CSO PerspectivesCSO Perspectives (Pro)
Join the CyberWire's Chief Analyst, Rick Howard, as he discusses the ideas, strategies and technologies that senior cybersecurity executives wrestle with on a daily basis.
I'm going to try my hand at a sports metaphor. Hold onto your butts. This past summer, the coach of my local high school football team, the mighty West Springfield Spartans, put a call out to the local fans. He needed volunteers to film his opponent’s teams in the upcoming season. I enlisted with a cackle of tech dads to film one of the competitors. By tech dads, I mean we all came from the tech sector and didn’t necessarily know anything specific about the sport of football. And yes, I realize that “cackle” is normally reserved for a group of hyenas, but I thought it was appropriate for this group of wise-cracking dads. Anyway, we attended a South County Stallion game and filmed what plays we thought were pertinent. Later, we got a slightly miffed email from the coach wondering where the rest of the film was. It turns out that he wanted both sides of the game filmed; the Stallion’s offense and defense whereas our cackle thought the important stuff was just the Stallion’s offense. It might’ve had something to do with the amount of beer consumed, but I’m pleading the 5th on that one.
If you’ve been reading any of my essays of the last year or so, you know that I'm a huge fan of the Lockheed Martin Intrusion Kill Chain model. The ideas that emerged from the original 2010 paper revolutionized cybersecurity thinking. Because of that, I incorporated the key points from that paper into my cybersecurity first principles strategy. As security executives, we all should be asking pointed questions to our infosec teams about how our internal security posture is configured against known adversary behavior.
When I was a young captain in the U.S. Army, I was the signal officer for a field artillery battalion at Fort Polk, Louisiana. That’s the same Fort Polk that the Army created back in the early 1940s to train its famous commanders (Eisenhower, Clark, Bradley and Patton) and the soldiers that served them, to get ready for WWII. Camp Polk, as it was known back then, was a real-life physical training environment where military units could actually maneuver on the ground, make mistakes, and make adjustments to correct those mistakes, before the bullets started flying for real in Europe.
At some point in my professional career, the main thing I did in order to do my job was travel. It wasn’t onerous: out on Monday and home by Friday (usually). Two or three times a year, though, I did travel overseas. Once, when I was still a newbie at this corporate travel thing, I was supposed to travel to São Paulo, Brazil, to keynote a security conference. The night before my scheduled departure, I confirmed my flight arrangements, hotel, and rental car, and I triple-checked that I had my passport handy. When I arrived at the airport the next morning, the airline clerk asked to see my Brazilian visa. I had some experience traveling internationally but nobody had ever asked me about a visa before. Blanky, I responded with “My Brazilian what what?” And apparently, the only way to get a Brazilian visa at the time was to wander down to the Brazilian Embassy in Washington DC, stand in line for a few hours, and pay a fee.
Have you ever come across an idea to solve a problem that was so crystal clear in your mind, that it was such an obvious step to take to eliminate an obstacle, that you just knew that as soon as people heard about it, adoption of it would be swift and unambiguous and we would all move on to the next thing?