I've now written a few blogs about being a Lazy CISO, and realized that I have yet to make a Star Wars reference in a single one. So, considering this is the Fourth blog post, it's definitely time I swing my meme searches to include some old stalwarts that are near and dear to my heart.
For my purposes, I'm going to move away from the definitions of AI and ML that you know. Instead, I'm rebranding them as "Article Intelligence" and "Multiple Labs." Both of those revised definitions apply very well to the droids in question here, and also a lot of Security practitioners Ive worked with in the past.
C-3PO embodies AI and is all about facts and figures. He knows all the details one could possibly learn, and spouts that knowledge at any given moment. He even turns out to be a fairly good storyteller in the end, with some coaching.
R2-D2, on the other hand, learns from experience in the laboratory of "life." His experience has been built over many years, and he applies his time in these lab environments onto his next predicament. His heroics often lead to praise, but tempered with caveats about his attitude.
Many times in my career, I've come across analysts who thrive on AI. They are constantly studying texts, taking certifications, and are the first ones to pipe up with the "facts" around any given security discussion. To be honest, these are also the team members who are more impressive to management the fewer times they interact with them. They seem to have a huge wealth of knowledge, they volunteer their information (and opinion) freely during meetings, and they can quickly answer questions about how things "should be done" to combat all the threats they've just revealed in your enterprise. However, they also often lack the ability to not provide every relevant piece of information they know.
On the other side are the R2s of the InfoSec world. They tend to sit back, wait for everyone to express their concerns and engage in the head-scratching exercises of how to fix an issue, and then bound into action to implement a solution they just happen to have worked on at a previous company. The problem is, they often do so with the grace and charm that you would expect from an AstroMech Droid.
I used to loathe the C-3POs and loved having R2s on my team. The lazy part of me felt it took too much time and effort to memorize all those facts and figures, and held disdain for anyone who put that much work into always being "right." I also relished the idea that, during a crisis, all I needed was to deploy my trusty R2 to save the day. Who cares if they rolled over some toes along the way?
Of course times, and perspectives, change. Now I see you really do need the pair to be successful. The knowledge is what's important. Whether its a deep bank of information, or just practical knowledge that comes from being on the frontlines, all of it is valuable. You just have to understand when each is needed and how to temper your expectations about how you can use that knowledge.
So here's to the unsung heroes of the InfoSec community. The AI and ML are powerful allies when facing down the Sith, aka malicious attackers, and without them we're all just bullseyeing wamp rats in our T-16s.
No comments:
Post a Comment