“Think Evil” is at the heart of the Security Mindset…
~Patrick Heim, CISO of Kaiser Permanente from the preface to Hacking Exposed 6: Network Security Secrets & Solutions
In my experience people are generally good. Most of us don’t want to believe we’re evil or that we do bad things. When we do “bad” things we find all kinds of rationalizations for them. Sometimes our “goodness”, which is really about self esteem and self image, hampers us.
In self defense classes where I am teaching people with zero training, many people have a visceral reaction when I describe things like how to shove a finger into an eyeball. I see them squirm and many vocalize, “yuck”. “This reaction is fine,” I’ll explain, “it tells me that you are a decent human being who is repulsed by doing something so violent.” I will then go on to explain that criminals who want to hurt them aren’t so nice or decent, and that sometimes causing bodily harm is really the only choice other than being killed or seriously injured themselves. Most people get it.
The quote that started this post comes from a book about computer network security – it’s for people learning to be penetration testers, otherwise known as “ethical hackers”. These are people who, with authorization, try to penetrate the security of computer networks in order to find the holes before the “bad” hackers get in and cause damage. If you’ve ever read about the military’s Red Teams or Red Cell – it’s the same idea – pretend to be a bad guy to test security.
So I offer the following mindset practices to you to learn how to shore up your defenses:
- When you’re in public look around as if you were a mugger trying to choose a target. Who would you choose and why? Make a note of the criteria you would use to pick a target – and learn to make yourself less of a target.
- From time to time when you are sitting or standing near to someone imagine they were going to suddenly physically assault you. Based on both body positions, what are some of the likely ways for this to happen. If the person had a weapon hidden, where might it be, and how would they access it?
- Look at your home and ask yourself how you would break in if you wanted to rob the place.
I’m sure you can come up with a few more mental drills such as these. The key is not to become paranoid or obsessed with what can go wrong, but play with the mindset and learn to become safer.