Security Ripcord

I’ve been doing a little running lately getting ready for the Corpus Christi Beach to Bay Relay. Today, instead of our usual four mile run, we decided to work on some sprints. We ran a mile and then started a series of 100 yard sprints with a 100 yard walk in between. Needless to say that the walking reset was filled full of huffing and puffing. At one point I noticed that I was hanging my head like most people do when they are tired. When I realized this I did what I always do, what I taught myself in the Marines after long runs and forced marches, I raised my head and started looking around. I use to do this because whenever you are the most tired is when you are the most vulnerable. You are not paying attention, you are breathing heavy, and you are doing everything you can just to take a break for a minute or two. Fortunately, the repercussions of me doing this now are not the same as they were back then.

All of this got me thinking about how we react to situations as a whole. I started thinking about how through training and effort we can begin to overcome hardships. I started thinking about how diligent practice can instill good habits and create muscle memory in any individual. Muscle memory is a condition where a body reacts without, or more precisely with only a little, thinking. You can see this by reviewing Rich Mogull’s posts on how he handled several car accidents after being out of the paramedics for a while. Rich did what came natural to him. He just reacted and, I’m sure, did a great job and a service.

“Yes, yes,” you are thinking to yourself right now. We have heard this all before. Practice makes perfect. Practice your incident response. Practice your backup procedures. Practice your disaster recovery. Practice makes perfect. Practice, Practice, Practice. Blah, blah, blah. Yes, I am tell you that. But what I want to emphasize is that you can train yourselves all day long and still make mistakes.

Running with my head down took me back to the days of running through the hills of Camp Pendleton and training myself to keep my head up and aware of my surroundings no matter how tired I was at the time. But what it really got me thinking about was being in the stack. Not the stack you are use to hearing about, the stack of Marines that are just about to enter a building or room that may contain hostiles. It didn’t matter where we were, once people started lining up and getting ready to move to action, their heads dropped. Not because they were tired or lazy, but because they were focused and waiting. Like a spring ready to uncoil all of its power. This occurred so often that it was not surprising to hear, “Keep your heads up in the stack!” whispered over the radio. Or have someone give you a quick rap on the helmet as a reminder. Everybody did it, everybody got sucked into it, and everybody was aware of it and watched out for their buddy, because that person was watching out for them.

So, how does this apply to us? Well, security professionals have a lot to accomplish on any given day. Logs to review, servers to patch, incidents to respond to, training to develop and give (and that is just the short list). Let’s face it. We are swamped with responsibility and duties. Everybody groans when we walk into a room but everybody notices when our duties start falling behind because it directly affects their business. With all of this activity, with all of this responsibility, it is very easy to get set into a common routine or mode. It is very easy for our heads to drop into our computers, logs, management consoles, spreadsheets, etc. We are doing our jobs and we are getting it done, but are we aware of our surroundings. Are we aware of the common sights and sounds of the office environment and server room. Are we listening to people talk when they need our guidance, input, or for us to listen for listening’s sake?

If you are, then good on you. Now look around and see who is not. Please, tap them on the head and tell them, “Keep your head up in the stack!”

Go forth and do good things,

Don C. Weber

Although this is not so security related I thought I would bring it up.  I have a serious problem with people who live in this country and then create this kind of stuff.  Blackfive once again pointed out an article that is, to me, extremely distasteful.  Now, I am not one to write letters to the editor but I couldn’t help myself in this case.

I am not sure if this will get published in its complete state because "The Arizona Republic" limits editorial comments to 200 words (Now how can you get into a good grove in under 200 words?) so I have included it here. 

I was recently made aware of your editorial comic with a blood stained Eagle, Globe and Anchor. You have, for some reason unapparent to me, placed the comments "United States Massacre Cover-up" on the ribbon the normal proudly displays the words "United States Marine Corps." It also appears to me that there is blood dripping from the claws of where the eagle is attached to the globe. I assume that you are referring to the blood spilled by Marines in combat. Well, I have a few things to say about this piece of, and I use the term loosely, art.

First, I thought that we live, and you publish, in a country where the accused are innocent until proven guilty. I understand that there is still an ongoing investigation into this matter. My understanding is that the United States Marine Corps (USMC) leadership has taken this matter very seriously and they are vigorously investigating it. So much so that some veterans are concerned that they are not backing their own men to the extent they deserve. We are one of the few nations in the world who will hold our Soldiers, Sailors, Airmen, and Marines to task for these types of improprieties. But we should do so in a dignified manner.

