Photo Credit: chris.alcoran via Compfight cc
“The Hero’s Journey” sounds like a great movie or book title. But in this case it refers to Joseph Campbell’s cycle of how a hero in a story – pretty much any hero in any story – becomes a hero. Do you wonder how it works in the modern day? Just look at Star Wars – George Lucas’s stories were directly influenced by his conversations with his friend Joseph Campbell. Also compare Beowulf, The Odyssey, and The Matrix.
There are several aspects to the cycle, and each aspect has its sub-aspects, but I won’t go into details here. Feel free to search for Joseph Campbell hero’s journey, and you’ll come across plenty of diagrams and information for your reading pleasure!
I will focus on the three main phases – Departure, Initiation, and Return. Let’s get into the transformation of our champion, Hero.
In the Departure phase, Hero moves from being an ordinary citizen to beginning his (or her) adventure: he or she leaves his hometown to assist the good guys; he’s convinced of the need to help others in their plight. Hero needs plenty of help at this stage, but the target has been defined.
During Initiation, Hero becomes firmly entrenched in the adventuring lifestyle – training, tests, battles, the mile-after-mile journeys, and revelations that he or she’s perfectly suited for this quest. The attainment of the goal occurs here.
In the Return stage, Hero has completed the quest but now has to get back home safely. Along the way are more adventures and dangers, but the end result is the freedom to live the same life, but with greater skills and confidence.
How does this apply to infosec and cybersecurity? With the changing landscape of cyberthreats, emerging technologies, and the knowledge that there will always be something new (good AND bad) that we never anticipated, InfoSec has become more a field of properly responding to threats and change rather than being protected from every threat that happened yesterday, that could occur today, and that might emerge tomorrow.
As we’ve seen from all of the breaches of retailers, governments, military, and educational and financial institutions, there’s no way that companies are 100% safe 100% of the time. We have to take what we’ve learned from the hack-and-exploit stories, and even our own experiences, and apply them to the future. What did you learn from that hack and data loss? What can you teach others about how to defend themselves in their company?
Our journey has to model the Hero’s Journey – you’ll Depart out of complacency because you’ve taken note of what’s happening all around the world; you’ll be Initiated by testing (PenTesting?), and learn by hook or by crook what you need to do right away; and then Return to your job better prepared. While you won’t be immortal or omniscient, you’ll be confident that, whatever comes your way, you’re the best person tasked with securing your company.