Andrew Hay

the man, the myth, the blog

What The A-Team Can Teach Us About Information Security

| 1 Comment

I’m not sure why I haven’t thought of this before…we need to be learning about security from the men that know it best – The A-Team!

In 1972, a crack commando unit was sent to prison by a military court for a crime they didn’t commit. These men promptly escaped from a maximum security stockade to the Los Angeles underground. Today, still wanted by the government, they survive as soldiers of fortune. If you have a problem, if no one else can help, and if you can find them, maybe you can hire… The A-Team.

So much about the A-Team can be applied to the security profession. Take the following wise quotes from the members of this illustrious team:

Colonel John “Hannibal” Smith

I love it when a plan comes together.

Who doesn’t? If you don’t properly document your security policies and procedures how can you hope to be able to operate your security program effectively? If the plan doesn’t “come together” then you’re just asking for trouble. Take it from Hannibal, make sure your security policies and procedures are easy to follow, comprehensive, and constantly updated. By the way this is possibly the wisest thing ever said while holding a submachine gun and smoking a cigar.

Classic Hannibal quote – “Hickory dickory dock / The mouse ran up the clock / The clock struck one / Down he run / You smell worse than my socks.

Captain H.M. “Howlin’ Mad” Murdock

I don’t wanna be a secret weapon! I want to be an exposed weapon!

This is exactly how I want security professionals to be viewed. I would prefer that people knew who/what the security professionals are/do. The security department shouldn’t be used as a secret weapon but rather as the tip of the spear. Users need to be educated on the role of the security professionals within the organization so that they know by whom the consequences outlined in the organizational polices are enforced. Murdock might be crazy, but people tend not to screw with the crazy people ;)

Classic Murdock quote – “I’m a bird, I’m a plane, I’m a choo-choo train *shouts* Uh, touchdown!

Sergeant Bosco “B.A.” Baracus

When punks start hasslin’ decent people, I make it my bidness.

Punks” being malicious entities (i.e. hackers, malware, and so on) and “hasslin” referring to disrupting the regular flow of operations makes this the coolest way to explain a security professional’s job to the layperson. Our goal is to ensure the safety of those who do not have the required skills or ability to protect themselves from a technological attack. Who knew that Mr. T would be such a forward thinking individual :)

Classic B.A. quote – “Me rhyming my words… that’s the craziest thing I ever heard…. my ears don’t ring.. I don’t hear a thing! Hey wait a minute sucka!

Lieutenant Templeton “Face” Peck

The key to any con is to place the mark in a position where he or she thinks reward will come or harm will be avoided if he or she does exactly as told by the conman.

I struggled to find a good positive one for Face since his role was always that of the conman. The above quote, however, is a good reminder of the purpose behind social engineering attacks. The attacker is out to gain your confidence (did you know that the ‘con’ in ‘conman’ meant confidence?) and trick you, the mark, into revealing information that they can use against you and your organization. If it doesn’t feel right…then don’t fall for it!

Classic Face quote – “What am I gonna do, flush myself down the toilet?