Snow shoes and Cyber security

 

There I was, kneeling down on my snow shoes, about 20 minutes in to my little hike, my arm buried up to it’s elbow, reaching around in the hole my pole with a snow basket just made.

What does this have to do with cyber security?

So a bit of background
I’m up North (or at least I am when I’m writing this) taking a 1 week class for school. We have a couple of hours free in the afternoon. Mainly because they teach Skiing and Snow Boarding. This year I bought a new pair of snow shoes. After class I took them for a walk.

Where I’m at (the start of the problem)
I set out on a little hike. Along the way, I find out that I’m just a little too heavy for the shoes. They’re rated to 250 pounds, and that’s around my weight (scale says I’m below it). I’m walking along a non-trail, following animal tracks. The sound of cracking wood over head in the heavy wind. Sinking up to my knees on some steps, and mid calf on others.

I don’t like this, I’m in over my head
I’m new at snow shoeing. This is only my second time using a pair, the first time with poles, that had a snow basket break at the start, and I’m not following any trail, with high winds and not liking the sound of the trees over head, or the new large limbs on the ground.

Looking around, I can still see the wood pecker I saw heard and spotted at the middle of the hill on my way down. But I can’t hear him now, the trees are drowning him out.

Where things go wrong 
Mistake 1: I decide instead of going back the way I came, to just cut, and go up the hill in the next batch of trees.

Mistake 2: It was stepper than I thought. While going up said hill, I lose my balance. I drive both poles in to the ground to catch myself, breaking the snow basket on the second pole.   The first one comes out of the snow, a nice round hole that it made, and sinks down to the handle in the next one. The basket is completely gone. So get back up, and try to dig the basket out of the last hole. It’s not there.

Quicksand time:
Kneeling there, I start thinking, how this is snowballing quick. It’s after 4, I have maybe an hour of good light left. “Man, this would make a good blog post”. I can struggle go back, push forward, but help isn’t coming. I need to figure this one out on my own, and if I don’t do a good job, it could be bad.

Yes, all good, but what about Cyber Security
It has do do with response, YOUR RESPONSE. During an incident, you have to stop and take stock of everything.

  1. You have to realize there is a problem to start with. Sometimes it’s something subtle, like a website not responding, or something larger like a switch blade or load balancer failing. Realizing there is a problem is the first thing. Sometimes it could be more than one, and solving the first one, brings up a second one.
  2. What options do you have? What can you use, what do you have, what are your resources. Are you alone sitting in a hotel hundred of miles from home, trying to restore service, can you drive in to the office (or data center) and work on it. Do you have co-workers or vendors to call to bounce ideas off of? If you have multiple failures, can you delegate resolution plans and know they’ll get done, because you gave it to the right person with the right skills? (by the way, I can make a blog post about that one alone).
  3. What other problems are going to come up along the way? Can yo mitigate any of them, or are you going to just have to accept the risk?
  4. Finally, through all of it, don’t panic. Panicking doesn’t necessarily mean you’re running around screaming and shouting. Remember, while you’re trying to fix the problem, you’re going to have distractions. Things like Management looking for answers and ETAs. You’re going to have to contact your vendors in some cases and deal with their phone support system.

A great line I heard today, “I may be an engineer, but I know sometimes I have to get the professionals. Sometimes I need to guy from Microsoft.” I think too many of us may forget that from time to time, and sink in quicksand.

Leave a Reply

Your email address will not be published. Required fields are marked *