Saturday, June 21, 2008

Information Security Jedi: Light Side beings

In my previous post on this topic I talked about the nature of the Force in the Star Wars Universe and I explained why I feel that in our world the closest thing we have to the Force is information itself. I talked about the ways that being strong with "the Force" in our world makes you more powerful and improves your station in life.

I also mentioned that the Force has a light side (which is typically just called the Force) and a dark side. I'd like to spend some time today talking about the beings that use the light side of the force and how that relates to the information security field.

The foremost users of the Force in the galaxy were the Jedi, the protectors of the galaxy and the Republic. Although they were few in number, they were so good at resolving conflict that they were able to keep peace in the entire galaxy without the need for a standing army. And as the title of these posts probably suggests, I am of the belief that information security professionals are like the Jedi of our world. It is our job to protect the information resources of the whole world and there are relatively few us compared to the total number of Information users out there.

Among the Jedi there were several ranks. There were the Younglings which were children ranging from infants to about 12 or 13 years old. The Younglings were taught the basics of the Force in groups. When they reached the proper age, some of them would be selected by a Jedi to serve as a Jedi apprentice, the rank of Padawan. As a Padawan the being would assist the Jedi who was allowed to have only one Padawan at a time. When the Padawan reached a certain level of maturity and understanding of the Force, the Jedi would recommend the Padawan for "the Trials." If the Padawan successfully completed the Trials, he or she would be granted the title of Jedi knight. This usually occurred when the Padawan was in her early 20's. After many years of dedicated service, and after reaching several milestones the Jedi Council may choose to bestow the title of Jedi Master onto a Jedi.

So how do these ranks compare to the information security professional of today's world? Well, not very well it turns out. For one thing, most of us do not have Masters that take us under their wing and teach us everything they know. There is also no set of widely accepted ranks that apply to the information security professional. OK, but there are still some parallels that we can draw between the Jedi and ourselves. For example, many people in the information security field did not start there. I got my start as a Windows system admin, and then moved into a network engineer career. During this time I learned some of the fundamentals of information security, but I was not an information security professional. At this time in my career, I think you could make a good comparison to the Younglings in the Jedi order. When I got my first job as an information security professional, I became a Jedi Padawan.

Some people do start their careers as information security professionals, and that's OK too. Remember that Anakin Skywalker became a Padawan as soon as he joined the order, he never learned with the other Younglings.

So when I got my infosec job I became a Padawan. How will I know when I'm a Jedi? After all, we don't have anything like the trials do we? Well, sort of. We have certification tests, and there are classes that we can take, and there are techniques that we can master as we specialize in our field. That's probably the closest that we're going to get to the trials. I guess you really become a Jedi when most other professionals view you as a Jedi.

What about the Masters? Keep in mind that there were very few Jedi Masters, and not all Jedi would become Masters. In our field I think the Jedi Masters are those rock stars that provide guidance to us all. People like Paul Asadoorian, Larry Pesce, and Johhny Long. These people are content creators that other Jedi turn to for new techniques and guidance on how to operate. I would say that you become a Master when the other Masters say that you're a Master, just as it was in the Star Wars Universe.

How can you use this metaphor in your information security career? I would say that you should start by considering where you are in your career? Are you a Padawan, a Jedi, a Master, or a Youngling? Then you should think about what the role of each of those position is. As a Padawan, I feel that I need to be focusing on earning the respect of my peers, and I'm likely to do that by learning my craft, taking training classes, passing certification tests, and demonstrating that I have the proper knowledge of the Force and resistance to the Dark Side. Remember that we are all tempted by the Dark Side, but as a Youngling or a Padawan you are at particular risk of being corrupted by the Dark Side by engaging in Black Hat hacking. Other required items in the path to knighthood including building your own lightsaber and learning the basic forms of lightsaber combat. I'll talk more about that in another post. Next time I'm going to talk about the Dark Side of the force and the beings that use it.

No comments: