I once heard a friend describe big business or enterprise organisations as a big wheel that just keeps on turning. When you work within one of these large companies, she said, you only have two choices: 1. Voice your opinion, which is analogous to hurling yourself in front of the big turning wheel as it slowly crushes you; or 2. Go with the flow, which is analogous to stepping aside and letting the mammoth wheel pass you by unharmed. This little gem still rings true and has never let me down

This post is specifically dedicated to all those who after spending many years within large companies and trying best to either kill the beast, conquer the beast, serve the beast, avoid the beast, confront the beast, or simply to find the beast and have always failed.

Today is your lucky day my friend, for today the beast shall be unmasked – Note that I am not talking about the business that occurs within an organisation, I am referring to that eerie feeling you get upon waking on Monday mornings knowing you face another long 5 day slug-a-thon at the office – The beast is the cause of this existential dread.

Also, this post about applying the above gem of knowledge appropriately so you don’t swing to far into indifference which leads to sloth, torpor and for the passive aggressive, repressed resentment.

You see, unfortunately for me (in the past), I viewed the beast of an organisation as some sort of system – It is most likely due to my computer science and information systems university background – Once you program in a language for a period of time, you begin to take this on as your world view and see the outside world as one’s and zero’s with variables and constants, etc. In the same sense, if you speak with a Buddhist monk, they may view the world as relatively dualistic with a pinch of infinity to create the world of maya.

Anyways, the point is, systems can be manipulated, they can be probed and with enough time and smarts hacked to ones advantage. But the beast of an organisation is an enigma  and is so well hidden it’s similar to a theologian trying to find God. Just when he thinks he has the case cracked, his thesis is splashed with an antithesis until someone comes along to find the synthesis. Unfortunately for them, the synthesis is just another name for a thesis and so the journey for God continues ad infinitum.

Arrggghhhh!!! I hear you say…If only I knew where this beast’s abode was, I would visit during the wee hours and slay him in his or possibly her bed. But alas, for this beast has no home, no sex and is beyond all your thoughts or scarier still is he, she, it behind them?

But before we get too carried away and either become paranoid or give up the ghost, I want to take you back to my mistake. I mistook the beast for a system, but in reality, the beast is not a system. So if it is not a system then what is it I hear you ask? If so, stupid questions will only result in stupid answers…

A better question would be why the beast?

Asking why is a great (and necessary) tool for finding the root cause of any situation. It is the best and possibly only tool for finding the unequivocal crux of the matter in a timely fashion.

To the best of my knowledge, why the beast appears to exist is to stem from a manifestation of evil peoples opinions. I specifically use the word evil here because evil begets evil and good begets good. They are, always were, and always will be mutually exclusive. So yes, it is right in saying evil minds produce evil opinions (which originate from evil hearts).

Note that we are no longer in the world of tangibles. We have crossed over from something we may have initially thought was tangible (i.e., we wanted to stick a knife in it) and are now in the realm of the intangible. In this realm, things can easily become confusing as this realm has different set of laws. That’s why metaphors really help in getting the message across, so here it goes…

Upon awaking one day, a man notices that it’s an overcast day. He hates gloomy days because they make him feel gloomy too. This morning is different for the man because he has decided to take this matter up with the shiny pie in the sky. Today is his day to wrestle with the sun.

There is no point going any further with this story as we know it is absurd and the man is an idiot. Not only for letting the weather dictate his mood, but the idea that wrestling with the sun could change the atmosphere.

You see, people who try and do blah to the beast are just like the man who tried to wrestle the sun. Whatever is the case, the atmosphere just is what it is. And if you haven’t figured it out yet, the atmosphere is the beast. It is the mood which is created by ignorant peoples opinions. Their egoistic attitudes are directly in conflict with your egoistic attitude causing that grating feeling of angst also known as disharmony. This disharmony is the cause of your routined morning existential angst resulting in you chasing a mirage. You see, the beast does not truly exist . It is a figment of your egotistic mind’s creation. Please note, it’s there, but whatever is created must also end, and as such, the beast can end too.

So now going back to the wheel analogy at the beginning of this post, I would like to reinvent the view of the wheel and add some specificity as an addendum to close out this post…

If you are not the General Manager or CEO, my advice is to take option 2 every time. Please remember that when recruiters call and offer great jobs that appear greener, remember to remember that the wheel is a pandemic – it is a monist pantheistic wheel – It’s an epidemic of disproportionate scales where you can never escape (as long as you work with other ignorant people). So once again, although you know yourself and what you feel to be right, know it, but go with the flow.

