What is Cybersecurity? (An anecdote about a doorknob)
Cybersecurity, in its essence, is pretty simple: identify risks and mitigate them. Identifying risks is finding weaknesses that leave you vulnerable. This anecdote will explain what I mean.
Replacing a doorknob.
I needed to replace a doorknob. We had been living in our home with the original locks. I was concerned the previous owner may have kept a copy of the key and might want to enter our premises uninvited.
I performed a risk assessment.
I bought a new doorknob manufactured from a reputable brand, and that looked pretty. I trusted this brand to provide more than adequate protection. I felt that paying extra was worth the extra security.
I identified the mitigation.
It was time to improve my home's security. I removed the old doorknob and installed the new one.
I implemented the mitigation.
I felt pretty good until...
My gut performed an unconscious risk assessment. I started to feel uneasy. I began to think, "Did I do it correctly?"
My conscious mind realized I needed to update my risk assessment.
You might think this is a ridiculous question. Of course, a new doorknob would prevent the previous owner from entering uninvited. This might be the logical conclusion, so why bother with another risk assessment?
I decided to stand outside, close the door, and kick the door. To my surprise, the door opened wide. Huh?!
I installed the doorknob backward!!
The mitigation was unsatisfactory.
I fixed the doorknob, closed the door, and kicked hard (several times). The door remained closed.
I addressed the findings from both the old and new risk assessments.
So what is Cybersecurity?
Think about what could go wrong, find ways to address them, make the changes, and repeat the process.
When you implement a fix, make sure to test that it works too.
Before You Go
Join my mailing list to receive updates about my writing.
About the Author
Miguel is a Principal Security Engineer and is the author of the " Serverless Security " book. He has worked on multiple serverless projects as a developer and security engineer, contributed to open-source serverless projects, and worked on large military systems in various engineering roles.
Originally published on Patreon