Writings from the intersection of law enforcement and the Internet

Offensive Security

I've been thinking a lot about security and how to better protect organizations and assets. And this applies to both financial institution security and policing. We both are responsible for securing people and property.

So many times we remain unaware of an adversaries technique or tactic until it is applied to our organization. A new ATM exploit, method of depositing fake checks, or laundering gift cards. “We didn't know about it”.. is only a valid excuse if you are Victim-0. You should be actively seeking out new threats, new tactics, and new procedures and then altering your security posture to protect your organization.

Traditionally, in security and in policing, we are reactive. We stand the post. We wait for something to happen. We wait for the bad guy to make himself known. Then we reactive. The traditional sheepdog guarding the flock. But what if we went out and watched the wolves? We studied them. Learned their methods and techniques. Knew when they were coming and were ready for them. And trained the sheep to protect themselves.

I get it. We are so busy working on existing cases that there is no time to study what happened to someone else. Time to read, communicate, and share, is at a premium. There are only so many hours in a day. In a week. But that is how you become a better investigator. Recognize the TTPs – Tactics, Techniques, Procedures – of the bad guy. Recognize the signatures. Know what is connected and what isn't. Make your organization more secure. If you can prevent some cases then you won't have so many to investigate and therefore won't be so busy. Have the route planned before you need to take the trip.

We have two obligations:

1) Seek this information. Learn every day. Dedicate yourself to becoming a more knowledgeable practitioner each day, not just on training days.

2) Share information when you become patient 0 or 500. Pride has no place here. Acknowledge victimization to help others and others will do the same to help you.

We must be out in front- offensively. We can't wait until the enemy is already inside the city. Go find them. Study them. And when they come to our city we'll meet them at the gate, with a snarky smile, and tell them not today.