Cybersecurity Through the Lens of Matrimony

I spent this past weekend at a wedding of a friend and colleague. It was a singularly superlative experience. Of course since it was attended by a host of security nerds (including the groom) I found myself identifying certain parallels between this, the happiest of days, and some of the darker and more painful aspects of our chosen profession.

The logistics are extensive and complicated. As a guest you notice the beauty of the event and the accouterments, but unless you’ve been a participant you don’t realize how much work and how long it takes to make sure you have everything you want at the right place and time and performing properly. Anyone can buy a dress (or black box), book a venue (or buy a subscription), and hire a band (recruit talent), but making all those things actually work together as a part of a coherent whole is a huge pain.

You have to make a lot of people happy. Not everyone likes filet mignon (communists, ISIS). The people who enjoy AC/DC are not going to like to hear a lot of Frank Sinatra in the band’s rotation. Whether you are thinking about a reception, or a security operation, there is no getting around the fact that you will have to navigate complicated business, political and social issues, not just technology (remember: everyone loves an open bar).

This is going to cost money. You can improve your security posture through smart design and free software, but the trade-off is time and the required expertise in the use of “free” software. Alternatively, you can buy expensive boxes and you’ll still need to pay for expertise. The wedding (or security regime) of your dreams and the realities of your budget mean trade-offs and compromise.

There is what you say and there is what you do. It doesn’t get much more church-y than a Catholic wedding and the accompanying mass, but for all the pomp and ceremony you’re not legally married until the two of you and an officiant authorized by the State, sign a piece of paper issued by the State. In a similar vein it is one thing to say you are committed to security, and then there are the actions you take that demonstrate that commitment. Insert your own infidelity and/or divorce statistics here.

There is a shared responsibility. Every wedding I’ve attended that had a religious ceremony associated with it mentioned the role friends and family play in the relationship. This is not just about two people becoming one, it is about people and their role in society. Security is a business issue and everyone in the business plays a role to one degree or another. It is on each of us to ensure that we are doing right by each other for the good of the whole, not for our own self-interest. We are, all of us, in this together.

Now if you will excuse me, I have some cake to eat.