I’ve struggled with weight all my life. For me it’s this back and forth: lose some weight here, gain a lot there, etc etc. It wasn’t until I was about 26 that I started to see signs that my weight might be affecting my body and got a little scared. I got on the scale and realized that the scale could no longer actually tell me my weight. The scale only went up to 330lb and I was past that by a lot; if i had to guess I was closer to 350lb. With my health markers and now this number I can’t see suddenly shocked me and I remember needing to make a change.
Over the next couple of years I made changes to my exercise and diet slowly. I remember starting out just having TV dinners as a food replacement which was better than how I was eating prior. Yes, I ate TV dinners for meals, but I stopped snacking. Of course as I lost weight I changed and cut those out, but always focusing on cutting calories. It was that simple. I didn’t go on Keto, didn’t become vegetarian, and didn’t fast. All I did was watch my calorie intake and exercised daily. If it’s that simple, nothing elaborate, then why aren’t more people doing it? Why do so many people struggle with weight loss? I have to say, it’s hard. It takes daily effort to say no to TV, no to eating that food, and yes to pushing yourself to exercise. I remember some of the hardest times were for a company birthday party, when everybody was having pizza and wings, and I was sitting there with my bowl of salad.
Now, I lost a lot of weight–actually got down to 180lb at one point–but over the years weight has come back. Not anywhere close to where it was but it’s still a struggle. Now, why couldn’t I just keep it off? I had a simple game plan of just eating fewer calories and exercising. Well, that consistent effort takes a lot of hard work and it’s easy to fall into bad practices.
So, how does this relate to security? I have to say it’s a pretty close analogy, or at least one I can directly relate to. I find security is neglected until something happens, either a breach, ransomware attack or data mistakenly being exfiltrated. I find for companies this is the same moment that I had when I got on that scale, the realization that something needs to change before it gets worse. So you start to make small changes, you buy some new technologies, maybe hire a few more security people. This is the equivalent of trying Keto, fasting or being vegetarian. You might suddenly get those results you were looking for. Your security posture is better than what it was prior to the incident, but then what? Well, maybe other priorities come up. That new EDR you just bought WAS on all endpoints, but no longer being pushed out with new machines. The SIEM hasn’t been tuned in the last 3 months. The people you hired to watch it all are all suddenly tasked with networking work because that’s where resources are needed.
It happens and it’s easy to fall back into a hole where maybe security isn’t a priority. Similar to my weight loss, those first couple of years it’s all I focused on, but as time went on I wanted to do other things with my time and my weight went back up. It’s easy to think you have to do something and jump back on the weight loss train with the latest fad but at the end of the day, you need to cut calories; even exercise can be optional. In security there’s no shortage of fads: first it’s Cloud AV, then EDR, now it’s XDR. You might think that’s what you need to jump start your security program and buy it, but if not maintained you’re no better off.
So what are my security basics? Well, as a security analyst, my top three are: logging all devices, having those logs in a central location and having people focused on maintaining these systems to make them better. Now I know there’s a lot of things in security, there’s standards, procedures, user management, patching, threat hunting etc. If you don’t have the logs it can make those other things harder. Often I find companies have security programs, but the three above things are not met. It’s like having security guards, but no cameras. You might find your PHI/PII data out on the dark web, but you’ll never have a clue how it got there.
Even if you log everything, keep your SIEM running smoothly, and have the right people, things change and it’s easy to get off course. The key is to refocus and go back to the basics. There’s a quote that resonated with me when losing weight and I believe is still very true with weight loss or security: “Continuous effort – not strength or intelligence – is the key to unlocking our potential” – Winston Churchill. That continuous effort doesn’t need to be a big dramatic change, but trying to focus on small changes and continuous improvement is the key to achieving a goal.
Editor: Emily Domedion