Second, you obviously have a problem with the USMC as a whole. This just does not make sense. Marking the USMC for the actions of a few persons would be like assuming that everybody in your newspaper is as leftest, inconsiderate, unpatriotic, dispassionate, and downright idiotic because of this editorial comic. I hope that some of your employees will take exception to this but, it appears to me, that your editors cannot.

Third, the USMC will endure this situation and your comic. It will endure this war and the next and the next. Because we believe in ourselves, our brothers and sisters, our service, and our country. Because of that freedom will ring for Americans as well as those we are able to assist. The ring will be resounding and clear compared to the dull and embarrassing thud of your editorial comic and your newspaper. And because of this your newspaper will, unfortunately, survive as well.You should be ashamed of yourselves and you owe all Marines an apology. Remember, the blood that is dripping down that globe is mixed with the blood of thousands of men and women who have served their country proudly and are disgusted by this editorial comic.

Semper Fidelis,

Don C. Weber

Former Sergeant

1st Force Reconnaissance Company

United States Marine Corps

 Please feel free to comment to this newspaper or to its sponsors as they are listed on Blackfive’s blog

Go forth and do good things,

Cutaway 

How individuals of an organization work together can have a big impact on the overall security of that organization's environment.  A group that works as a team to achieve specific goals will achieve those goals in a more efficient fashion.  This is true despite the abilities of the individuals involved: security professionals, system administrators, network administrators, technology managers, financial managers, human resources directors, application developers, vice presidents, CEOs, system accreditors, auditors, etc.  All of these people could be the top in their fields but if they do not plan, organize, and communicate very little will get accomplished.  The overall success of the project and how individuals work together can be attributed to a manager's techniques but it is the overall performance of the individual people and their willingness to work cohesively that eventually determines the majority of the projects outcome. 

So, here is the problem, but how does a security professional correct a situation where other individuals involved in the team are resistant to change.   Of course, as we all know, management support is a critical element.  Fortunately this is becoming less of an issue as more and more security incidents reach the front pages of local and national newspapers.  This places the responsibility on the rest of the team.  The following is a list of things that I think are important for the security professional to consider and implement in an attempt to bridge the gap with colleagues who are more resistant to change.

• Patience - It takes time for anybody to adjust to a new situation.  Exercising patience is a little easier when there is management by in to the situation.
• Faith In Your Abilities – You were selected to fill an important position because of your training and abilities.  Confident decisions, right or wrong, will show everybody that you are a willing participant that is not afraid of taking responsibility and accepting the resulting outcome, good or bad.
• Open Door Policy – Every security professional should be open to addressing issues and concerns from anybody as they arise.  A lot of people are going to have a lot of questions about a wide variety of issues.  Some of them may seem mundane because they are basic, but to the individual asking the question they are not basic and they are generally address an immediate issue that individual is experiencing.
• Information Center – Develop a location where people can find and refer others to policies, frequently asked questions, training, references to important documentation, acceptable and unacceptable software lists,  security related tools, product evaluations, etc.
• Communication - Keeping management informed of important situations is a necessity.  What many people do not realize is that communication between departments and groups is just as, if not more, important.  Not every important decision has to be passed through management for approval.  At the same time, individuals deserve to be informed of all situations that involve them. These individuals should be provided with all information they are not aware of so that they can make sound decisions and take appropriate actions.  When groups start communicating among themselves managers can spend less time bridging gaps and more time addressing other issues and planning for the future.
• Develop Individual Relationships – Security touches many areas in different ways.  Reaching out to people in different areas shows them that you are proactive and willing to assist and educate.  Interacting with system and network administrators is a given in all environments but a good security professional will seek out programmers, department managers, and other people that will affect or be affected by security related decisions.
• Enthusiasm - Love your job, love what you do day in and day out, and have faith that you are helping people by securing their information and their organizations.

As usual I have a good military example of how teamwork and professionalism can produce positive results.  During my time in the United States Marine Corps I had the pleasure of working with some of the best men in the world.  My unit operated in small groups of six men.  Of course all of these men were Alpha personalities and conflicts often ensued.  But when it was time for mission planning and execution all differences were set aside until all duties were accomplished.  Additionally, these six men only represented one group that made up a platoon of men.  Each group in the platoon had different responsibilities and expertise.  But when the mission called for a large force all of the teams were able to band together and successfully accomplish the task at hand.  Their success can be directly attributed to the elements that I have listed above.  Patience, faith, communication, relationships, enthusiasm, and an overall sense that they were a part of something big and important produced results that could not be accomplished individually.  It is not impossible to get these type of results from any organization.  All it takes is a little teamwork.

Go forth and do good things,

Cutaway 

Cutaway Security, Security Ripcord, Teamwork, Security Professional