for too long i thought that being an anxious worrywart ever on alert watching over production was an asset as a site reliability engineer. back then i was on the hook for infra and unbeknownst to me security (!!!) to be clear i am a security enthusiast and am in no way shape or form an expert. i champion the spirit of devsecops (even if i cant ever pronounce it). i read every issue of The Security Blanket aka the NR internal security newsletter.
the more i learned about what orgs commit to business-wise for security measures and leafed through my first scan reports omg there was not enough cortisol in my body to be an anxious Chicken Little about both security AND reliability.
luckily we hired a ~fabulous~ security engineer and on the outside I was all
"haha yeah #OneTeam, security is everyyyyybodys job. so down with DevSecOps!! scan all the things!"
but in my head I thought....... "except it totally is THAT guys job bc we pay him for it and his title even has the word security in it."
and this security engineer is basically the antithesis of Chicken Little. they have adrenaline inducing hobbies and yet seemed unflappably chill. and i was like huh. maybe the whole worry thing is not actually an asset...
for example - whenever I'd ask a security question or be like "omfg what if THIS SPECIFIC AND TERRIBAD THING WERE TO HAPPEN?!?" it'd circle back to his mantra "is that in the threat model?"
And then I started threat modeling everything and engineered the most secure hack-proof code that ever deployed. </s>
What ended up happening was that I internalized "threat models are a thing", filed that nugget away and proceeded to never actually develop one (at least in a work context) :facepalm:
fast forward to earlier this year, i was walking back from checking the mail and fiddling with my keyring to find the house key when I had my security "aha" moment
huh... house front door locks are pretty useless when there's a window right next to the door
because let's face it if someone was really motivated to get inside why would they bother with locks when they could smash a window and gain entry immediately?
which got me thinking "who are these dinky front door locks even for?"
which spiraled into "Oh my god house locks are totally security theatre" and then inevitably "Nothing and nowhere is safe"
Picking up on my Chicken Little "the sky is falling" vibes yet?!
But surely there's some reason and utility for a house lock? Is it just enough of a deterrent that turns off would-be intruders? Is smashing a window way more noticeable and loud vs brute forcing a door lock? Is it the trust of the neighborhood and other folks watching that prevents house break-in shenanigans?
and then the rainy PNW clouds parted and a familiar Aussie voice echoed
HA. That was the key to this - if i was Dorit or Kim K obviously a simple bolt lock and knob lock wouldn't be enough to secure the house because....they're world famous celebrities with oodles of jewels and goodies to steal, blackmail, etc. and me being just a normal person who doesn't have enemies or anything am just fine with the average lock situation.
The environment/neighborhood definitely plays a role since I know hecka folks out in Montana who don't even lock their doors when they leave the house. It is a wonder they even install locks at all. I mean I've lived places I couldn't even trust getting packages delivered. Can you imagine?!
It also depends on what the intruder is seeking - obvs someone doing a "smash and grab" is going to take different actions than idk a creepy stalker.
So all this to say my tl;dr on threat models and reliability strategies is:
adapt to your specific environment and situation. there's no "one size fits all" approach