- Be A Security Cool Cat: Place penguin stickers on every surface in your cubicle. Stick at least 3 on the dual boot company issued laptop (that hasn’t had a kernel upgrade in 6 months). Use BlackHat stickers for bonus points.
- Be An Undercover Open Source Evangelist: Unfailingly, recommend open source solutions as more secure. Be sure to quote ‘more eyes, less vulnerabilities’. Recite frequently . Always forward security advisories about commercial products to your boss.
- Walk the Tech Talk: Learn at Least 10 Bash Keyboard Shortcuts. Treat this as a party trick. Perform rapidly in sequence whenever anyone watches your screen. Giggle and pass the keyboard over and say ‘Your turn!’.
- Be All Knowing, Jedi Warrior!: Say ‘Trust but verify’ whenever you are asked a question you do not understand. Make it clear in meetings that you trust no-one and “verify” solely through a Google/Secunia search.
- Impress with a Penetration Test!: Download Metasploit, spend 7 hours modifying the web interface: create custom graphics and hack up the CSS files. Start Metasploit running before you leave for the day. Use Camtasia to capture all screen activity so you can review in the morning. If all went well upload to YouTube and link out via facebook.
- Practice Defense In Depth’: When you are asked ‘What is the Risk?’, grin inanely and say ‘I’ll tell you after I break out the vulnerability scanners’. Run at least 3 vulnerability scanners to get ‘defense in depth’.
- Latest *Is* Greatest!: Clipboard stealing attacks are *always* a bigger issue than the CISCO infrastructure with default passwords (how did they get there?!).
- Educate The Great Unwashed with a Deep Dive Security Awareness Program. Educate end-users about Cross Site Scripting and SQL injection attacks. Don’t invite the outsourced developers - they already know this stuff and have deadlines to meet.
- Impress Your Peers - Perfect the RFC Shoutout: Pick at least 10 common protocols and learn the associated RFC numbers. Intimidate IT colleagues by shouting out the RFC numbers whenever they mention the protocol.
- Start A Security Blog: What Can I Say?
10 Ways To Cheat At Being An IT Security Professional.
Written by Craig Balding
May 18th, 2008 | wisdom | 
Email This Post
Sponsored Link
4 comments ↓
11) if you need to comply, skim the rider’s digest version of the standard, google for an incident where fines were paid. Next time you hear the standard’s name say “Clearly, even this falls short. As you might know, org.com was fined 100k, and I am hearing that the fines per day, per incident. Good for them that their holding company had deeeeep pockets…
11a) if there is no compliance effort ISO 27001 is always a good start.
12) go to Security Conference (local - it’s cheaper that way), talk loudly how stupid and incompetent your ITSec department is, give impressions, cooked examples as facts.
13) if not in IT Sec, make sure that you ridicule/rant the security posture every time the director/vp in within their hearing distance. Maybe you will get to help them.
14) get “Learning BASH in 21 days” followed by “Learning Provider-1 in 7 days”. Read on a flight. Get someone junior to show you the fw configs/server scripts. Make sure you don’t say much, let the noises and facial expressions convey the message.
15) Every one knows that FW rules change just because. Reinforce that belief next time something does not quite work right. Organize a “lessons learnt” meeting, but don’t tell the FW folks. It’s better when they sound defensive.
16) tell everyone about low-tech-hacking, feed the hype. Make janitors lives interesting.
17) security folks are vindictive, blame malice what can be attributed to anything else.
18) buy older but expensive looking car (Jaguar, 5series bmw, corvette), make nebulous statements about ITSec salaries.
Convince your management to purchase Core Impact, take the 3 day training, and call yourself a pen-tester.
20. Be Self Employed. Brag about how ‘the good guys have tons of work anyway’ plus you never have to finish anything.
21. Make cryptic remarks about things you’ve done in the past but can not talk about due to the sensitivity.
22. Turn every single discussion into the security arena, because in the end it is the only thing that really matters.
23. Say ‘risk assessment’ all the time.
24. Claim your systems & solutions never got p0wned [true because of rule 21].
25. Advice all new techs to be implemented, NOW. Save because companies never will and when things go wrong you get to say ‘Told you so!’
Feed the general perception of I.S… looks like, smells like, must be in I.S
26. Grow a neck beard or some other weird form of facial hair.
27. Put on a few kgs and wear a t-shirt on casual day.
Must have something to do with star wars/trek or alternatively something from thinkgeek.com
Leave a Comment