The Sniff Test
I often make associations between being a parent and various aspects of information security. You may not always see the connections I see, but once in a while the connection is clear. We decided it would be fun to go for a family bike ride at a nearby park. The path we rode on was an old towpath of the canal systems that ran through northeast Ohio. It was a great location and our destination was a farm right on the trail that we heard had a great farmers market. This worked perfect into our plans to pack a light picnic to eat along the way.
After stopping at the farmers market for a while, we packed up our purchases so we could go and eat lunch. My two older kids watched as we packed the two younger ones into the tag-a-long. As we did this a grandfather aged man walked up to my second oldest and said “I will trade you a goat for your sister.” My son looked at the man and didn’t respond. The man then said “what do you think, would you like to make that trade.” We waited to see what response my son would have and then he said “no thank you, she is too cute.” The man laughed and indicated my son had made the right choice. He then looked at my wife and said “I travel all over the world taking pictures of kids and I open with this line to break the ice.” Then he looked at me and said “and then I tell them I am like a grandfather so I am ok. You have a great crew here.” My wife and I thanked him, as proud parents do, and then we headed on our way.
After we got back to our car my wife and I talked about the scenario. The man may have been innocent in his intentions, but as a parent it just didn’t pass the sniff test. You know, if it doesn’t smell right it probably isn’t. Parsing what he said made us uneasy, because every red flag seemed to go up. Even if he didn’t have ill intention, he made it a point to say all the things to make a child feel safe around a stranger. Security, weather physical or digital, is security. As a parent I want to protect (secure) my kids and keep them out of danger. The same type of instinct used to protect ourselves and loved ones should be harnessed to protect our systems. If something doesn’t smell right, no matter how innocent it may seem, we should follow our instincts and check things out.
That instinct, our ability to sense when something is not right is what makes an information security professional a unique tool in the battle against unauthorized access. Automated tools can capture the signatures or patterns we know and don’t have the time to constantly monitor. The tool alerts us that we need to look more in depth. Our instincts, experience, and sense of security allow us to go beyond the tools and capture threats yet to be identified. We took the opportunity to discuss with our kids how this could have been used against them by a stranger so they could better protect themselves in the future. We should do the same thing when responding to threats in information security so we can enhance our tools to better protect our systems. We shouldn’t just enhance our monitoring tools though, we should update our end users so they can make better decisions when using our organizations systems. When we all work together we have a better chance of identifying attacks on our defenses, and ultimately become more secure.