Cynical Security Cliches

Friday, June 17, 2011

Javvad Malik


Are you a security professional looking at the waters of information security that have been muddied to the extent that you believe it was always a stinking mudhole instead of a freshwater spring?

Chances are – you’re on the way to becoming a security cynic. A maverick, renegade loose canon. Who will do whatever is necessary to get the job done and rid companies of bad security practices.

To help you on your way, here are some of the most common clichés found in cynical security consultants. How many do you possess?

The cavalry arrives after the cynic has resolved all the risks

Cynics never wait for backup. It diminishes their “lone ranger” mystique. That said, it doesn’t matter how outnumbered by senior business managers a cynic is during the final showdown, he’ll blast his way through everyone —before somebody calls his bosses bosses boss and a bunch of black-and-whites start arriving on the scene. A cynics colleagues and CISO are really nothing more than a glorified clean-up crew.

Internal Auditors are nosy, unscrupulous b4st4rds

Auditors are always trying to pin something on security departments. They’ll doggedly pursue every lead, using their statement of work as an all-access pass to the security procedures. The cynic is often the subject of libel or harassment, depending on whether the auditor is a male or female.

Worse, the cynic can even find himself becoming a chief suspect in his own investigation resulting in his own laptop being confiscated for forensic examination. Fortunately, auditors make useful punching bags since they’re often male and have a spine.

If married, a cynic’s wife has a problem with his devotion to the job

If a cynic isn’t already divorced, he’s on the verge of getting there. Married cynics are polygamous, wedded to both their wives and their jobs. Cynics wives are usually totally illiterate to the dangers of clicking on attachments within emails, or downloading files with weird extensions.

As a result, the cynic has to begrudgingly rebuild her laptop every week. This makes the wife appreciate her husbands line of work, so long as pictures of her mother are rescued. What’s more, the wife will more than likely find the experience better than marriage counseling, as their relationships are often strengthened by the trauma of nearly having lost all your digital memories.

The cynic leaps from contracts at the last possible second before they explode

Cynics have incredible timing when it comes to jumping contracts. If he’s unable to save a failing project, or if the budget has been totally cut. He’ll simply remove himself from the fallout blast radius without a moment to spare.

The resulting fireball will nip at his heels but not consume him, nor will he suffer a traumatic brain injury in spite of his relative close proximity to the detonation. It’s a careful balance between leaving too early and losing out on precious day rates vs staying too long and have the CISO making you the fall guy.

I’m getting too old for this stuff

Every now and then a cynic will spend an inordinate amount of time writing a document or blog post. Sit up straight crack their neck and fingers and let everyone know that they’re getting too old for this. It’s really a subliminal message to the slackers around them that they need to up their game and stay ahead of the curve. Younger and more agile forces are at work out there

This isn’t a game!

Cynics don’t play games. However, someone will remind him, or he’ll have to remind someone else that he’s not playing some kind of a game. It’s important to clarify this point. The absence of dice doesn’t necessarily drive this home.

Cross-posted from J4vv4D

Possibly Related Articles:
Enterprise Security
Information Security
Security Audits Security Investigation CISO Infosec Project Management
Post Rating I Like this!
JT Edwards "The absence of dice doesn’t necessarily drive this home"

Like a true security cynic does not have a D20 somewhere in their laptop bag!!

On a more serious note the cynic does risk not being heard! One of the most difficult life lessons I have ever learned is that it does NOT matter what I know it only matters what I can communicate! If when trying to communicate an issue or fact my cynicism runs the risk of making it irrelevant as the audience never gets past my cynicism..

I work in an organization where I have been the bitter and disillusioned IT guy for so long that even when the sky is falling I am rarely listened to! Must be time to become a cynical IT/Security consultant lol
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.