Chief Security Officer (CSO) Survival Techniques
I love horror movies. I like gory slasher flicks where a series of easily avoidable missteps land a hapless victim directly in the path of a killer. I giggle while watching them breathlessly run from the evil that is tracking them down, especially because we all know they aren’t going to make it. It is like watching Darwinism at work — the slow and uninformed don’t make it.
Turn around to help your fallen friend as the zombie horde closes in? You’re done! Look one last time to see if the killer is still on your tail? You’re finished! Manage to encourage your love interest to meet you at that cabin in the woods? You got what you deserved!
I watched a particularly good indie horror film the other day and thought, “Wow, this scene reminds me of a day in the life of a Chief Security Officer (CSO).”
OK, maybe that sounds incredibly nerdy, but I love cyber security and I love horror movies — sometimes they meet at the intersection of nerdom. And there are corollaries between the two.
Where slashers and hackers meet
Consider one of the common scenarios in a good horror flick: someone without much knowledge about what is going on is pulled into a nightmare scenario by unseen forces determined to tear them limb from limb. It’s a tried-and-true horror movie device. It’s a trope that plays itself out time and time again.
By now you’re asking, “Chase, what does this have to do with cyber security?” A lot.
Let’s consider the Chief Security Officer. Many folks who become Chief Security Officers have moved up the ranks from senior IT lead, IT director or Senior Dude with Keys to the Network Closet.
Suddenly, they’re thrown into the world of cyber threats and cyber operations scenarios with little experience. They likely haven’t earned real-world experience in any operational SOCs or NOCs. And they probably don’t have military or intelligence community backgrounds.
This is especially true in small and medium businesses. Enterprises manage to bring aboard experienced folks, and their skills don’t come cheap. Cyber threat and operations experts are “unicorns” in the industry. They can command top dollar.
Just like in horror movies someone winds up in a situation they hadn’t planned for and now can’t get out of. It usually happens like this: someone in a leadership position in the organization asks, “Don’t you know security?” Of course you answer in the affirmative, because, well, you know a little bit about security.
“Good. You can be our CSO.” And that’s that. The clock starts ticking on how long this new CSO has before the zombie horde is hot on their tail. The monster is already in the room. The killer is sharpening his axe before this poor sap takes his first sip of coffee as a CSO.
Things that go bump in the night
You see, this newly minted CSO hasn’t been properly prepared for the current threat landscape, which is far scarier and more blood-thirsty than any Hollywood human hunter. From the IoT zombie botnets launching DDoS attacks, to threats cloaked in invisibility through encryption techniques, today’s CSO must always be on guard and aware of what’s lurking around every corner. Whether its viruses, spyware, or phishing (oh my!) they have to be ready to fight for survival. Their business, their customers and their employees depend on it.
Be a Chief Security Officer survival story
While this may seem like a tale of ultimate woe and certain death, it doesn’t have to end with your demise. A well-prepared CSO can go toe-to-toe with any midnight movie maniac and emerge victorious.
In the spirit of Halloween, I’ve put together a series of blog posts to help CSOs avoid being the slowest runner in the zombie marathon (you know, the one who’s usually the first to die). I’ll cover topics like preparing for the zombie apocalypse, surviving insider threats, exorcising malware demons and more.
Maybe some will read these blogs and it will help them not become the next hapless victim. Or maybe they won’t, but we know that ending.
Either way, I’ll bring the popcorn.