The Names Have Been Changed To Protect The Innocent”
These were the opening words of every episode of the series “Dragnet”.
I loved loved loved to watch “Dragnet” when I was a little girl.
But it was on past my bedtime.
Going into the last commercial, the announcer would always say “The results of this case in just a moment”. Sometimes I would sit on the staircase landing, watching the TV over my parents shoulders while I was supposed to be asleep. I would be tingling in anticipation — waiting to see the results before my folks would catch me and order me to bed.
Full disclosure, I have been out in the field and forgot I needed to blog a UX post today. So, I’ve decided to share a snippet of a recent ethnographic visit — learning about security professionals so that we can design better user experiences for them as they manage their daily security tasks.
10:30: Wanda the Watchdog
Wanda’ cube is right under a white noise machine. She likes it because she can concentrate. She is turned around looking at me expectantly. … I ask her to do what she does every day — she is relieved because she thinks a lot of work stacked up when she was in the meeting with us earlier.
Wanda has three monitors. One is super old school. It has email opened. The center monitor has an events mapper. It is purple and has something that looks like a network architecture diagram. There is a list of events. That screen stayed up the entire time I talked to her.
Wanda is celebrating her 5th anniversary as an employee of Company X. I know this because there is a big monitor that flashes messages to the cube farm up high on the wall above and the right of Wanda’s cube. There is a message that flashes up … “this network brought to you by … and then a bunch of logos. Tripwire’s logo is on that sign.
I point it out, and Wanda shakes her head. “I object to that. Displaying what vendors we use because that’s the first thing a hacker would look for is, what technology do you have in here. That’s part of reconnaissance. My job is to think like a hacker so I’m in constant hacker think mode and that’s the first thing I would do is say, okay what technology do you have, what versions are you running, are those versions vulnerable, what vulnerabilities are against them, what exploits are against those vulnerabilities and then I found the hole and I’m in.”
I ask her about her background. She has a master’s degree in security from a big school. I tell her that I didn’t even know there was a masters in security.
“I didn’t either until I took an interest. The previous job I had, we had viruses going around and I personally spent nights cleaning out systems because I used to be management. I used to do what these guys did and I got tired of that and I’m like, there has to be something we can do about this and I started taking an interest in security and I found this degree and I’m like, awesome, I’m going to do this cause I’m going to fight these guys. When I graduated I’m like, okay I’ve got this degree, what can I do? The company I worked for was not interested in security at all, they didn’t care. So I started looking for a job and found this one.”
Wanda describes herself as a “watchdog”. Her job is to watch and alert people. I believe that she cares about her job. — her cube is decorated with motivational messages . I mention one in particular about how security people need to remember a business is being run. She laughs and tells me that she has that there to remind herself to lighten up. “I am a stickler”
Sometimes her boss tells her to let some issues slide, but Wanda is uncomfortable with that. The stuff that has happened in the past two years has just taken the hacking and breach to a whole new level.
“it’s incredible.” Wanda sighs, “Unfortunately the bad guys are winning.”
(The story you just saw is true. The names have been changed to protect the privacy of those who are participating in the Tripwire UX Lab Rat program. http://www.tripwire.com/uxlabrat/)
Note: This post was originally published here: http://www.tripwire.com/state-of-security/it-security-data-protection/watching-the-detectives/