Artificial Intelligence Can't...

When I first read Rainbows End, it came across as an odd sort of book. What was this world where kids didn’t understand how technology actually worked? As a kid, I tore apart vacuum cleaners and replaced poorly flashed bios with a $25 mail in replacement and a kitchen fork. That $25 bios replacement could have had anything on it- but the second my parents $1500 computer came back from the dead- I was hooked.. I've been taking things apart ever since.

My first Intrusion detection sensor was built to monitor my home LAN, attached through a dial up 56k modem. The first linux distro I ever messed with was Slackware. I spent nearly $2,500 building my first real gaming rig via my high-school science project. I convinced my advanced science teacher that "playing video games" was necessary (the only!) way to properly burn in a video card.

The Internet is littered with stories like this. Kids, teenagers and twenty-somethings tearing things apart, seeing how stuff works, finding their niche and building a business from their garage. To work on car's professionally, you need to understand how the car functions at both a software and mechanical level. To work in the computer hardware industry, you need an understanding how hardware and software interoperate at an even deeper level.

There's an interesting phenomenon taking place in the security industry- we're just buying stuff.

Our more advanced adversaries understand the Internet inside and out, but those charged with protecting it, largely don't anymore. There's so much cheap money and venture backed security products "promising to protect you", why spend money investing in people (that are 'expensive')? It’s simpler to invest it in (largely subsidized) technology partnerships (which are 'cheap!').

The first time I noticed this was earlier in my career, ~2006. Throughout the dotcom down-turn I invested a lot of my effort in getting under the hood with Internet security. I didn't have any money at the time- so it was easy. I learned Gentoo, Snort, Perl and how to deploy libpcap using line-rate network cards. These cards were easily $5-10k a piece, but dropped very few packets, a massively important metric in the world of network security.

Then one day, my employer sat me down and handed me my first $500k budget (mind you- I was ~25 at the time). Don't ever hand a 25 year old a $500k budget, no good can come from that. They told me- we don't want you building your own stuff, we should be buying more technology. Albeit a bit confused (I was only making $50k at the time, why not hand me another $50k and I'd work more? .. I digress…), I glossed over the comments and started on my spending spree.

Three years later that employer (a STATE school nonetheless) was forced to furlough staff. I guess lots of enterprises were handing 25 year olds large sums of money in those days. While I learned a lot from that spending spree, it was the stuff I had learned up through 2006 that catapulted my through the rest of my career. I made most of my future earnings from the things I intuitively understood, not the things I was able to buy.  Additionally- because we were in a position to open-source a lot of our work, other industry segments were able to leverage the built up knowledge, learn from our mistakes and build from them.

 As a security professional, you need to understand the entire stack much as your adversary does. Many security professionals certainly try, but they do it by investing in how many different solutions they can throw at the problem. This comes at the cost of investing their time in understanding the underlying threat landscape. They throw mud at the wall to see what sticks, hoping they get lucky (or at-least aren't the worst in a sea of mediocrity). This results in a series of complex technologies that cover the known gaps, but leave gaping holes between them.

I'll be the first to admit- these days I use a macbook so I don't have to fiddle with my OS/Hardware as much anymore (gentoo broke me, at a fundamental level). I use an iPhone so my phone "just works" and I pay up for that privilege and I buy my wife a new macbook air when it breaks down. However, I spent the last four days messing around with a new opnsense firewall box. Why? So I could re-organize my home network, better capture netflow, implement my PiHole and vlan off my GD LIGHT BULBS THAT ARE TRYING TO BEACON OUT TO THE GD INTERNET!  All things that continue to enhance my understanding of both adversaries and customers alike.

Invest in the things that make you a better security professional. Understand what's under the hood and how things work. Sooner or later, the cheap money and fancy security products disappear. No amount of artificial intelligence is going to solve the Internet's security problem. It's always been and always will be, humans vs humans.

Be better. The Internet is depending on it.




Did you learn something new?