that it did give me was this feeling about how humanity and technology are not separate—that there are actual people behind attacks and bad behavior. The worst situation that I've been in, and probably the most memorable to date, was working in a company that was tracking child abusers online and, in particular, child pornography. Being a restricted thing, you can't even bring it up inside a monitor because you don't want to see it, but it's illegal to do.
SF: How do you protect yourself?
AF: They call that secondary trauma, right?
DL: Yes, and there's a lot of trauma. You end up talking to people about it, doing a little therapy.
AF: That's one of my questions. How do you come home and, or in this case during COVID, how do you move away from the computer and unwind and switch gears? What do you do?
DL: Thank God for Netflix and the internet. That's all I can say. I have been binge-watching lately, and this week has been glassblowers for some reason. That's so calming for me.
AF: I love glassblowing. Really big fan. Okay, Sharif?
SF: It's interesting, like when you mentioned trying to care of yourself—I think there are lots of corollaries to medicine in the same way. Like you said, as a medic, you come on the scene and see body parts, and you know that's reality and that it happens, but it doesn't make it less affecting to you. In addition to the technical aspect of whatever you're doing, some of the most difficult parts are being able to protect yourself, but at the same time being empathetic to patients and their families and trying to help steer them through some of the most difficult things. Some of the things that I do to relax, honestly, is to try and be normal. Tuck in my kids; give Amanda a kiss; if she'll let me, hug her; and sometimes watch Netflix or watch sports. We're Buddhists, and a lot of times I chant to help myself wind down, and to process what may have happened during the day or even is still happening. Trying to put that in the appropriate context.
DL: Do you find yourself building a shell—the professional shell that you wear?
AF: Oh, he does!
SF: I try very hard not to.
AF: One time, I saw him at work—this was ten years ago—and I'd never seen him at work before. And it was jarring.
SF: It's tough during residency because, the hours are long now, but the hours during residency are long, unforgiving, and you're just tired all the time. Not that I'm not tired now, but you're just, you are exhausted in every aspect—emotionally, spiritually. This is, again, in part why I have to chant every single day. If I didn't, it would be very easy to become cold. It's very easy to put a shell around yourself to protect yourself. I may outwardly project as being unemotional sometimes, but I'm a very emotional person. Taking in their grief can weigh on me, and it's always a changing balance of being empathetic and listening to someone and having a real life-to-life and heart-to-heart kind of discussion without taking all of it in, quote unquote, “protecting myself,” so I don't go down this rabbit hole.
AF: Darian, you made a comment one time and said, "In terms of being in the emergency medical realm, this is the worst day of that person's life when you've showed up." I think it's like that in security. It's the worst day in a lot of people's lives from a company perspective. And sure, it's not life and death, but it's still that feeling of, you know when you come upon a scene, it's the worst day of those people's lives. You have to be the calm in that storm, and you have to try to navigate, right?
DL: No, not at all. Lately, the two that are definitely on the top of my "no-no" list are romance scams, which is something that is pissing me off to no end—to take people that are at the most emotionally vulnerable points in their life, where they're trying to find a connection with another human being, and then using that as a methodology to exploit them, to steal money from them or their identity. That has some personal resonance that I cannot get away from. There's the child people who are abusing children in any mechanism, methodology, or whatever they're doing. And then there's the run-of-the-mill stuff like stealing money and skimming credit cards. That kind of stuff doesn't evoke those kind of visceral responses that you tend to have when it's something that's near and dear to you.
AF: When it comes down to security 101, we want to prevent everything. What's your advice for the best prevention in security?
DL: We discussed it earlier. Prevention is knowing what's out there, so that it doesn't come to your doorstep. The more prepared you are, the more you understand things and the bigger picture, the better you can prepare yourself. You have to know who the bad guys are, what they do, how they do it, what in the world is going on that triggers that event. It's strange; people sometimes won't do things until there's this triggering event.
AF: That's why we have you, Darian, because we do focus on threat intelligence. We want to know what bad is out there and what's coming down the pike. So Sharif, I'm going to ask you a question that's really going to set you up for success here, because I know you have to answer this so many times in your life. How do you prevent strokes?
SF: It's a good question.
AF: Is it? I thought of it myself.
SF: That's very good. I hate to be simplistic, but being healthy. Controlling your diabetes if you have it, keeping your blood sugar under control, keeping your cholesterol under control, certainly controlling your high blood pressure, being physically active and eating healthy.
DL: We don't talk about this a lot in society because there's still a huge stigma around it. But talk about the impacts of psychological health here.
SF: Ideally, you want to treat the person and not treat the image or not treat the disease. Take care of the person overall. Many times that means understanding and trying to address all areas. I don't think you as a medic or nurse or physician have to take all the responsibility to cure all that. But you do have to take it into account. Like I mentioned earlier, this is a very wide breadth of understanding. For instance, one of the more common things that happens is that, people who have aneurysms in their brain that rupture, have subarachnoid hemorrhage, oftentimes—if they survive the hemorrhage, and a lot of times they don't—if they survive the hemorrhage, they get treated [more broadly]. A lot of times they can have residual seizures, depression, worsening depression, anxiety, and some personality changes. Just treating the ruptured aneurysm in and of itself is incomplete at best.
AF: I've been in a room with a bottle of wine and the two of you before, and I know this could be a long, long conversation. I'm going to move us towards our wrap-up because I want to make sure we keep it short, sweet, and that people really see how well these two realms blend together.
Neurosurgery and security is very much an overlap in my life. But also in in your life, Darian, it comes across, even in security. When we walk away from this listening, I hope that you'll put together a few of the tidbits we've learned on how these work together and incorporate them in your program. Here's a couple just to make sure that you heard them really well.
The first one is, when you do your research on new things, which you always have to do. It's a measure of the breadth and the width—keeping that eye on how far you're going to go and how deep you're going to go in those topics is a great calibration.
Next is remember to unwind. We need to learn it, even if we're still working on learning it, Darian. We're trying to figure it out right now, but it is important for us to be able to do that shift.
And then I do love that thought on learning how to be the calm when it's someone's worst day. I think in both of these realms we do that a lot. One of my favorite quotes was from Horatio Hornblower: "Never run on deck. It makes everyone else nervous." I love that because that's really what it's about when you're in the surgery; it's what it's about when you're in the middle of an incident, Darian. It's the calm. We put these all together and—you're laughing? Is it funny to you?
SF: It's funny because one of my attorneys once said that to me. He said, "Never run to a trauma. Quickly, walk, don't run."
DL: The fire department has a very similar saying. This is not your emergency.
AF: Oh, that's amazing. That's awesome. Alright, I will end our podcast today with probably the most important quote we'll have, which is from the great Sharon Stone: "If you act like you know what you're doing, you can do anything you want ... except neurosurgery."
SF: I had not heard that one before.
AF: It's awesome. Look, it is a lot of people's worst day in their life indeed, whenever we have to be in that surgery or in that incident. But today has been one of my better days, and I'm glad that you two were here. I enjoy always getting to have a conversation with both of you. Thank you so much for joining, and I look forward to having both of you back on.
SF: Thank you.
DL: Thank you.
AF: Thanks for digging into these topics with us today, listeners. We hope you got some valuable insights from the episode. Please share your comments or give us a rating—we'd love to hear from you!