Surfing with Sharks – A Day in the Life of IT Security

Living on the beautiful Carolina coast has offered me the opportunity to check off a bucket list item: learning how to surf. Last summer, at age 45, I checked this off the list, and I continue to surf as often as possible.

Surfing is easily the most challenging sport that I have ever attempted. It is truly humbling and the environment changes daily. Hey, sounds a little like the IT world, doesn’t it?

As I paddled out the other day, the parallels to the IT world really struck me.   Surfing is all about patience and position. It takes years of experience to understand differing conditions: tides, wind direction, swell type, intervals, and their impact.  Even with some experience, there still remains the challenge to be in the proper position to catch the wave and having the patience to wait for the right one. It’s generally not recommended to surf alone as there are sharks in the water. Here are 3 life lessons I’ve learned from my time “swimming with sharks” that will help today’s IT professionals:

1. Ride the waves.

The parallels between surfing and IT security are numerous, as security is known for its thrills and spills from the largest corporation to Aunt Sue at her home computer. The majority of security threats are not complex, but simple, and rely more on the impatient, unsuspecting, frustrated, or inexperienced user rather than some ingenious hacker’s “brilliant” code.  Yes, there are sharks in the water, but the disgruntled admin employee and impatient end user still remain the number 1 threat, as this recent top 10 study reminds us.  Vigilance and education are key to avoiding the risks associated with these security threats. In the corporate world starts with dedicated security teams, with regular 3rdparty audits.

2. Put pride aside for a fuller understanding.

When it comes to position, one of the biggest obstacles can be pride. Just a hot-shot surfer ignoring his limits, pride can get in the way in the security world. In American culture, pride is drilled into us all. The truth of the matter is that in life (and especially in IT work), pride hurts us much more often than it helps us. Don’t let pride or ego get in the way. Be in the proper position.

Have a full understanding of that change you are about to make on that corporate email server, or that security update you are about to install on that small business server, or don’t make the change until you do. Understand all of the implications to the back end systems, as well as the end user, before making changes. This requires well educated and trained employees who understand the big picture for the deployment, architecture, design, etc. Talk to your peers. Talk to the vendor. Admitting you need help is not a sign of weakness, but of wisdom. It’s not about you alone; a security breach could affect thousands.

3. Patience can deliver perfect results.

What happens if I’m not patient in the water? I might jump on a decent wave, but miss the perfect ride two waves later because I am out of position. Be patient. Don’t click on that Google search link just because it came up first. Hover over it and ensure it is going where you think it is and not directly to a malicious .exe . It’s easy to take that precaution by watching  the status toolbar at the bottom of your IE window. Do the same with email links.

What happens when I’m having a bad day in the water? Impatient, out of position, crashing and burning all day? I need to practice acceptance. There will be bad days. Getting past them is what matters.

 What are some security recommendations that you’ve put in place? Have you learned lessons in the great outdoors that apply to your workplace? Share them below, and remember: Be patient, be in the right position, and enjoy the ride!
Victor Rozumny ITO Custom and Complex Engineering Team Principal Technical Architect AT&T About Victor