I wasn’t always a “computer guy.” My original career path was as an automotive service technician for a Florida Honda Dealership. I would call it a “mechanic,” but I can hear the voices of my trade school instructors bouncing around my skull right now, verbally beating into me: “You are not a mechanic. You are a professional.”
Although, I truly hated that job (seriously, I won’t even change my own oil now), it taught me a lot about troubleshooting. So much so, that I’ve applied it to many aspects of my career. When I first started in IT, I did home computer repair. Everything I learned about deduction, logic, reasoning, and problem solving didn’t come from fixing computers. It came long before that fixing cars. I eventually too this into information security when I gave a talk at the Lancope Vision 2015 conference on troubleshooting security breaches.
Repairing cars is a craft that has been around since the first automobile ran through the streets. Before that I’m sure there was something similar for horse and buggy. Automobiles have a ton of working parts and systems that all come together to get a passenger from point A to point B. Learning to troubleshoot these intricate systems allowed me to take these same principals into the world of IT. Ideas, like looking at the big picture, scoping it into different working sections, focusing on these sections, and testing hypothesis are all things that I have applied to repairing systems and identifying security breaches.
We just recently wrapped up an awesome 5 part series on a detective’s insight into Incident Response, in which an LAPD Major Crimes detective walked through how he analyzes a crime. Law Enforcement has been working in their craft much longer than those of us in information security have, and there are plenty of lessons to be learned from this.
- Learning how to analyze evidence – Learning how to analyze security events
- Learning how to identify crime sprees – Learning to share information and spot patterns
- Learning how to collect all of the details of a case – Learning to collect all of the details of an incident investigation
I can count on one hand the number of customers I’ve worked with that have a detailed plan of how to handle and respond to security events. I’ve seen even less that go back and make that plan even more efficient. Manufacturing engineers are constantly trying to make things work faster, better, and cheaper than before. This could be a process or a part. If we had a six sigma for information security we could reduce noise, reduce failure, and increase productivity. We would be able to have processes and tools in place that are so easy, we could solve the problem we have of finding talent to work in information security
Not everyone in the organization needs to be an infosec genius, they just need to know how to use specific tools and where they fit in the process. Everyone on an assembly line doesn’t need to know every detailed aspect of the product they are making.
Medicine lives and dies (no pun intended) off of research and peer reviewed studies. This information is widely available on sites like pub-med and in medical journals. Some studies and academic papers do exist for information security. However, the majority of what is available is just marketing nonsense. If we, as a community, put more effort into the academia behind information security we could build better tools. We would also have stronger details on how to handle attacks.
What other industries, or aspects of other industries could we look to to help mature the craft of information security? Is there a profession from your past life that could help with your current? Share in the comments, and let’s mature the craft of information security together.