This week I've been at SANSFIRE, an annual information security training summit held by SANS in Washington DC.

During SANSIFRE 2017 at our State of the Internet Panel Discussion, I came up with a parable about our current security situation.  I'd quickly made up the story, but I think it bears further discussion.

Shown above:  Internet Storm Center (ISC) handlers getting ready for the panel on Monday, 2017-07-24.



This week, I'm attending the SANS FOR610 class on reverse-engineering malware. I'd previously taken it about three years ago through SANS OnDemand.  I already have my GREM certification, but I needed a refresher.

At SANSFIRE, I've met some interesting people and learned some interesting things.  What's the biggest thing?  Learning FOR610 from Lenny Zeltzer is even better in person than OnDemand (although Lenny is still excellent in OnDemand).  If you get the chance to take a SANS course in-person, I think it's well worth the added cost.

Shown above:  And you might get a picture with Lenny!

At any SANS training summit, there are hour-long bonus sessions during the evenings.  In one of these sessions, Manuel Santander discussed how things could easily "go boom" in our power infrastructure.  The night before, I did a sesson on how I use Security Onion to review suspicious network traffic.  The room had seats for about 50 people, and it was packed, so thanks to everyone who attended.

There were serveral other bonus sessions, and the ones I saw were all excellent.



My favorite bonus session was our State of the Internet Panel on Monday.  As ISC handlers, several of us were on stage answering questions and giving our opinions.

Shown above:  A bunch of us on stage at the panel.

After our individual introductions, I was silent until we came to the end.  We were asked for their predictions for the coming year.  Several handlers answered we'd be seeing more of the same.  Why?  Because regardless of how advanced our defenses are, people keep making the same dumb mistakes over and over again.

I was the last person to give my prediction, so I tried to think of something unique or clever to say.  Unfortunately, I could only think of how we'll be seeing more of the same.  So I came up with a story to illustrate exactly how I felt.

That story follows.



Our current situation with information security is like a big bowl of soup.  But the soup has a dog turd in it.  And several hungry people are standing around this huge bowl of soup, ready to eat.  One of these people is a Chief Executive Officer (CEO).  Another is a Chief Security Officer (CSO).

As everyone starts eating the soup, the CEO asks the CSO if there are any problems.

"There certainly is," the CSO replies.  "I've discovered a dog turd in the soup."

The CEO looks at everyone eating the soup and asks, "That's not going to cause any problems, is it?  They're all busy eating.  That's a critical operation!  We'd cause a major disruption if we stop it."

The CSO says, "Well, it's beef stew, so most people probably won't even notice.  And it's been there a long time.  I think only the very old or very young--our most vulnerable people--will get sick from it."

Again, the CEO looks at everyone eating the soup, then makes a decision.  "We can live with this," the CEO says.  "It's an acceptable risk.  After all, we have to balance their desire to eat with the danger posed by that dog turd."

"You know," the CSO replies, "we could take the time to prepare another bowl of soup.  That way no one would get sick."

"Nonsense!" says the CEO.  "People won't stand for that.  They want their soup, and they want it now.  If I don't give it to them, someone else will."

The CSO is speechless.  Bacteria from the dog turd will only get worse and eventually cause everyone to get food poisoning.  Most people understand this.  But they're still hungry, and the current bowl of soup is too tempting.

So everyone keeps eating, and no one makes a new bowl of soup.



At the panel, I didn't state the parable as printed above.  It was an off-the-cuff story told to increasing groans and chuckles from the audience.  So what did I learn?  I learned my fellow handlers will never let me forget I told that story.

Hopefully, though, someone might get something out of it.


Click here to return to the main page.