Hidden Dangers: Navigating Security Like Treacherous Waters
Mark Martens - MBA, CISSP
IT and Cyber Leader, Compliance (GRC), IR, and Strategy. These describe my work, but who I am is broader. I am a husband, father of 4+3, avid boater (offshore), fisherman, gourmet cook, and insatiable student of life.
When I first started piloting boats, I learned a crucial lesson: the most dangerous hazards are the ones you can't see. Even when anchored, most of the time you can see approaching vessels and wave them off. This mirrors perfectly the challenges we face in information security, where threats lurk beneath the surface of our daily operations.
The Depth Sounder and Your SIEM: Signal Through Noise
As a depth sounder sends constant pings to measure water depth, your Security Information and Event Management (SIEM) system continuously monitors your environment. But here's the catch - both tools can overwhelm you with data. When navigating shallow waters, every slight depth change triggers an alert. Similarly, poorly tuned SIEMs flood security teams with notifications, making distinguishing genuine threats from normal operations difficult.
?The solution in both scenarios is calibration. Just as experienced captains adjust their depth alarm thresholds based on known conditions, security teams must fine-tune their SIEM rules to reduce alert fatigue while catching significant anomalies. It's not about seeing everything - it's about seeing what matters.
Speed and Security Posture: Adapting to Conditions
Your boat's safe operating speed isn't a constant - it varies with weather, visibility, and traffic. Similarly, your security posture must adapt to changing business conditions. Running at full throttle in foggy conditions is as dangerous as maintaining rigid security controls during a crisis that requires operational flexibility.
?Similarly, boating at an unsafe speed in unknown waters can present an obstacle too soon to react. You may end up grounded (here in the Keys the mantra is “brown, run aground”. If we are moving so that we cannot see potentially dangerous areas, we will not be ready to respond. I saw a boat this weekend that went aground and was working furiously to break free…and, in the process, destroying the area. Are you damaging your IT environment because you did not look ahead???
Consider these parallels:
Clear conditions = Normal operations: Maximum speed acceptable
Choppy waters = Elevated threat levels: Increased caution required
Storm conditions = Active threats: Batten down the hatches
Heavy fog = Uncertain environments: Proceed with extreme caution
Hull Depth and Threat Intelligence: Know Your Environment
A boat's hull depth determines where you can safely navigate. Similarly, understanding your organization's technical "draft" - its vulnerabilities, critical assets, and exposure points - is crucial for avoiding security incidents.
Just as mariners rely on charts and local knowledge to navigate safely, security teams need threat intelligence and asset management to understand their risk landscape. You wouldn't take a deep-draft vessel into shallow waters, so why expose critical systems to environments they weren't designed to handle?
Practical Navigation Tips for Security Leaders
Map Your Waters
·???? Document your network topology like a marine chart
·???? Identify shallow spots (vulnerabilities) and safe channels (secured paths)
领英推荐
·???? Keep your maps updated as conditions change
Adjust Your Speed
·???? Scale security measures to match current threat levels
·???? Don't let business pressure push you into unsafe operations
·???? Be ready to slow down when visibility decreases
Monitor Actively
·???? Watch your instruments but trust your instincts
·???? Maintain multiple monitoring systems
·???? React quickly to changing conditions
Plan for Emergencies
·???? Have response plans ready before you need them
·???? Train your team for various scenarios
·???? Maintain emergency communications channels (Cyber-insurance, IR help, etc.)
Remember, both boating and security require constant vigilance. The most successful navigators aren't those who avoid all risks - they're the ones who understand their environment, respect its dangers, and prepare accordingly.
Just as no responsible captain would navigate solely by GPS, no security leader should rely on a single security tool or methodology. Layer your defenses, maintain situational awareness, and always be ready to adjust course when conditions demand it.
?After all, in both security and boating, it's not about if you'll encounter dangerous conditions - it's about being prepared when you do.
Give me shout if you need help with your Security Program. We can help demystify information security and incorporate it into your DNA.