Yes, IT Security. The story is told about a long running battle between the Philistines and the Israelites (1 Samuel 17 1-53). Everyday the Philistines would send out their champion, Goliath, and challenge the Israelites to a one-on-one battle. Winner takes all. The big problem was, and I do mean BIG, is that Goliath was a giant. One big dude. No Israelite solider knew how to fight such an enemy. So they cowered. The philistines laughed and were comfortable.
One day this kid comes along bringing lunch for his soldier brothers. His name was David. He is witness to Goliath's daily challenge and like most young idealistic people, who can solve all the world's problems, he says, 'yo bros, why aren't we doing something'! They laugh him off. But David persists and soon enough finds himself facing the giant; Armed with the tools he knows best. Goliath laughs and mocks him. David splits his skull with a rock from his slingshot. Fair trade. Goliath dead, the Israelites win and the Philistine army scurries away.
So how do I get from an ancient military battle to IT security? Goliath was proud, he thought he was invincible and so did the rest of his army. He likely was invincible against all attackers who engaged him in the defined model of combat: sword, shield, spear. David didn't play by the rules, he even tried on standard armour but quickly realized it was not going to work for him. Instead he thought outside the box and made use of tools that were not expected on the battle field and won.
All too often in the IT context I hear people say things like: 'our software is perfectly secure', 'It cannot be hacked', 'I signed to SOX attestation so I know that security cannot be circumvented'. Ya - and David can't kill Goliath. We all too often fail to recognize the difference between the truth regarding what is possible and our ability to conceive of what is possible. We only truly know the bounds of the possible once we have exceed them.
If you are convinced that something cannot be hacked, broken, violated, or circumvented then what you are truly admitting to is the limit of your imagination. And never forget about the possibility of the $5 wrench.
