After years (okay, decades,… okay, okay, centuries….. damn it… alright! alright already, eons… are you happy now? yes. I’m THAT freaking old. I still remember coal-fired computers and horse-drawn airplanes and shit. My birthday cake is a slice of tree trunk of matching rings, but the table can’t hold the weight anymore. sheesh!)
What was I saying? …. (eyes wandering left and right…. … . . . … . …. . . . . )
oh yeah! I’ve amassed a data set that accurately summarizes the predominant security practices or strategic “methods” leveraged by each major US industry. I warn you: this is highly scientific information. It may require additional consumption of various questionable substances just to remain conscious while trying to read it all. Here goes.
Method: Place sufficient restrictions on the adoption of new technologies, so as to (A) mitigate unknown vulnerabilities and exploits, (B) insure that those with knowledge of older, proven exploits have died from old age, and (C) keep certain aging consultants employed (because they’re married into your family). And besides, what’s wrong with COBOL?
Method: Never leave important IT decisions up to any one person, ever. In fact, the more people involved, the greater insurance that the decision will eventually be reliable, maybe. Larger companies focus on perfecting multi-role hyper-proliferated subterfuge logic branching and coalescing processes. In layman’s terms: they foster greater variety among responses to decision inquiries. Many have invested heavily in processes which depend entirely on custom hand-stitched, stone-carved, natural leather encased software, usually written by someone who left or died long ago.
Method: Implement dozens of stop-gap procedures to insure every motion of IT is slowed to the lowest possible, almost un-measurable, velocity. Think of a Japanese rock garden, only slower. Where the sand is executive processes and the stones are IT staff, now simply add quick-set cement to the sand mix and sprinkle some water on it. This insures that even the bad stuff will take forever to make headway, and by that time, the entire system will have been eventually decommissioned. Forget penetration attempts, even social engineering-based, because they’re often project-oriented, not departmental, so most people have no clue what that next cube is working on. In fact, they probably don’t use the same network, computers or operating systems.
Method: Relegate “IT” to whomever answers the Craig’s List ad for an “IT Expert”. Critical skills include: printer management, thumb drives, recovering lost files and emails, and using Excel databases” (that’s not a typo). Must also have experience with Macs and Windows XP, particularly with kids games.
If they have any in-house “IT” capacity at all, it’s often enough shock to send a consultant into cardiac arrest. Due to possible legal implications, it’s best to never change passwords for critical user accounts and never, I mean NEVER, delete anything. Keep everything forever, or as long as you can afford somewhere to store it.
Method: Agents need to be flexible and mobile. Everything is done on laptops. Everything remains on laptops. No time for that silly, trendy, cloud stuff. No backups, no cloud sync, but OMFG do NOT let anything happen to that precious data on those roaming laptops! Thumb drives are forgotten like Matt Damon in Interstellar, waiting for someone to give them a hug, only to have their face shield cracked open and their chip tossed away. Shit. Did I give away the plot?
Advertising / Marketing
Method: Hire someone quick, and get back to the conference before the food runs out.
If it’s airlines, use railroad standards. If railroads, use airlines standards. Either way, the older the technology the better. It’s like a cast-iron frying pan, after years of seasoning, or a vintage wine.
Method: Deny all requests for pay increases for five (5) years, reduce promotions from once every five (5) years to once every ten (10) years, discontinue any training programs, and for God’s sake: deny all requests for stupid things like newer software and hardware It worked in 1995, so it should still work! Hire a consultant to blame internal staff for every deficiency, terminate and reassign to avoid audit trails and blame the contractor afterwards.
Method: Same as municipal, but on a much larger scale. Every four (4) years, change direction from in-sourcing to out-sourcing, and blame the opposite for any failures that remain. If conservatives win, out-source to private contractors, where expertise and trust are premium values, after all, when has anyone ever heard of a private contractor doing something wrong in a government position? Then blame liberals. If liberals win, open up the job requisition flood gates and hire at will. However, keep GS-rating pay scales at 1995 levels to avoid asking for tax increases. This helps insure only the highest-quality employees are onboarded from their previous positions as private contractors or foreign exchange students. Then blame conservatives for any failures. Think of it as seasonable employment.
Method: Hire the first contracting IT firm that actually shows up. If they wear those spiffy-looking polo shirts with a slick company logo, they might be too expensive. Ask if your cousin’s friend graduated tech school yet. You know, the one who puked all over your sofa when he brought her to crash in your apartment while you were out of town. That one. If she’s not available, what about that kid that asked you about spark plugs while you were trying to inflate your car tires that day.
See if you can guess which of these most closely matches the photo above.