make a good business better

Blog Information Security

Print Divider Print Divider Branding
 

How Dressing Like Batman Can Help You Be Better at Cybersecurity

11/06/2018  |  By: Mark Burnette, CPA, CISSP, CISM, CISA, CRISC, CGEIT, ITIL, QSA, Shareholder, Practice Leader of Risk Services

Share

Social Logo Social Logo Social Logo Social Logo

A few years ago, on the day after Halloween, my wife bought a Batman costume off the clearance rack. It was heavily discounted, and she figured I might be able to use it for a future Halloween. My wife is a smart woman who manages our finances responsibly and plans well—definitely my better half!

This year, our church hosted a Halloween party for the surrounding community on our church campus. As a part of the festivities, my daughters and I decked out our vehicle and prepared to hand out candy to all-comers. As the children filed past our trunk with their parents, I kept a close eye out for any fellow Batmen (or whatever you’re supposed to call the plural of Batman—Batboys? Batkids? Batgirls?). As each youngster dressed like me approached our car, I would kneel down to eye level with the child, and, in my best dark, mysterious, raspy voice, say something like, “How are things back at the bat cave?” or “Have you seen the Joker? He’s on the loose, so you better be on the lookout!” Most of the kids would giggle and reply with something like, “I’m gonna find him and beat him up!” or “The bat cave is a secret!” We hosted more than 2,400 people on our campus that day, so I talked to plenty of Bat-people (nailed it!) and other superhero impersonators during the two-hour event.  

About 30 minutes into the event, a young boy who was about six years old wearing a Batman costume approached our car, grasping his mother’s hand tightly. As he saw me, before I could kneel and say anything, he stopped, pointed at me, and wide-eyed and full of wonder, said to his mother, “Mom, look, it’s the REAL Batman!” Now, keep in mind, the costume my wife bought me is one of those simple one-piece flannel step-in-and-zip-up deals, with a plastic cape velcroed to the back. I had paired it with black gloves and some dark sunglasses—no mask. Clearly, I was NOT the real Batman, and I wasn’t trying to fool anyone into thinking I was. But, on a day when being a child is celebrated, this child’s imagination took over, and, for a moment, he allowed himself to imagine that he was staring at THE Batman. I dutifully fulfilled my Bat-duties and kneeled down with some candy, a smile, a comment, and I asked him if he wanted a picture. He and I struck Bat-poses, and his mom snapped a few photos. On they went to the next vehicle, and that kid’s day was made.

As I stood there thinking back on that moment, I wondered how in the world that young man could have allowed his mind to convince him that he was in the presence of the real Batman. After all, he himself was wearing a very similar costume (albeit a smaller size), and there were at least 30 other children also dressed in the same getup nearby. But, for a moment, by using his imagination, that boy experienced the elation of realizing a dream, and I got to watch it happen.

What (you must be asking) does this story have to do with cybersecurity? Well, the Halloween experience made me realize that imagination is not only a tool for children to dream about what could be, but it can also be a way for cybersecurity professionals to stay ahead of the bad guys. For example, if we can tap into our creative minds to imagine how a control process might fail, we could leverage defense-in-depth principles to better insulate our environments against attack. If we can picture and effectively communicate how our organization’s residual risk could introduce undesired effects to the company, we can potentially gain more executive support for cybersecurity investments. If we can think like an attacker (with creative imagination), we can anticipate their next move and tweak our defenses to increase our security posture and tune our monitors to detect when intruders find a way to circumvent defenses so we can respond quickly. 

You may already be doing all you can to envision how control processes could fail, how attackers could circumvent your defenses, and how to best communicate security issues to your leadership team. If so, I applaud you. Keep it up! But, if you—like many cybersecurity leaders I speak with—feel like you could be doing more and your program could be better, well…suit up.

The team at LBMC Information Security is full of creative, passionate cybersecurity experts that can help you with any of your data protection and system security challenges. If you would like to talk more about your cybersecurity efforts, or if you just want to know where to get a cool Batman costume, contact us here.

Posted in: Security Consulting