Discretion will protect you, and understanding will guard you. Wisdom will save you from [those] whose paths are crooked and who are devious in their ways. - Prov. 2:11-12a, 15When I was attending a recent seminar put on by Control System Cyber Security Association International (CS2AI), the presenter, Rahner James, described the type of professional who would excel in the IT security industry as having to be "a little bit shady." This was an updated take on the adage "it takes a thief to catch a thief", presuming that there was a different approach to securing your IT infrastructure if you understood how a hacker might look at it. Your web services don't need to defend against people who use it the way it was intended. Rather, once a system is defined, the hacker finds the cracks in the interfaces and the weaknesses in the safeguards, skirting around the boundaries to gain access. Fair people tend to think others will treat them fairly, while deceitful people assume everyone is trying to cheat them.
One of the attendees of the seminar objected to this requirement. He didn't want to think his moral compass had to be compromised in order to do his job well. I sympathized with him, because I have seen security blindness and I could also see how a glimpse into the dark side might give us insight into the means and motives of attack.
Then James gave an analogy that helped me understand. Hackers, he claimed, divided the world into two categories: sheep and wolves. They are the wolves and IT is the fence protecting the sheep. By challenging the IT security, they are proving themselves--seeing how good and talented they really are. If they win, they are rewarded with financial gain or notoriety. If they lose, they try again, or they get caught. No risk, no reward.
But IT security people see the world in three categories: sheep, wolves and sheep dogs. Sheep dogs have similar genetic makeup and similar instincts and similar tools with wolves, but they win when the sheep are safe and the lose when the sheep go down.
Jesus expressed his own role in slightly different terms:
I am the gate for the sheep. All who have come before me are thieves and robbers, but the sheep have not listened to them. I am the gate; whoever enters through me will be saved. They will come in and go out, and find pasture. The thief comes only to steal and kill and destroy; I have come that they may have life, and have it to the full. - John 10:7b-10Maybe, being "a little bit shady" means remembering the way we are all inclined to be without God. Jesus warned his disciples "I am sending you out like sheep among wolves. Therefore be as shrewd as snakes and as innocent as doves" (Matt. 10:16) We look for the angle. We try to get around rules. We look for loopholes. We take advantage of the goodwill of helpful people. People in security have to have a determination to protect that is as strong as the ambition to penetrate.
What is it like to understand the full extent of evil (Genesis 2), but not be evil yourself? I don't know, but I want to move forward with the right heart motivations.
What is it like to be a good God, see the full extent of deception in the hearts of men and women, and still love those who are a little bit (or a lot) shady? I don't know, but I am sure glad he does.
No comments:
Post a Comment