L Appel De La Forêt Netflix

I was watching the TV series, La Casa De Papel (Coin Heist) on Netflix, a few weeks agone. I realized that the story of the gang tin reveal some best practices we should use while dealing with the security of the products we build.

Beware, the text contains spoilers. If you haven't seen the show till the end and you are planning to, please visit the article on a after solar day. Or go along with your at your ain risk :)

Threat Modeling Can Protect y'all Confronting Unexpected Events

First of all, what is threat modeling? Threat modeling, in layman terms, is an analytical process. In there, the engineers who build a production coordinate with the security team. They collaborate towards the security architecture of the product.

More specifically, the model, how someone tin attack the product, and what is worth protecting (assets). They besides model what they can be loose well-nigh. Beingness loose, not because they don't intendance. Merely because protecting it tin exist more costly than the asset itself.

Threat modeling can become y'all a long manner and protect you from events, confronting the odds. What is threat modeling in our "Money Heist" instance? It is Professor's (aka Sergio Marquina'due south) plan against all potential routes the plan will take. In having alternatives, even for the edgiest scenarios. The avails are clearly, the stolen money or his comrades in the heist.

A Single Signal of Failure tin Crusade a Chain of Bad Reactions

Threat modeling might help you recover from many security bug that will arise. You can recover from a cyber-attack but things will never exist the same. A crack in the security wall tin can have a domino event.

Imagine a lake dam, with a few cracks effectually, going unnoticed and beingness exploited by nature. Y'all can always fix it, but it might accept time for the lake visitors to establish trust again.

Like the Professor, where he lost respect after the gilt (temporarily) vanished. Even though his neat problem-solving skills, helped resolve the issue, things got hairy very fast.

Chain reactions

Luck is not a Strategy in the Long Term.

In the show, there are some provocative cases of luck. For instance:

Raquel renegading the police arrangement
Police and army failing plans to invade the bank
Failing to shoot to the target many times. From troops, that are supposed to exist professional shooters.

Snitches and below-expectations defense might requite y'all some extra time. to motility with your plan or escape. Only you have to take advantage of information technology. To either move with your programme or escape. Always recollect your luck might go abroad, whatever time soon.

Never Drop the Weapons

This is not specific to cybersecurity but to life in general.

Pain is temporary, quitting lasts forever. Take your mistakes, remediate them and learn from them. Every bit long as your centre is pumping blood, y'all are not dead withal.

Architectural mistake? Patch information technology immediately and re-architect the product (yeah, I know...delivery and business constraints)
Below expectations monitoring? Fix information technology now. Add more people and see how they can be more than effective
Serious defects in the code? Railroad train your team insecure practices and code review focused on security. Buy a license to a package like Snyk or Nessus. Plan some per centum of your capacity to patch the most severe ones

Budget constraints

Fifty-fifty in the Worst of Moments, Keep your Composure

Imagine a ransomware attack. It is there, information technology is happening. Screaming over people'due south heads will not solve the trouble.

When you cannot win against an attack, you however have to practice your all-time, to at least not lose. For sure, don't panic. As the Stoics say, you take to exist your best self on the things y'all control. And let the remainder, simply be. Accept them.

Yous cannot control the side by side stage of an assail. But you can do your best to prevent it, to not repeat the aforementioned mistakes, and to close the open doors that exist now.

Don't lose your temper and clear mind, Equally Tamayo lost it when he realized the gang was blackmailing him for various reasons.

He got angry, he got blackmailed, he was even ridiculed in the eyes of the European Cardinal Banking company. And what was the consequence? He lost, hands down, even though he lied to the media near winning.

Conclusion

Top-notch cybersecurity is not a free lunch. And not everyone can do it, equally the caveats are so many. But with some discipline, retrospection, and humility, you can do wonders. Too, the show is great, if you haven't seen it, please practise.

First published hither

L O A D I N G
. . . comments & more!