Skip to content ↓ | Skip to navigation ↓

Long ago and far away, when I was a typical starving college student, I subsidized my expensive habits (eating, rent, school books, etc.) by working as a stagehand for both the university I attended, and the local IATSE#55. Certain job skills that served me well then feel completely applicable to the information security space. So, here’s today’s whimsical post to explore those common areas.

Agility. I remember a particular instance where a touring show didn’t read the small but important detail about what size the loading bay doors were. This was found out during load in (when stage pieces come off the truck and ideally go onto the stage). None of the set pieces would fit through the doors. We did on-the-spot surgery to get some items in; and figured out how to reconfigure the lights and mimic some additional pieces to allow the “show to go on.” The audience never knew. In fact, people were overheard approving the minimalist aesthetic. In security, this is a common event – making miracles happen around unexpected obstacles. How many times has a specific tool failed to give you the exact solution you expected? Can you count that high? But, security people, like stagehands, tend to find a way to put enough bits together to get enough of the job done, and the business may never know how much effort it took to pull it off.

Perspective. Theatre’s version of the 50 foot rule basically states that if the first row of the audience is 50 feet from the stage, that’s the distance the set has to look good at. If your show is going to suddenly be in a theatre in the round; the requirements change. An obvious example is that a painted wall with a wood framed back; while fine when the audience is in one direction, 50 feet away will fail when you are suddenly surrounded in an arena setting. This is a theatre way of expressing risk, although they might not use that term specifically. In security, when you are in a small organization in an unregulated industry; your needs are aligned to that orientation. Become a mega-corp in a regulated industry and your needs move and what is acceptable security moves with them; and as infosec practitioners we work to set things up based on if a 5 or a 50 foot view is needed.

Black magic. People who have not worked theatre tend to view how a show can arrive, and be set up, seen, torn down and in another city the next day as black magic. The idea that people make a living doing things, and might even enjoy doing work that is both out of sight, and out of mind, can seem positively arcane. Even the language can be a challenge, in that “plain English” terms inside the trade can sound like some strange incarnation to the uninitiated. A common arcane theatre term that causes that reaction could be something like a counterweight system; in security, a firewall. They both are comprised of what seem to be common words, used in a way that is weighted and has meaning in their context that is uncommon in general English. This confusion  about how a specialist uses language should feel super familiar to anyone in security who’s tried to explain their day job.

Swarming. Although everyone has a specialty, there’s a time for focusing in your area of expertise; and a time to just pitch in because that’s what’s necessary. When a theatrical show is doing a load in or a load out; it doesn’t matter what role someone had for the show (lights, sound, props, etc.); everyone has to help the show get to its next milestone. That might mean doing activities that aren’t in your specialty; but are within your ability.  This is also true in security. Sometimes we work our specialty; but there are times where it’s about being willing and able to get the job done because the needs of the business and its milestones outweigh the desires of the one.

So, the next time you wear an all black wardrobe, or go to a theatrical production whether it be a rock concert, dance, or play, tip your imaginary hat to the folks that keep our imaginations running, and make miracles happen every night in the same way security people keep the network up, so that the business show can go on.