While reading some BBC News commentary on the latest protests in the Middle East I found something quite funny. At the end of the article, entitled Renewed protests at Israeli raids, there was the following submission form:

So let me get this straight…they would like to know if you’ve recently been involved in any social activist type engagements and, if so, would like you to provide your name, phone number, town, country, and email address.

It just struck me as funny 🙂

I’m not sure why I haven’t thought of this before…we need to be learning about security from the men that know it best – The A-Team!

In 1972, a crack commando unit was sent to prison by a military court for a crime they didn’t commit. These men promptly escaped from a maximum security stockade to the Los Angeles underground. Today, still wanted by the government, they survive as soldiers of fortune. If you have a problem, if no one else can help, and if you can find them, maybe you can hire… The A-Team.

So much about the A-Team can be applied to the security profession. Take the following wise quotes from the members of this illustrious team:

Colonel John “Hannibal” Smith

I love it when a plan comes together.

Who doesn’t? If you don’t properly document your security policies and procedures how can you hope to be able to operate your security program effectively? If the plan doesn’t “come together” then you’re just asking for trouble. Take it from Hannibal, make sure your security policies and procedures are easy to follow, comprehensive, and constantly updated. By the way this is possibly the wisest thing ever said while holding a submachine gun and smoking a cigar.

Classic Hannibal quote – “Hickory dickory dock / The mouse ran up the clock / The clock struck one / Down he run / You smell worse than my socks.”

Captain H.M. “Howlin’ Mad” Murdock

I don’t wanna be a secret weapon! I want to be an exposed weapon!

This is exactly how I want security professionals to be viewed. I would prefer that people knew who/what the security professionals are/do. The security department shouldn’t be used as a secret weapon but rather as the tip of the spear. Users need to be educated on the role of the security professionals within the organization so that they know by whom the consequences outlined in the organizational polices are enforced. Murdock might be crazy, but people tend not to screw with the crazy people 😉

Classic Murdock quote – “I’m a bird, I’m a plane, I’m a choo-choo train *shouts* Uh, touchdown!”

Sergeant Bosco “B.A.” Baracus

When punks start hasslin’ decent people, I make it my bidness.

“Punks” being malicious entities (i.e. hackers, malware, and so on) and “hasslin” referring to disrupting the regular flow of operations makes this the coolest way to explain a security professional’s job to the layperson. Our goal is to ensure the safety of those who do not have the required skills or ability to protect themselves from a technological attack. Who knew that Mr. T would be such a forward thinking individual 🙂

Classic B.A. quote – “Me rhyming my words… that’s the craziest thing I ever heard…. my ears don’t ring.. I don’t hear a thing! Hey wait a minute sucka!”

Lieutenant Templeton “Face” Peck

The key to any con is to place the mark in a position where he or she thinks reward will come or harm will be avoided if he or she does exactly as told by the conman.

I struggled to find a good positive one for Face since his role was always that of the conman. The above quote, however, is a good reminder of the purpose behind social engineering attacks. The attacker is out to gain your confidence (did you know that the ‘con’ in ‘conman’ meant confidence?) and trick you, the mark, into revealing information that they can use against you and your organization. If it doesn’t feel right…then don’t fall for it!

Classic Face quote – “What am I gonna do, flush myself down the toilet?”

I thought this was quite funny. While checking my list of regular blog entries via Google Reader, I clicked on a post entitled Three New RegRipper Plugins to get a better look. To my surprise the advertisement at the top of the post was not what you would expect to see on a security related post (see below):

This is why I don’t include automated banner advertisements in my posts or on my blog. Without having control of the content you run the risk of having ads thrust upon you that may not align with the theme of your site 🙂