The Ruby Fiasco & Cyber Security Fundamentals

A crazy life event reminded me of the fundamentals that help Cyber Security teams be successful.

* Trusted communication

* Following a gut feeling

* The importance of good team culture

* Having a good incidence response partner

My family and I live out where our dogs can run loose. We have two dogs; a miniature Red Heeler named Ruby and Shiver, who looks like a Border Collie with really short legs.

Early on Sunday morning Shiver woke us up barking. This isn’t too unusual, we often have coyotes or other animals roaming near the house, but she just wouldn’t give up her barking. Finally, I decided to investigate telling my husband, “Shiver doesn’t bark unless she has a reason.” Grabbing a flashlight, I headed out into the dark. Shiver was right there at the front door, but I couldn’t find Ruby anywhere. I wandered up and down our long driveway and then back toward the horse pens calling, “Ruby, Ruby, RUBY.” Something just wasn’t right. It was possible that she had found a gopher or rabbit and decided to chase it and would be back soon, but I just had a strange feeling. Walking by an old car, I heard the faintest whine. Tucked behind the front wheel and completely out of sight was Ruby. I only managed to find her by crawling under the car and shining my flashlight behind the car’s front wheel. She had somehow wedged her head into the metal struts and the undercarriage of the car. I hurried back into the house and woke my sleeping husband who is well schooled in helping me with disasters. We took turns trying to figure out how to get Ruby out of this crazy predicament, pushing, pulling, and twisting, but it was useless, she was stuck. There is a rubber boot that covers a joint, and I thought that cutting it out might give us just enough room, but all I managed to do was get thick grease everywhere. The only option left was to start cutting the metal.

One standard security practice that has trickled over into my personal life is to have an incident response partner. This translate into, if my husband can’t fix it or is on the rodeo trail, I call John. John is part superhero, part legend. A Vietnam vet, who was shot down twice and still has a bullet embedded somewhere in his body that they decided it was safer to leave instead of fish out. A former boxer, police officer, as well as experience in a host of other interesting careers and he is most importantly an expert mechanic who can fix anything. 6’6” and at 75 he is a fit and intimidating figure with a heart of gold. John arrived with a host of tools ready to come to the rescue. My husband held Ruby by her back legs, trying to keep her as far as possible from the sparks flying from the metal cutting. A few cuts and with a little help from the grease, the angle of her body from having being lifted by her back legs and Ruby popped out without injury. John was still focused on the rescue and didn’t notice Ruby had been freed until my husband shouted and pointed. John said with a smile and chuckle, “So you saying should I quit cutting up the car?” The car is a complete loss, but when my husband mentions this fact, I point out that you can’t really put a price on happiness and Ruby in one piece really really makes me happy and then I quickly change the subject.

Cyber Security Fundamentals and the Ruby Fiasco

Trusted Communication

Often in Information Security, we find ourselves in the same role as Shiver. Persistently telling our upper management, there is a problem. They key is to ensure it’s trusted communication. If Shiver had a habit of just barking to bark, we would have ignored her. Because Shiver had gained our trust by only barking when there was a legitimate reason to bark we believed her when she kept telling us there was a problem. There are so many potential security problems in any environment, make sure you're barking about the right ones so you are treated as a trusted source and not just a loud bunch of noise that gets ignored.

Gut Feeling

I like facts and numbers, KPI’s and metrics, but I still listen to gut feelings. When an engineer is looking at logs and tells me, “I can’t put my finger on it, but somethings not right.” I listen. I could have easily explained away Shiver’s barking, or Ruby not being right outside the door and I honestly can’t explain what made me even walk near the car that let me hear that faint whine. It makes my stomach sink when I think of the “what if’s.” I seriously doubt we would have found her if we would have waited until morning. In our era of big data and machine learning, there is something about human intuition that machines will never have.

Team Building

The truth is Ruby is kind of a jerk to Shiver. Even though Shiver is older and bigger, Ruby is the first to treats and doesn’t share well. Shiver would have been justified in letting Ruby fail, but instead of being petty she stepped up and did the right thing.

One of the core tenants we have on our cybersecurity team is “We have each other’s back, we always protect and deflect.” Cyber / information security teams can be challenged by constant crisis and our conflicting dual roles of “protect everything” but then told: “Don’t slow us down.” We’re the first team people point to first when there is a security issue and also the first team that is blamed if something gets blocked or fails. In the heat of a crisis, a team could easily turn on itself in frustration and point to the persons to throw under the bus.

Treat your teammates like Shiver treated Ruby. She didn’t point out how stupid she was to get herself into this disaster, she didn’t hold a grudge and refuse to help because of Ruby’s past rude behavior, she stepped up and did her best to get her out of the crisis and solve the problem as a team.              

Good Incident Response

There nothing better than a disaster, to remind you to be ready for a disaster. Playbooks, table tops, and constant updating and most of all a great relationship with trusted advisors. I have the same confidence and respect for our Incidence Response partner as I do for John. It’s not because of a fancy marketing brochure, a dinner, or cool sticker but because of the quality professional experience engaging with their team.

When managing a crisis at work or at home, pay attention to the fundamentals, remember it’s a team sport, listen to your intuition, and just when you think you’ve seen and heard it all something completed crazy and unexpected may surprise you.