Thursday, 26 March 2009

Reflecting on a visit to the House of Hackers

Brand Killer Robots reveals:
When i was only nine years old i was given a toy car for Christmas, i think it was a red VW beetle. Anyway, for some reason i decided that i would try and get inside it so i began prizing the windows open with the end of old spoon i had near by. Failing to get anywhere, i went to the cupboard and got an eating knife and preceded to hack at the edge of the windows. Suffice to say nothing worked so i sat back and thought. I thought about what it would be like to tear open the doors and finally gain access to the inside. I thought about what it would be like after the challenge was over and the feeling i would get from my accomplishment. I thought how much pleasure i would have had telling my friends about how i broke into to a brand new car that mummy and daddy bought me.

Then, after a brief moment i began to see the whole game for what it truly was!

A game that was really not worth playing.

I mean, how much thought does it really take to bust into things?

From that day forward i always made sure i only ever played original games. Not games based on short-term thrills. Not games based on combative paradigms of thought, or games to impress my friends.

But games that nobody else would ever think of playing.

So i ask...

In a world that is full of sharp practice merchants, corrupt executives and other black hats.....why are our so called commercial security service professionals still playing the same old security games? When the risk to corporate reputations and business integrity from white collar scams is an order of magnitude greater in a recession than ever before, why are security executives not investing heavily in security intelligence R&D?

The answer is = (they are investing) ....... but they are investing in preventing people from busting into opposed to ensuring that they are always broadening the scope of the field of security to protect against people who like to create and play entirely new games - and are more likely to be the most dangerous of all.

If you want help designing a security risk assessment model that takes account of more than todays "limited scope" security paradigms: email Ryan at

No comments: