Direct Hit, Near Miss or Remote Miss? Why you are more confident than you should be.

20 Comments

_39166788_blitz416_gettyIn the years running up to the beginning of the second world war the British government was extremely concerned that in the event of hostilities breaking out, the german Luftwaffe would launch significant attacks against Britain and especially London. With an estimated 250,000 casualties in the first week alone, the consensus was that millions of Londoners would flee, leaving the industrial war engine to grind to a halt. Several psychiatric hospitals were even set up on the outskirts of London to handle the huge numbers of casualties psychologically affected by the bombing.

History tells us this was not the case, despite horrific numbers of casualties and extensive damage to homes, property and businesses throughout London.

A Canadian psychiatrist, J. T. MacCurdy, in his book The Structure of Morale postulated this was because the effect of a bomb falling on a population splits them into three groups:

1. The people killed by the bomb. As MacCurdy puts it

the morale of the community depends on the reaction of the survivors, so from that point of view, the killed do not matter. Put this way the fact is obvious, corpses do not run about spreading panic.

Harsh, but true in this model.

2. The Near Misses, the ones that

feel the blast, … see the destruction… but they survive, deeply impressed. It may result in ‘shock’…and a preoccupation with he horrors that have been witnessed.

3. The Remote Misses. These are the people who hear the sirens, the bombs explode, watch the aircraft overhead, but the bombs explode down the street. For them the experience of the bombing is that they survived easily, unlike the Near Miss group. The emotion as a result of the attack…

is a feeling of excitement with a flavor of invulnerability.

Near miss = trauma, remote miss = invulnerability.

Diaries and recollections of the period certainly support these theories. For instance, when a laborer was asked if he wanted to be evacuated to the countryside (after being bombed out of his house twice) he replied;

What, and miss all this? Not for all the tea in China!

The reason for this attitude, the sense of invulnerability, is that they have been through the very worst of time… and survived. They had faced their fears, and realized they were not as bad as they thought they were going to be, and in fact the result of surviving had given them a sense of elation that made them feel even more alive than before.

This is a very long way of saying that we may very easily view security incidents and breaches like this. Sony (perhaps) are the ones right at the centre of the blast. they are affected directly, and don’t even run around spreading panic because they are too busy dealing with the incident itself.

The near misses, Sony’s vendors, suppliers and partners are probably reeling from the near miss and are probably doing all they can to ensure it doesn’t happen to them. in short why are traumatized.

Finally, there is the rest of us. Yeah baby! Another breach, and it wasn’t us! We are invincible! We don’t need to do anything different at all, because we are survivors!

I think I see an issue here. Every time we are not breached, we become more confidant that we will not be breached, and become over confident and convinced we are having the time of our lives doing great stuff in the infosec world and not being breached. let’s hope that bomb doesn’t drop too close to home to burst that bubble, otherwise Careers is So over ceases to be a funny industry joke and very much a reality. Take the precautions now, take the threat seriously, and do what you can now, before it is too late.

I would strongly recommend reading the Book David & Goliath by Malcolm Gladwell if you would like to read more about this concept as well as others along the same lines.

A personal note…

PubGr_logoI am now under new employment as a result of an acquisition of my previous employer, and I have been fortunate enough to be elevated to Group CISO of the acquiring company. Unsurprisingly this has resulted in a massive new workload, travel schedule and responsibilities, and hence my distinct lack of posts this last few months. Despite this I have still been nominated for European Personal Security Blog 2015 in this years Blogger Awards; thank you!

Additionally, I am so proud to say that not only is my new employer keen to promote this blog internally in the new company, but also thrilled to say we have become the newest sponsor of the European Security Blogger Network.

Finally, I have been on the road a huge amount the last few weeks, including at RSA USA where I was very happy with my presentation at the RSA Studio; I spoke about how we have changed our approach to security awareness, and the use of the Restricted Intelligence product to catalyse it.

There were also talks at Munich Identity Management Conference, although the talks are not public yet.

