Star Wars

[Updated with a leaked copy of the response from Imperial Security.] To: Grand Moff Tarkin Re: “The Pentesters Strike Back” memo Classification: Imperial Secret/Attorney Directed Work Product Sir, We have received and analyzed the “Pentesters Strike Back” video, created by Kessel Cyber Security Consulting, in support of their report 05.25.1977. This memo analyzes the video,…

Read More Pen Testing The Empire

IANS members should have access today to a new faculty report I wrote, entitled “Threat Modeling in An Agile World.” Because it’s May the Fourth, I thought I’d share the opening: As Star Wars reaches its climax, an aide approaches Grand Moff Tarkin to say, “We’ve analyzed their attack pattern, and there is a danger.”…

Read More Threat Modeling and Star Wars

C-3PO: Sir, the possibility of successfully navigating an asteroid field is approximately 3,720 to 1. Han Solo: Never tell me the odds. I was planning to start this with a C-3PO quote, and then move to a discussion of risk and risk taking. But I had forgotten just how rich a vein George Lucas tapped…

Read More Security Lessons from C-3PO

In “The Galactic Empire Has Terrible Cybersecurity,” Alex Grigsby looks at a number of high-profile failures, covered in “A New Hope” and the rest of the Star Wars canon. Unfortunately, the approach he takes to the Galactic Empire obscures the larger, more dangerous issue is its cybersecurity culture. There are two errors in Grigsby’s analysis,…

Read More Cybersecurity Lessons from Star Wars: Blame Vader, Not the IT Department

I had not seen this excellent presentation by the engineer who built the Death Star’s exhaust system. In it, he discusses the need to disperse energy from a battle station with the power draw to destroy planets, and the engineering goals he had to balance. I’m reminded again of “The Evolution of Useful Things” and…

Read More Governance Lessons from the Death Star Architect