A police officer friend and I had lunch the other day. We started talking careers - he will be retiring soon, I will not. I let him know I almost applied to be a State Trooper when I was in college. They were looking for men my height (who knows if they can still do such a thing).
My friend asked, “Why didn’t you?”
I responded, “While I like firing bullets, I don’t like them coming at me”
He smile and continued
“So what is up with all this Cyber Security stuff?”
My response surprised him…
“Well in many ways our careers are similar. We are charged with protecting businesses, people and things. The good news is there are no bullets involved.
The bad news is we have no physical boundaries. The reach of the criminal is global. If the criminal uses something like TOR, they are pretty much invisible when breaking in – so on our surveillance video (logs) you would see the door and cash register being opened but no person would be visible.
You may have some evidence of crime, but the scene is so contaminated by other traffic it is hard to distinguish what is relevant. Picture a crime in a subway system, the people and trains never stop as you go about collecting evidence – that is if you know a crime actually happened. A person may have been a victim of a pickpocket but they do not realize it until 6 months later, now go grab evidence from that train.
If we do find something or catch a crime in process, we have no arresting powers. We can only try to make the bad guy not do bad guy stuff. He is still allowed to come through our facility – we just have to watch that he only does what he is allowed to do. By the way, if we catch him doing something bad, collect the evidence and give it to you – if the bad guy lives in a foreign country, there isn’t much you can do either.
The people we try to protect usually entice the criminals. They respond to almost every grifter they encounter. They post copious amounts of personal data - when they will be home, when they won’t, birthdays, things they buy, places they work. They use the same house key (password) for everything they lock - the office door, the desk, the car, the gym locker, their bike, their diary. They even give that key to other people they do not know (email aggregators, online accounts).
Then we have our command staff. Unlike your command staff, that supports the reduction of crime and works with you to do smart policing, our command staff is about increasing potential for crime. They demand less secure locks (WiFi), insecure neighborhoods (BYOD), lack of physical shredders (Social Media). They function like a local convenience store that is open 24/7 (remote access) but they do not operate like one with an automatic locking safe.”
I was only getting started, when I noticed my friend’s lunch congealing. I stopped.
He looked at me and smiled, “So you were afraid of a bullet coming at you?”
I smiled back, “Seems kind of silly now, doesn’t it?”
My friend put the topper on our conversation, “Martin, I have almost 30 years of service, I’m getting ready to retire and I’ve never been shot at.”
I struggled for something to say. The only quip I could muster was, “You’re getting the check, officer!”