Finding The Hidden InfoSec Story

Vigilance, Diligence, and Banality


Photo Credit: Kurayba via Compfight cc

The Knights of the Silver Shield were tasked with keeping the country safe from the giants who lived in the forest. If a knight was lazy and cowardly, the silver shield would grow dull, so dull that one could not see his reflection in it. But as a knight grew in experience, honour, and valour, two things would happen to the shield: it would grow shinier, and – after a long time of distinguished service – it would develop a golden star in its centre.

On a day when the knights had to go to battle against the giants, the youngest knight, Sir Roland, was eager to go to battle. But someone needed to stay at the castle to guard the gates, and that duty fell to Roland (whose shield was already shining due to his bravery and good deeds). Although downcast, he dutifully stayed. His charge was simple and straightforward: “Guard the gate and let no one enter.” (The castle was so well-fortified that the giants had long ago given up directly attacking it).

The knights went to battle, leaving Roland alone to guard the gate and the servants to take care of the castle.

Soon, one of the injured knights came back, asking to take a break, and offered to guard the gate so that Roland could rest. He was told by Roland to keep to his post on the battlefield, and that Roland alone was given the task to be on guard.

Before too long, an old woman came by, belittling him by saying, “You must be a knight who likes to stay safe, and are lucky to have an excuse not to go to battle.” He held back his anger as she laughed and went on her way.

Not long after, an old man approached and offered Roland a sword. The sword, he claimed, was magical, and if Roland would use it in the battle then the giants would be easily defeated. While enamoured of the idea of gaining victory in battle, Roland knew it would mean leaving his post and abandoning what was entrusted to him and to him alone. Roland had a bad feeling about this elderly man.

By the gate hung a bell. When it was rung, the servants would raise the drawbridge. Roland rang the bell, and the servants immediately closed the drawbridge. The old man instantly revealed himself – he took off his cloak and was transformed into one of the giants. Furious at having been outwitted, he turned and went back into the forest.

Presently, the knights returned from battle and were amazed, as was Roland, to see a golden star glimmering in the middle of his shield. The lord of the castle stated: ”Sir Roland has fought and won the hardest battle of all today.”

There’s a lot of complexity to the world of infosec – ports, hackers, firewalls, rules, protocols, laws, governance, malware, certifications, OS hardening, guarding legacy apps…the list goes on and on. But underneath the lot is something that everyone can do: protect the gates.

Like the everyday, boring, and menial habits of locking your car doors, teaching your kids to look before crossing the street, watching where you step, driving carefully, checking the expiration date on food, and even making a to-do list the night before…each person can play a role in keeping our company’s information safe by diligently keeping passwords safe, pointing out suspicious visitors, not sharing secrets, being aware of what a phishing email looks like or shredding confidential documents when they’re no longer needed. Remaining vigilant in the daily details, and not being distracted by things that take us away from keeping our post, leads to a much safer and more secure company.

CISOs want to be keenly aware of who in their castle is doing what. That way, when your own Sir Rolands do the right thing at the right time for the right reason right you’re ready to honour their valour. The reward doesn’t have to involve gold and stars, but the aware leader keeps up-to-date with the battles being fought and rewards those dutiful and brave warriors according to the company’s culture, the risk avoided, and the individual’s/team’s interests – time off, bonus, recognition.

(As an example: years ago I had been doing my daily duty of making sure backups were being done. One day, out of nowhere, my manager approached me and gave me half of the day off. Why? A database had crashed, and they were able to restore it that morning because I had been diligent with backups. I was happy as could be! Not only was I given a brief furlough from my service, but my reputation would be spread throughout the land! Well, maybe not that grand, but I really was very pleased.)

Author: Ross Moore

Share This Post On