Updated: Oct 23, 2022
Like many InfoSec professionals, I see the inside of a lot of airplanes. (However, I was not on that ship last month.) I recently flew back from our company HQ in Orlando to my home in California:
Now, to set the scene, I’m on auto-pilot (no pun intended) as I travel. I pride myself on my ninja-like ability to glide through TSA (major thank-you to whoever thought up pre-check). But you know how it is…people are people and it’s fun to chat and be friendly. Us people who dream in Python and can name every major /24 by heart are well known for our legendary gregariousness. Oh, wait…that’s not normally said of us InfoSec professionals, is it?
However, by the law of the travel g*ds, the more often you travel, the more often you are with the driver, fellow traveler, seat-mate who will ask you, (like the Queen’s famous for asking):
“So, what do you do?”
And I lie – consistently — to total strangers who I will never see again and who probably have limited means of finding out who I really am. Why do I do this? I denied being an InfoSec professional a total of four times on my recent trip home. “I am generally into boring computer stuff,” and I manage to change the subject.
So, it occurred to me; I wonder how many of my fellow InfoSec professionals have the same policy of not admitting what their day job is? I suspect my paranoia might be excessive, but my go-to for friends and family is:
“I catch bad guys on the Internet — people who write computer viruses”
It is probable that during my early career as a cop in London (with a surname that wasn’t ‘Agent Smith’), I acquired a penchant for discretion. That hasn’t stopped some of my old ‘clients’ looking me up on LinkedIn and reaching out for a nice cup of tea at a conference, as we discuss the good old days (before doxing was a thing) when they were in handcuffs.
It is equally probable that I am an asocial curmudgeon who would rather decline to hear about your latest technical woe on the way to 10,000 feet…if given the option.
Which leads me to a story my training Sergeant told me on our first day at the academy: he went to Spain for his annual holiday with his wife, they met another couple and hit it off splendidly. They seemed to be perfectly matched and spent most of every day and evening with the other couple, sightseeing and drinking. They discovered that they had a huge amount in common and that she was a teacher and he was a property developer. My sergeant was keen to avoid any discomfort and pulled the equivalent of my trick on the plane: he became something altogether less controversial and vanilla than the truth, he was ‘in insurance’.
As you might have already guessed, by the end of the week on the beaches of Spain, as they were saying their goodbyes…both gentlemen confessed to each other that they had lied about their work. They were both police sergeants, in different UK police forces.
So, here’s a poll, how ‘tin-hat’ am I, in comparison to my InfoSec peers?
https://www.surveymonkey.com/r/tinhat or scan this QR code:
Anonymous answers are ‘on’ and you’ll see how you compare with your peers and get a chance to sign up for more news from us via Dragon News Bytes.
Maybe the person you chat with next time as you buckle into your seat might themselves not really be…’in insurance’.
ABOUT THE AUTHOR:
Steve Santorelli, Director of Analysis and Outreach
Steve Santorelli became a police officer in 1994, working in London, UK. He worked his way up through various detective grades and branches until he joined Scotland Yard’s Computer Crime Unit in 2000. During the following 5 years he specialized in malware and botnet cases and reached the rank of Detective Sergeant. Steve received several awards and commendations from various international law enforcement agencies and judges. He was also an associate instructor for the CISSP certification. Steve then left law enforcement to join the Microsoft Internet Crimes Investigation Team, based in Redmond, USA. He spent the next 2 years investigating botnet cases which were then referred out to law enforcement officers around the world for further work and arrests. During this time, he also developed the International Botnet Task Force, a unique group of industry and law enforcement from 35 countries, dedicated to working together to combat botnets and ruin the lives of bot herders. He was also the lead investigator on the Zotob case. Steve left Microsoft in 2007 to join Team Cymru, a small group of researchers who work to discover who is behind internet crime and why they carry out their activities. Still actively involved in investigations, he is currently a Team Cymru Fellow and the Director of Analysis and Outreach. This role enables him to contribute to using Team Cymru’s unique position and insight to improve lives around the world. You can read more about him in a magazine article at: [https://bitly.com/1PeVyrp]