Are you a security professional looking at the waters of information security that have been muddied to the extent that you believe it was always a stinking mudhole instead of a freshwater spring?
Chances are – you’re on the way to becoming a security cynic. A maverick, renegade loose canon. Who will do whatever is necessary to get the job done and rid companies of bad security practices. To help you on your way, here are some of the most common clichés found in cynical security consultants. How many do you possess?
The cavalry arrives after the cynic has resolved all the risks. Cynics never wait for backup. It diminishes their “lone ranger” mystique. That said, it doesn’t matter how outnumbered by senior business managers a cynic is during the final showdown, he’ll blast his way through everyone —before somebody calls his bosses bosses boss and a bunch of black-and-whites start arriving on the scene. A cynics colleagues and CISO are really nothing more than a glorified clean-up crew.
Internal Audit are nosy, unscrupulous b4st4rds. Audit are always trying to pin something on security departments. They’ll doggedly pursue every lead, using their statement of work as an all-access pass to the security procedures. The cynic is often the subject of libel or harassment, depending on whether the auditor is a male or female. Worse, the cynic can even find himself becoming a chief suspect in his own investigation resulting in his own laptop being confiscated for forensic examination. Fortunately, auditors make useful punching bags since they’re often male and have little to no spine.
If married, a cynic’s wife has a problem with his devotion to the job. If a cynic isn’t already divorced, he’s on the verge of getting there. Married cynics are polygamous, wedded to both their wives and their jobs. Cynics wives are usually totally illiterate to the dangers of clicking on attachments within emails, or downloading files with weird extensions. As a result, the cynic has to begrudgingly rebuild her laptop every week. This makes the wife appreciate her husbands line of work, so long as pictures of her mother are rescued. What’s more, the wife will more than likely find the experience better than marriage counselling, as their relationships are often strengthened by the trauma of nearly having lost all your digital memories.
The cynic leaps from contracts at the last possible second before they explode. Cynics have incredible timing when it comes to jumping contracts. If he’s unable to save a failing project, or if the budget has been totally cut. He’ll simply remove himself from the fallout blast radius without a moment to spare. The resulting fireball will nip at his heels but not consume him, nor will he suffer a traumatic brain injury in spite of his relative close proximity to the detonation. It’s a careful balance between leaving too early and losing out on precious day rates vs staying too long and have the CISO making you the fall guy.
“I’m getting too old for this sh1t”. Every now and then a cynic will spend an inordinate amount of time writing a document or blog post. Sit up straight crack their neck and fingers and let everyone know that they’re getting too old for this. It’s really a subliminal message to the slackers around them that they need to up their game and stay ahead of the curve. Younger and more agile forces are at work out there
“This isn’t a game!” Cynics don’t play games. However, someone will remind him, or he’ll have to remind someone else that he’s not playing some kind of a game. It’s important to clarify this point. The absence of dice doesn’t necessarily drive this home.
Javvad Malik 