Tuesday, August 5, 2008

Information Security Jedi: Lightsaber combat

It's been a while since I wrote about my observations comparing information security to the Force and its practitioners to the Jedi and Sith. I've talked about the information that we protect and how that can be likened to the Force and how the toolkit that we use to protect or exploit information can be thought of as our lightsabers. So now we should take a moment to talk about lightsaber combat. This introduction will kick off a series of posts about the various forms of lightsaber combat.

The Jedi and Sith both mastered different styles of lightsaber combat. Their chosen style was a reflection of their teaching, their physiology, and their personalities. All Jedi were trained in the basic forms of lightsaber combat but very few of them mastered each form. I believe that it is the same for the information security practitioners of today. There are several ways of defending information and exploiting information, but few people have mastered all of them.

This is a realization that came to me when I was reading about the various forms of lightsaber combat. I saw that some of the forms were similar to some of the disciplines in the information security field. I've mentioned before that I am a lowly Padawan in the world of information security, and I confess to sometimes feeling overwhelmed by the various ways that things can go wrong. Sometimes it seems like there are a million things that you need to know if you're going to be an information security professional. But then I realized that even the Jedi Masters were not masters of every form of lightsaber combat. Surely I cannot be expected to master risk management, penetration testing, forensics & IR, and industry compliance. Much like the Jedi Masters of old, I will attempt to learn each discipline of the information security industry, but I will only attempt to master two, possibly three.

I will not attempt to draw a direct comparison between each form of lightsaber combat and a discipline in the information security field, but there are a few interesting parallels that I will explore in future posts.

Form 0
Form II

No comments: