J003-Content-A-security-carol_SQwith apologies to Charles Dickens!

Caesar Kloodge was a miserly sort of man, given to fits of budgetary woe and refusing to spend money on anything without an immediate ROI, and even then only if it was on sale. Kloodge was in charge of security at ACME Importers, and was not a man to suffer fools lightly. His predecessor and mentor, Bob Gnarly, had tried to teach him what he thought was well, and had succeeded in imbuing Kloodge with the same miserly spirit that he himself had whilst in the role. Unfortunately, Gnarly had retired and planned to live out his years in Jamaica, but suffered from a tragic coconut accident and had died. Kloodge was asked to be a pallbearer, but declined in favour of joining a SANS webcast-his favourite thing to heckle.

Gnarly’s ghost

ACME had closed early, for it was the day before Christmas, and Kloodge was home alone and just about to settle down to a miserly feast of delivery pizza and box wine when his Xbox did the most peculiar thing. It was not the red ring of death so feared by owners, but an alternating red and green glow accompanied by a hiss of static and the distorted screen. Just as Kloodge got up to pull the power on the Xbox, a voice came forth from the television, sounding strangely like a Jamaican musician or Lectroid from the eighth dimension. “Bredren, wa gwaan? How yu bee, Kloodge?”

Kloodge’s response was both instant and violent. He threw his pizza at the screen and cowered behind his couch, saying “I knew triple Jalapenos was a mistake! Or perhaps the shrooms were bad!” He dropped his box as the image of his old mentor Gnarly, with a full head of dreadlocks, first became clear on his television and then floated out to become corporeal before him.

“Fiyah bun, Kloodge. Don’t you be knowing, tonight be the night ‘fo de Christmas, and you be any’ting but irie, mon. ACME’s security be rife wit ‘oles, bad enough a script-kiddie be a danger. I’m gonna send to you three spirits of seckuritah to set you on di righteous pat’, ‘kay?” De first, he be comin’ at di stroke o’ midnight, de second at di stroke o’ one, and di t’ird at di stroke o’ two. You pay dem heed mon, else you be facin’ some bad joo-joo. De board goin’ to outsource you all!”

Kloodge, having no idea what was happening, threw his box wine at the apparition, shouting “Bah! Codebug! Be gone, foul spirit, and haunt someone who cares!”

To which the ghost of Gnarly smiled, shook his head sadly, and said “Yeh mon, lickle more, seen,” and faded from sight. Halo 5 started on the screen of Kloodge’s television, but with a shudder and another muttered “Codebug” he turned off his Xbox and made his way to bed.

The first of the three spirits

Kloodge had just drifted off to sleep when the clock in his room changed from 11:59 to 12:00, a howling wind whipped up, and a merry spirit in a gold cloak popped out of thin air and landed directly on Kloodge’s feet. “Bloorklopeetdiddyfloobersmack!” Kloodge yelled with surprise.

“Awake, awake dear Caesar, for it is time to visit mistakes of security past. I am the ghost of bad decisions made, and it is for me to show you how you have erred in the past!” The cloaked apparition took hold of Kloodge’s comforter and yanked it away to expose Kloodge in his flannel zebra jammies. The spirit wasted no more time, vanishing with Kloodge in a cloud of vapor that quickly cleared to show a scene at a boardroom table, where the senior leaders of ACME were reviewing the next year’s budget requests with a fully dressed Kloodge rocking a polo and khakis, while the Kloodge in the onesie sat on the credenza with the ghost who had so rudely yanked him from his sleep. The CIO was going over Kloodge’s budget with a red marker, and for each item, he asked Kloodge if it was important, and Kloodge laughed and said “not really. We’ve got a firewall, ‘amiright?”

“See that, Kloodge?” asked the spirit. “This is where you backed down on your request for a messaging hygiene system when the CIO asked if it was really necessary. And what happened next? Let’s watch!”

Mists whirled to fade away and show the intern from the accounting department reading an email from ACME’s bank asking him to log on to verify yesterday’s deposits. The intern clicked the link, logged on, and in the background you could hear the sound of cash register bells and coins flowing into a pile, followed moments later by the CFO bursting in to yell “what happened???!!!”

This mists swirled and then the images resolved to Kloodge laying in his bed, the comforter pulled up to his chin, sleeping fitfully and moaning in his sleep “how many times do I have to tell you, DON’T CLICK ANYTHING!”

The second of the three spirits

Mists swirled around Kloodge again, and in the distance you could hear a church clock strike once. Just as the bell seemed like it should begin to fade, it held and echoed without change, and a lovely spirit with flowing red hair wearing a Donna Karan cocktail dress stepped out of the middle of Kloodge’s bedroom wall and announced in a voice guaranteed to catch your attention…”wake up, wake up! Silly Kloodge! It’s time to see what is happening right now! Get out of bed sleepy head, or I will clock you with a toaster!”

