Photo Credit: Jon Siegel via Compfight cc
Having worked in the world of information security for some years,. I decided three years ago to add a new string to my bow, and started learning to become a chef. And what I’ve discovered is that the two worlds (of security and gastronomy) have more in common than you’d think.
First at all, how many of you have tried to cook some special food using a recipe of some friend or maybe your mum, and no matter how much you try, the taste is just not the same. Well information security is similar: you can use a guide, a framework and the result is not the one that you were expecting it to be.
How could that be? Well, in cooking, even if using the same ingredients, other factors might creep in, like the weather, the oven, your mood, the water and a lot of details that might change the conditions in the kitchen.
In our companies it is the same: we may have a corporate culture, but we have all kinds of people with all kind of ideas, who maybe don’t work well as a team, all of which could affect how security is implemented. This means you can have a framework, standard, compliance law or any kind of document with a step-by-step guide to what do you have to do, but it will be different between company A and company B.
It’s the experience and creativity of the chef/information security professional who is the key to changing the recipe, managing situations, mixing the ingredients, dealing with people or even changing the ingredients to create a good (secure) dish.
Now think of foreign travel. Not only do you see new places and people, but you get the chance to try new food, with new flavours and ingredients, But try cooking your own favourite dishes there, and it might be a problem because you can’t get the right ingredients. For example, to prepare delicious Falafel (Arabic Food) you can use chickpea, beans, even lima beans and according to each ingredient, the flavour will change.
Now when you change jobs and join a new company, you may find a different approach to security. You may encounter new laws or regulations that support or hinder security. You may find a company with experience about risk management or one that knows nothing about risk. For example in an energy company it’s more important to protect industrial control systems (maybe a SCADA system), than the integrity of funds data in some bank. We are still protecting security, but the flavour and ingredients change.
In both worlds, you need to be creative and recursive to use all the available ingredients or resources to create great dishes or to build real security, no matter where we are.