"I will show you some absolutely terrifying things, as we progress through today and tomorrow, and I will show you things you guys can do to make people very, very, very uncomfortable where you work."
Every time I turn on my car, John Strand’s voice says the above quote. The clip is audio from a SANS course that my car has stuck on repeat. I have heard it thousands of times now.
"Make people very, very, very uncomfortable" came to mind when watching Chris Roberts (@Sidragon1) tweet about plane hacking Wednesday night and into Thursday morning. He tweeted about messing with a plane's oxygen … while on a plane … on the day the FBI released a report on plane security hacks.
People were indeed very uncomfortable. And the story did not end comfortably for Chris, that day.
I appreciate John’s work and the SANS courses. I enjoy Chris's work and his One World Lab research. Both are fine people, with intelligent ideas, and enjoyable presentations. But let's put hacking aside for the moment.
I wonder if car mechanics get training on how to make drivers feel very uncomfortable. I wonder if medical students have conferences celebrating making patients feel uncomfortable. I wonder the same about virtually any professional services. Perhaps I am a fortunate exception, however, every service I use is staffed with folks who do the exact opposite.
The folks I hire go out of their way to put me at ease, answer any questions, share knowledge without pretense. It is what professionals do. It fosters trust. It is the mark of customer service. It defines their role as trusted advisor for my health, my car, my home, my family.
Returning to hacking and information security, there is no need to make folks uncomfortable. The terrifying things in IT are well publicized. We know. Things are broken. Criminals are misusing technology. We have a lot of work to do. Everyone gets it.
Let’s make the people we work with comfortable. Let’s look at absolutely practical things. Why? Because that is what professionals do. Let's get some work done.