Finding The Hidden InfoSec Story

Strictly Come Security – Revisited


Photo Credit: Arthur Koek via Compfight cc

Ladies and gentlemen, boys and girls, welcome to Strictly Come Security – blame it on the Bossa Nova.  Just for those who don’t know the rules, this is where we pair up security professionals with complete novices at the game. Each week our judges and the general public choose who to save and who gets to leave. This is very similar to the popular Saturday evening autumn spectacle of Strictly Come Dancing.

You are of course all aware of the public face of the competition through the interest in the media, Twitter, Facebook and via any z-list celebrities who choose to upload naked photos of themselves into the cloud through their Apple devices. However, what you, the public don’t see is the painstaking work that goes on before the show even begins.   We have a beauty parade matching up the comedy celebrities with the less than professional IT pros and then making it clear from the very start who is liable to come out on top in the end of this competition.  This we like to call the WORTHY category or Wise, Obedient, Respectful, Testing, Helpful and Yellowed. Let me explain how this works in terms of the contestants that will invariably leave in the first few weeks; if you want to you can join in at home and play spot the loser.

The Wise contestant will realise this is not just a walk in the park, but if they last long enough in the process they will have to handle the security equivalent of a paso doble or an Argentine tango.  When the feet start flying and the capes are flung, only those who entered into the process in the right way will be able to move their feet over the uneven surface of a security issue. Nobody wants to be a Greg Wallace or Ann Widdecombe.

Obedience and Respect are hand in glove components.  You must do what your professional says, as they have been there before.  But, there is no point putting on the dancing shoes if you are not prepared to stretch and sweat during practice.  Listening to the professional and writing a new policy but then not implementing it or letting it grow dust on a bookshelf will not stop an attack or help you cope when one comes.  Pixie Lott had all the skill but seemed not to have enough respect or obedience to show her true potential.

Testing competitors are those that put in the hours in the practice room but not only push themselves to their limits but they push their pros as well.  The professional may know all the steps to the dance and have a great way to choreograph with the current mood music of the regulators, but the celebrity knows their industry, their role and their perceived limits.  By pushing against those limits we grow best practice, not only for this year, but we set the standard for future years in the competition.  If you don’t believe me, look at the quality of the performance in Strictly or your InfoSec behaviour just five years ago; very different I guarantee. The last thing you want to be seen as is Judy Murray, so wooden you might get a splinter.

Helpful competitors and companies are those that learn not only from their teachers but realise they are now part of a community. By sharing their best practices and learning from others they can take part in group dances without crashing into each other or stepping on others toes. Nobody wants to be Jake Wood and bump into a professional because they have not learned to interact with the larger world effectively.

Yellowed in the context of Strictly is related to those who have experience. If we look back at the winners from the last few years, it is not the babies or the oldies who win.  The winner tends to be someone young enough for mental and physical flexibility while being old enough or yellowed enough to have had some experience in the field and to be able to bring something to the game themselves.

There is also the larger issue of dealing with the judges or regulators.  They are one of the two arbiters who decide your fate and they know where your corporate limbs should be at any one time.   They look for grace under pressure and style with which you Waltz your way out of trouble.   But finally there is the public that you interact with through the media.  Based on their perceived view of you, they will vote you in or out. It’s trivial in a TV show, but not so trivial if this is your customer base.

What do learn from this?  Pick you partners carefully; take the process seriously and as Brucie used to say, Keep Dancing!

Author: Dave Brooks

Share This Post On