Playing catch up after the Easter holidays, so 2 for 1 on the tweet-size InfoSec analogies today. Starting with a physics themed one:
#7 An Unhackable System is like…
[tweet https://twitter.com/S_Clarke22/status/590827393692078080 hide_thread=true width=’900′]
In case you’re not familiar with the science, the Higgs Field is not yet (and may never be) directly detectable.
Higgs’ theory outlined the Standard Law predicted effects of a Higgs Boson and that is what CERN eventually found. Much like an unhackable system, the characteristics of it and potential future implications of it, are far more useful to consider than the thing itself.
I don’t know of a single security pro who takes kit or software marketed as ‘unhackable’ or ‘100% secure’, seriously. Anything with people involved in the design process and anything that will be used by humanoids, will have vulnerabilities from release day +1. It is also a huge red rag to security researcher and criminal bulls, who will work tirelessly to prove you wrong. Overall an excellent way to bleed perceived value out of potentially ground-breaking innovations.
[tweet https://twitter.com/S_Clarke22/status/590835265125666816 hide_thread=true width=’900′]
[tweet https://twitter.com/S_Clarke22/status/590837502929461248 hide_thread=true width=’900′]
and here’s the one that fell through motorway connectivity gaps:
#6 Penetration Testing is like…
[tweet https://twitter.com/S_Clarke22/status/585808779075313664 hide_thread=true width=’900′]
…and some practical bits to go with:
[tweet https://twitter.com/S_Clarke22/status/586071987967152129 hide_thread=true width=’900′]
[tweet https://twitter.com/S_Clarke22/status/585809308320956416 hide_thread=true width=’900′]
[tweet https://twitter.com/S_Clarke22/status/585809873373396992 hide_thread=true width=’900′]
[tweet https://twitter.com/S_Clarke22/status/590832241997127680 hide_thread=true width=’900′]
If you are unfamiliar with embedded tweets, links in them will work and clicking on text will take you to the originals on Twitter.
If you liked them, you can find more here, or full-size InfoSec analogies on The Analogies Project site (a huge range of novel perspectives on security from just about every big name in the security game, plus plenty of folk from other trades). It’s a fab resource.