Next week, Bsides London, InfoSec Europe, European Blogger Awards and RSA Unplugged. I am mentoring a rookie at Bsides, Speaking at infoSec, as well as at the Tripwire booth, sponsoring (and nominated!) at the Blogger Awards, and just watching at RSA Unplugged.

It’s has been a busy few months!

Getting Ahead in Information Security

Leave a comment

getting ahead

(Originally Posted on the VIA Resources Blog here.)

Advancing your career in information security, let alone getting a job in it in the first place is challenging and sometimes overwhelming at best. It can often feel like an exclusive club that is hard to break into, and the “elder statesmen” of the community distant and aloof. With these kind of barriers where do you even start to try and network and make contact with people who could not only progress your career but also start it?
The real answer at first appears flippant; if you want to be a part of a community you need to engage with it and join in. Obviously, that is harder than it seems, so here are three ways you can help yourself to getting ahead in Information Security:

1. Start attending the many free events that are held every week.
There are plenty of these around, you just have to look for them, such as (ISC)2 and ISACA events, plenty of sponsor driven events and community driven events. Europe’s largest information security event, Infosecurity Europe is a free three day event which not only gives you access to all of the vendors out there, but also an excellent education programme. Traditionally on the same week there is also BSides London, a free one days event, although this one is ticketed. Not in London? Then consider BSides ManchesterSteelCon and SecuriTay. Seek them out and you will find them. Not in the UK, then Google is your friend.

2. Attend some of the bigger, paid for conferences.
Obviously this is not always easy, especially given the price of the tickets and the whole reason you are reading this is that you need a job! All of these conferences require a huge amount of effort and willpower to get them to run smoothly on the day, and many of them require… volunteers. 44CON has one of the best volunteer crew programmes I have come across, with plenty of perks available. By volunteering for these events you are not only showing yourself to be a stand-up member of the community, willing to help out and contribute, but you will also get unprecedented access to the attendees, speakers and organisers. They are yours for the networking!

3. Contribute to the community.
This could be anything from volunteering (above), blogging, tweeting, offering to speak, writing articles for the various community news outlets, in fact anything that gets your name out there. Submit in the variety of Call for Papers (CfP) and you normally get a free ticket, and sometimes travel expenses paid too. Depending upon your grammatical and public speaking skills, this could be very tough but who said progressing your career was easy? Being able to articulate your personal opinions on the often very contentious issues in the industry is an excellent way of improving your ability to assimilate, process and form your own opinions and views for the benefit of the community. What better way of getting known in the industry?

All of the above require time dedication and effort, but since this is your career we are talking about, are these too much to ask?

TandTSEC is dead… Long Live ThomLangford!

1 Comment

@TandTSEC ~ @ThomLangford

For those of you who follow me on Twitter you may have seen a tweet from me stating my Twitter name is changing, from @TandTSEC to @ThomLangford and my web address from tandtsec.com to thomlangford.com. That change has been carried out earlier than planned for reasons beyond my control.

What it came down to was a matter of having to explain the background to TandTSEC a little too often, and to be honest, if you have to explain it then it subsequently loses impact and creates confusion. I have been on a mission to simplify my online residencies and this has resulted so far in a cleaner and easier to read blog interface, the use of thomlangford.com and finally the changing of my Twitter name.

If you were following me (and thank you for that!) on @TandTSEC you will not need to do anything as renaming an account does not unlink all of the Following and Follower data. You do have to remember my new Twitter name if you wish to tweet with me and I respectfully beg your forgiveness for that!

@TandTSEC and the related email account will still be active but will redirect people to the relevant ThomLangford accounts. There may also be a slight issue with the Tweet feed in this blog but I suspect they will ease out after a few days and/or posts.

Thanks for your understanding and continued support and following!

Changing Appearances

Leave a comment

I have had to change the theme on this blog again unfortunately because the last theme was not supporting mobile devices very well. Given how much I use my iPad in the normal course of the day to check up on other peoples blogs I realised this was going to be an issue. I sincerely hope this is going to be the last change for at least six months (when I will be unveiling a more coordinated approach to my blog, presentations and the like).

I hope you find the change easier on your iPad.