If you are a General Manager or CEO, my advice is that actions speak louder than words. Just as the Government would drop a bomp to clean up a breakout of an infectious disease that has gotten out of control, so too, you must step up and root out all the individuals affected with this disease. Bringing on new and fresh people prior to the extermination will only infect your new help, so if they are brought on early, ensure they are appropriately quarantined. Anything less than this, simply does not work.

Today’s post is an attempt to coin a new psychological response, that is often seen within Enterprises, specifically the Information Security Zealot – It is meant to be taken light heartedly, but with a serious lesson to take away at the end – So without further ado, if you currently display the following conditioned responses you are hereby classified as an individual suffering from Information Security Syndrome…

- You are incapable of mingling outside the security clique due to the obvious fact everyone on the outside is suffering from some form of security “ignorance”. As such, they [the non-security personnel] would be incapable of understanding the intricacies of your stealthy security work, and any attempt to explain your “advanced” job would be futile. Simply by applying the thin slicing techniques you mastered from your security ways [also cannot be discussed], you have perfected the art in knowing that they will never understand the true essence of what you do.

- At social events you have been dragged along to by your partner, outsiders keep telling you information about themselves they shouldn’t. You know it wouldn’t be elite of you if you were to use this information against them, so you politely inform them about phishing exploits, facebook worms, social engineering and the like. Oh no, you’ve again performed another security faux pas and are trapped talking to these newbies about security 101, like patching your system and firewalls [oh, so 2001].

- You are certain that everyone else has somehow gotten it wrong and every day is an amazing feat to wake up and discover the world hasn’t ended in a cyberwar that is imminently about to happen. Thank God for hackers publishing unpatched exploits to make the world a safer place and annual retreats to Black Hat and Defcon to lift your spirits.

- Life and work are not about reducing risks to an acceptable level, it’s about eliminating all vulnerabilities and tinkling with the latest bleeding edge coolest tools if possible.

- If your job were a metaphor, other people would describe you as a stage gate or an angry police officer best left alone. You know deep down you are fighting the good fight and tough guys don’t cry.

- At every security conference, everyone so gets you and you so get them. There is an unbelievable amount of head nodding going on, you’re amazed they simply don’t fall off.

- In the office you are forever getting pumbled by the ever increasing sea of threats and yet nobody sees or understands quite what you are talking about. There is an unbelievable amount of head shaking going on, you’re amazed they simply don’t fall off.

- You make abusive calls to people who have spyware, malware, viruses on their laptop and who so foolishly jacked into your LAN [Note, not the corporate LAN as you now are the official caretaker - self appointed]. You request they immediately remove the laptop from the network and hang up without any further support – After all, you’re a secret crime fighter and have other fires to fight – To the bat cave.

- You know very well that the most efficient solution to reducing phishing is to call CERT and have them immediately bring down the hacked site. But if you went and did that, how would you ever get a chance to try out the latest phishing kits or reverse engineer code and show how cool and smart you are. Your quest for knowledge and cyberdome wisdom far out ways the common persons problems.

- You can make moral choices on other peoples behalf because you are security demi-god.

—–
OK, OK, that’s enough of my attempts at humor to belittle and poke fun at the ever hilarious security zealot. I hope the above didn’t upset anybody, but at least calls out some home truths about when good intentions don’t result in good outcomes…

—
One issue that came to mind when writing this and that I also find extremely interesting, is the current disconnect between security and the rest of the population (i.e., real world). Reading any recent security whitepaper or report, visiting security blogs, or attending any recent security conference only reiterates that the state of cybercrime is alarming. So why is it that [in a proportion of cases], only the security zealot cares?

Why isn’t this information concerning ever new emerging threats and constantly changing risks being communicated to the people it impacts and who are also in charge of the purse strings and can do something about it [CEO, CFO, CIO, COO, etc]?

In order to answer this question, I am going to turn it around on you. It is up to you to honestly look firstly at yourself and then your team. Have you the right information in the right format for your audience? Have you the right personality and right attitude for your audience?

As a recommendation in resolving this pandemic, raising the issue to be discussed by an appropriate representative, such as the CISO, at a board level would be worthwhile if you had the above boxes ticked off.

Good luck!