Where all the Cyber Tooth Fairies go?

November 13, 2020 in Preaching

One of my favorite TV Series is Dexter. Early seasons were so-so, focused on a cheap thrill, lame TV that you can see all over the place. As the series progress though we observe a shift in the narrative and we witness a true character of the main protagonist developing in front of our eyes. Dexter’s inner thoughts are full of curiosity, inquisitive reflections on life and it’s hard not to relate. We all try to fit in and be a part of it, whatever that ‘IT’ is.

So far I watched the series twice and I know I will come back to it.

One of my fav parts of the series is the history of the Tooth Fairy Killer. Walter Kenny is in his 70s when he is introduced to the audience, and due to his serial killing activities he becomes one of Dexter’s targets. Tooth Fairy Killer’s character is very interesting, because… he is way past his prime, he never got caught and … he is a somehow lonely, old, yet still arrogant individual.

When we swap ‘killer’ with ‘cyber’ we bring this post back to our infosec world.

What happens or will happen to us, aging ‘serial cybers’?

I don’t know. We don’t hear much from cyber people who already retired and are either enjoying their Autumn years, or became wealthy quickly enough that working is no longer necessary and they can focus on hobbies, angel investment, whatever. Then there are these not so happily-ever after retired – these who we end up hearing about on the news or through a grapevine. And it is not surprising to find out that many of these we hear of commit suicide, end up imprisoned, or live bigger life than themselves.

How many of us will end up there?

Putting difficult, and somehow inevitable mental health and medical issues associated with aging aside, what is that we want to do at the age of 70? Will we still work thinking we are saving the world from the cyber crime? What if futuristic laws and protocols make the cybercrime almost obsolete? And if not, will we still care? Will we still hold true and honest the ideals from our 20s? Or, worse, will we become victims of some sophisticated future social engineering tricks that will target us – the elderly? Again, I don’t know the answer. I am not that old yet, yet the questions like this start popping up in my head as I am getting older.

Our industry expanded so quickly that it’s impossible to keep up. It’s now mandatory to specialize. The good ol’ corporate entered the game and we are being institutionalized like any other company department. Is the anniversary watch we get as we retire the only prize for all these efforts, all-nighters and opinions we so eagerly shared with others over these early cyber years?

Maybe it is a price of being in the industry that very quickly goes through stages of maturity. From random, opportunistic to systematic, managed. Very rapidly. There is a final stage of cyber process already emerging today. I expect that in the next few years most of the ‘really’ technical jobs in cyber will move and gravitate around specialized vendors – these providing classification, automation, orchestration or whatever you call it, and providing value derives from frameworks like Mitre Att&ck.

Forget manually crafted super-timelines, inspections of systems, bit-to-bit imaging, and file format analysis. Forget manual malware analysis. Not only OS/Cloud telemetry and forensic/sandboxing capabilities will be provided out of the box, but they will be easy to use, already built-in and the DFIR/RCE hacking as we know will be over. Plus, more and more zerotrust-ish, docker-ish stuff, logs that can be actually used, and finally more and more reliable MFA.

So, where do we land? Working for vendors is an easy answer. Client-side IT Security efforts coordinators aka security vendor managers is another. Security advisors? Security consultants? Table Top exercise coordinators? Teachers at uni?

Or.. perhaps cyber is here to stay for another 100 years ? And maybe, hopefully… Cyber Tooth Fairies is only the problem of the bad guys? Because… there is always something ‘for the benefit of good’ to do?

Comments are closed.