Fun-sized security

Going to the cinema is always a nice experience. Even if the film isn’t any good you always know that the trailers will be enjoyable. Trailers are so good, they can condense a 3 hour dribble of drama into 90 seconds of anticipation which make the hair on the back of your neck stand on end. Maybe it’s because they only show the good parts, combined with the music and the deep voice-over which ends up depicting Top Gun as an adrenaline junkies wet dream on steroids, as opposed to a homo-erotic piece of dribble on male bonding.

It seems I’m not the only one captivated by these bite-sized chunks of sensory overload. Websites like YouTube thrive on short clips with all the good bits with the boring gunk stripped out. I remember seeing the chase scene in the beginning of Casino Royale and thinking how cool it was. So I hopped onto YouTube and searched for it. A couple of hours later I was still on my PC watching free-runners jumping from rooftop to rooftop across every continent in the most amazing way.
How can a book or documentary compete with that? Would anyone even be able to stay awake for the entire duration of The Godfather had it been released in today’s day and age?

We see the same thing with so called ’script kiddies’ trying their hand at hacking these days. They’re not interested in understanding how a system works, or bothering to endure the pain of any sort of research. Rather they just want someone to provide them with a tool which they can click on and allows them to do all the exciting cool stuff and then brag to their friends the next day how they pwned a website.

Unfortunately, it seems that Security professionals are also falling into the same trap these days. Rather than learning the art of good security, the industry is allowing itself to be reactive and incident driven. Wait for a major incident to occur, look into their magic 8-ball and apply a big sticky plaster, then wait for the next major incident to occur.

When fellow professionals talk about security, I never watch them. What I do is watch the audience watching the presentation. And it’s depressing. Because they only really perk up when they hear about how the gang made off with 20 billion dollars in untraceable notes. Whenever that’s not being mentioned, they start to fiddle with their blackberry or pour themselves another coffee.

Excitement is all good and quite fun to be honest. Working under pressure trying to fight the international criminal organisation who is trying to defraud your customer. But sometimes, if you’d done the boring stuff up front properly, you wouldn’t be in this situation to start with.

Which is why I believe Security Professionals never really want the world to be a perfect place, they never really want to stop all forms of breaches and fraud. Not only would they probably not have a job to come into. But life would be a whole lot more boring. And I’d rather die than lead a boring life.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s