Nathaniel Knight

Reflections, diversions, and opinions from a progressive ex-physicist programmer dad with a sore back.

A Different Model for Security Teams

There is, in my experience, a certain mindset among some information security professionals. They see themselves as the keepers of arcane knowledge, duty bound to hold the cyber-line, the last thing standing between common application developers and complete pwnage. They're the few, the proud, the ones who can shut it all down in the name of security. I'm not sure if it's a side effect of that field's association with the "intelligence community" or mere self importance; every profession has its foibles.

Unfortunately, apart from the usual objections to cops and special forces, I think that the metaphor leads to some dysfunctional tendencies in structure and strategy:

I'd like to suggest a role model to replace the cyber-warrior: the guard llama.

A single llama in a pasture with a flock of sheep
The Shepherd's Flock, Roger S. Hart, Flickr, CC BY-NC

A "guard llama" is a single llama (or similar beast) put out pasture with a flock of sheep to protect them from coyotes, wild dogs, etc.

The guard llama:

These are all qualities shared by the most effective and pleasant security teams I've worked with.