Changing the Information Security Story

Jamie Rees

www.linkedin.com/in/jamierees

Once upon a time there was an isolated monster called IT Security. He lived in a dark wood on the edge of a cubicle farm where he passed his time wallowing in FUD puddles, scratching strange symbols on dead trees and screaming incomprehensibly at unwary cube farmers that wandered too close.

The farmers, other villagers and especially the nobles of the area did not like the monster. But he did seem to keep other dangerous beasts at bay so they tolerated him. In some cases, when he got really loud they would drag some offerings to the edge of his wood and run away.

Upon receiving these offerings the monster would quiet for a time, returning to his symbols and his puddles, content that he had gotten attention from the people of the village.

The villagers on the other hand would quickly forget the monster existed until the next time they heard his rumbles at the edge of town and the strange symbols reappeared. And so the story repeated itself until…

An unlikely hero arrived in the village. His only power was a love of nomenclature. He knew that people of all sorts loved to call things by their names, he also knew they sometimes had different names for the same things. One day while out admiring his new locale and logging the names of everything he passed, he stumbled across the monster. The monster yelled in his incomprehensible tongue and waved scratched his symbols in the ground. Instead of running, the gnome looked and listened, intrigued by a new set of names to learn.

The gnome took these new names he had learned and returned to the village where in his library he searched for meanings and parallels he could use to understand the message.

After long hours of study he realized the monster’s symbols were important warnings for the villagers. He knew he had to get the message out.

The gnome ran to the castle, wanting to take his message straight to the king, ‘what better way to get the message out’, he thought, ‘then to let the king make a royal decree.’

He was turned away. ‘The king’ he was told, ‘has more important things to worry about;’ The gatekeeper pointer to a poster on a nearby wall announcing a series of important convocations. ‘he is focused on these preparations and has no time for the ramblings of a Gnome.’

Dejected he wandered through the village streets. How would the people know the danger if he didn’t get the king to tell them. He stumbled upon a small shop. A sign out front read J. Cordwain, Royal Shoemaker. The Gnome went in to investigate.

The shoemaker had little time to spare. ‘I have to make several pairs of luxury shoes for the king’s convocations, each much be nicer than the one before.’ If you aren’t part of the preparations I have no time to talk. ‘Can I help?’ asked the Gnome.

The shoemaker explained that he needed several particular pieces of leather for soles and that they were late in coming and were impacting his ability to deliver the shoes on time.

‘I know why they are late’. Cried the Gnome and he told the shoemaker about the monster’s symbols. Dangers from outside the realm are sneaking into the nearby farms and carrying away the animals needed to make the leather. ‘At the current rate you will only get enough leather to make ½ the soles you need.’ he said. The shoemaker was immediately interested.

The Gnome left the shoemaker’s shop feeling good, he had helped his new friend and he had found out there were others in similar predicaments, supporting the King’s plans. With a letter of introduction from the shoemaker in hand he set out to find them and see if he could help.

To the bread maker he explained the monster’s take on water in the river being blocked and the grist mill’s trouble in making flour.

The clothier heard about mines supplying the metal used in fancy zippers being overrun and not being able to get ore to the smelter.

The persistent little Gnome visited every shopkeeper he could find that was supporting the King’s planning. He also continued to visit the monster and got better a understanding the symbols and babble. He went back and forth several times, doing what he could to help everyone involved. Trying to understand what was important to each of his new friend’s, sharing information and giving advice as he could.

One day he received a royal summons.

One nervous Gnome found himself back at the gate of the castle. The poster announcing the kings parties was still there. The gnome snatched it off the wall, tucked it under his arm and knocked.

The gatekeeper ushered him in. ‘The king is expecting you, you will have 10 minutes to make your statement to the planning committee.’

The gnome was pleased to see a room full of friendly faces. All of the people he had reached out to in the previous weeks were there. This set him at ease.

The King motioned for the Gnome to start. “My party advisors tell me you have some interesting news”

The King motioned for the Gnome to start. “My party advisors each have told me you have some interesting news”

Holding up the poster he had taken from near the gate, the Gnome started. ‘I believe that there are some risks to the components required to ensure your parties are successful. The ability for the shoemaker to deliver the required amount of shoes has a number of dependencies…’ The Gnome began to describe for the King each of the linkages required for the shoes to be built on time. The King interrupted turned to the shoemaker “Is this accurate?” ‘Yes, and here are my thoughts on fixing it…’ replied the shoemaker.

In turn the King listed to each of his advisors explain how their ability to deliver a component of the successful parties was at risk. Each explained in their own terms the issues the Gnome had brought to them. Other than an occasional agreement, the Gnome bit his lip and let them explain on his behalf. The King turned to the Gnome, ‘I want you to work with each of these businesses as you did the shoemaker and determine which risks will impact them the most and what can be done about them. Further I want you to return to this meeting regularly and tell us all the overall risk to the success of my parties.’

“Once upon a time there was a little business capability called Information Security…”