It is hard not to like the Marvel movies that hit the big screen every year. Being a pseudo-geek (pseudo because I have no comic book collection or replica light sabers mounted on my wall), I enjoy the world Marvel has created. Even on the little screen, Agents of S.H.I.E.L.D has become a staple in my house despite them calling out their "RSA hack" in the early episodes. It isn't our fault Tony Stark's Gmail account was compromised. Someday, Director Fury will open up about the closed door sessions he had with Art Coviello and how RSA helped them get a handle on their security analytics but I digress. Marvel's latest creation - Guardians of the Galaxy - has hit the theaters in a big way this summer. Who couldn't be pulled into a world where a band of misfits battle evil despite all the odds? If you are a security professional, you should immediately identify with this plot. I mean - look across the cube farm outside your cubicle. For goodness sake, one of the characters is named 'Groot'. Make you think of your Unix guru perhaps? Even if you don't identify with each character, your security team would most likely appreciate the label of 'band of misfits'. So where do these 'bands of misfits' fit in today's world?
I discussed in my last blog the crucial point we are at today - highlighted by Art Coviello's and Amit Yoran's keynote speeches at RSA Asia - when it comes to the security industry and the need for intelligent design rather than brutal evolution to drive our collective security strategies. Last week, Jeff Moss, aka Dark Tangent, opened Black Hat 2014 with a call for 'Radical Simplicity' as the key to dealing with the exploding complexities of technology. Dan Geer then rallied for a series of steps to build a more secure, and trusting, technology driven society. At both the Black Hat and DefCon conferences, the theme of relevancy permeated the events. Yes, of course, there are the headlines of the data breaches, the 1.2 Billion passwords hijacked and the other usual fodder stressing the need for better security. But when you look at technology - when you really look at it - we sit on the eve of some truly magnificent potential for the human race. And security - more accurately Trust - is in the eye of the storm. And that, my friends, is what they call Relevancy with a capital "R".
I wonder if the cavemen who discovered the wonders and usefulness of the first projectile had this same sense of relevancy. If they knew what that idea would result in, would they have pursued that path? While the first stone thrown may have resulted in dinner for the clan waiting in the cave, the next few millennium unfolded and before we knew it, we have Nagasaki and Newtown. I believe those early pioneers would have continued on their journey exploring the technology of the projectile for pure necessity but with an increased sense of responsibility and moral imperative.
We are on the cusp of the same path with digital technology. If you think technology is ingrained in society today - wait until ten years from now, twenty, fifty... Every device we add to the Internet is another shovel full of dirt making the already unfathomable digital ocean deeper. When devices are embedded in everything from our cars to our bodies, technology will be incongruously fused to the human journey. Security must be at the forefront of making this technology evolution safe for future generations.
Last week, I heard this theme in multiple presentations - the call to action, the need for moral direction, the absolute criticality of security to build trust as we walk down this technological path. As embedded devices, the Internet of Things and ideas that haven't even been thought of yet change how humans live, we must be thinking in terms of what is best for the future. We all have a role to play in this technology age. Security should be a compass that will enable this technology to be used for good - trusted communication, open communities, the spread of knowledge, things that benefit mankind. This leads me back to our plucky little band of misfits, i.e. your security team. Guardians of the Galaxy? I say it is much bigger than that. Let's start with "Defenders of the Universe" and go from there.