Saturday, 6 March 2010

Scenario thinking - the security officer is a serial killer

More inspiration on scenario thinking. I picked up another Michael Connelly thriller. I've read about 20 of his thrillers and almost al of them are hard boiled thrillers often with serial killers. In about 15 of his books Harry Bosch a LAPD detective is the main character. Harry doesn't know anything about computers and the way the books are written it is described as if it should be like that. In the other 5 books two of them the lawyer is the main character, one a journalist, one an ex-cop with a new hart, the brilliant Blood works and one a ex-con. In some of the books the different main characters meet, making feel like one sees different parts of the puzzle of crime.
In none of them computers or internet played a big role. But the books are a great read with a lot of pace and reasonable scenario's with a dark edge.
I was more than pleasantly surprised when I picked up "The scarecrow" and it starts with Due Diligence visit of CIO of a data hosting centre. Ok the Due Diligence check doesn't go as it should go, but the way it is described with a visit to a girly bar to settle the deal it might go the way it goes with some CIO's. At least that is my security officer view of it. But in the mainstream book with millions of readers, SAS 70 reports, SOX and Hipaa are mentioned too.
In the book a serial killer is running around and choosing his victims from the internet. He also uses the internet, social websites, public self service interfaces of credit card companies and company e-mail systems, to isolate the journalist that is chasing him. All threats that currently exist and could with some skill indeed be used. The journalist is the one that was in a earlier Connelly book the Poet. He just got fired from the job, because newspapers need to cut back on costs, very real life too.
What makes this book very useful for scenario descriptions for a board meeting is the fact that the security officer of the data center turns out to be a serial killer . (I'm not ruining your join of reading, this is clear from the start of the book.). Ok according to the book the guy is called CTO, Chief Thread Officer, a title I’ve never heard off, but this could also be used in some presentations. And the name of the book is related to the way CTO scares away hackers of the data center, a name I’ve also never heard in this relation.
Still that a main character of a mainstream thriller is a security officer must mean the profession still has future even though is a vicious killer. Wasn’t the main character in American psycho a stock broker, just before that profession became a Master of the universe ?


Hans de Jong said...


You were planning something to do with your spare time in the same line of thought? I have to admit that I read a lot of books you have read or are referring to...


ing. Xander Heemskerk CISSP said...

I know Hans this is a serious case of bookname dropping.