Kloodge was so shocked that he quite literally fell out of bed at the commotion, and popped back up holding a teddy bear and sucking his thumb. The spirit smiled, tossed the bear away with one hand while yanking Kloodge’s thumb out of his mouth with the other, and said gently “I am the spirit of bad decisions’ worse results, and tonight you get to see just how good the discount firewall is in the face of your decision not to worry about patching until next year!” The spirit twirled in her dress, amazingly not spilling a drop of the Cosmo that mysteriously appeared in her hand, and the mists once again swirled. When they cleared, Kloodge and the spirit were in the NOC at ACME. On the wall, the monitor for Nagios was showing shades of red to match Santa’s coat, but there was no green to be seen. The tintinnabulation was not the lovely sound of Silver Bells, nor even the slightly annoying ring-ding-ding of the Salvation Army bellringers, but rather the sound of the bells from the beginning of an AC/DC song. On the screen, animated like a bad movie trying to show cool hacking things, files and emails could be seen spiraling down a drain representing ACME’s Internet circuit. It was clear that someone, somewhere, was siphoning out all of ACME’s data.

“See, silly!” the spirit tittered merrily. “Hackers from Elbonia ran metasploit against your webserver, which you didn’t patch back in August when the vendor told you to, and now they have set you up the bomb! Guess who is going to be front page news tomorrow?” She took another sip from her Cosmo, made a toasting gesture to Kloodge, and asked “now tell me, how much was that patch management software again? And how much more is this mess going to cost than that?” With a laugh that morphed from a delightful giggle to the cackle of the Wicked Witch of the West, the fogs swirled again around them both. When they cleared, Kloodge was back in his bed, seemingly asleep, but his eyes were darting back and forth under his eyelids as he muttered “codebug, codebug” again and again.

The last of the spirits

The clock once again struck, this time twice, and a shadow that spanned from the floor to the ceiling detached itself from the wall and loomed over Kloodge. The temperature in the room must have dropped twenty degrees, as Kloodge started to shiver as his ragged breath fogged. Kloodge’s eyes popped open, but no sound came forth from the apparition. Kloodge stuttered and stammered and finally managed to squeak out “wh-wh-who are you then? The spirit of bad decisions’ ultimate outcomes?” A head-shaped blob at the top of the shadow nodded once, and the room went black.

The scene slowly resolved to the outside of the ACME Importer’s offices. The lights were out, the front door was chained, and the sign in the window said “Out of Business.” A newspaper wafted by, floating on a cold wind, and the shadow snatched it from the air and handed it to Kloodge. He took it hesitantly, shook it flat, and looked down to see the headline “ACME Goes Under Amid Hacking Scam.” The first lines of the front page article read “ACME today filed for chapter 13 bankruptcy amid lawsuits from consumers and employees charging that ACME failed to protect their personal data. Up to three thousand cases of identity theft have been traced back to the hack that resulted from an unpatched webserver. On top of the financial losses ACME suffered from a phishing attack a few weeks earlier, the CEO was quoted as saying “there’s nothing more to do” as he boarded a plane for an unnamed destination.” The picture showed the CEO in a Hawaiian print shirt and holding a Mai Tai with a caption reading “ACME CEO retires to a tropical island as employees’ 401K funds pillaged by hackers.”

Kloodge began to shake, then he began to stagger, and finally he tossed the paper aside and ran off into the night, screaming “patching, patching, why didn’t we just do the patching?” The perspective zoomed after him, almost like a drone with a camera was flying above, as Kloodge ran down the street and into a Starbucks, where the former CIO of ACME poured a latte, handed it to Kloodge, and said “why didn’t you tell us this could have happened? Why, why???”

Kloodge took a sip of the latte, cried out as if in pain and tossed it away saying “I take three Splenda!” and ran off into the raging blizzard that had somehow started while we weren’t looking, as blizzards in dream sequences often timesdo. As he faded into the storm, he could be heard yelling “it’s not too late, it’s not too late. I can fix this. I can, I can!!!!”

The end of it

The storm faded to black, and as the lights came back up, Kloodge could be seen at his computer, still rocking the zebra onesie, installing patch management software on one screen while reading an article on email hygiene best practices on another. His phone rang, and as he answered, a voice said “Mr. Kloodge, ordinarily we don’t do business on Christmas day, but…”

“Codebug my dear boy, codebug. Do you still have the prize firewall? The one you had hanging in your front window…ehm, I mean, the one featured on your homepage?” You could see Kloodge cross his fingers and hold his breath.

“You mean the one big as me sir?” said the voice on the other end of the phone. “Indeed we do sir, and a prize firewall it is!”

Kloodge danced a jig as he said “Delightful! I need you to deliver it round to Rob Hatchett, my assistant, quick as you can. If you get it there before lunch, I’ll by the extended warranty. If you get it there by 10:00 AM, I’ll even write a review!” Kloodge couldn’t help but giggle with glee as the excited voice on the other end of the line replied.

“My dear Mr. Kloodge, since your order for a new firewall seems so urgent, we’re shipping it out right now by reindeer express. Mr. Hatchett should receive it under his tree in the next two hours. Do you really mean to install it today?”

“Indeed I do sir, indeed I do,” said Kloodge. “I’ve been moved by the spirits of good security, and there’s no better time than the present. Besides, I hate parades, and how many times can I watch “A Christmas Story anyway? I mean, I got a Red Rider BB Gun this year, so Christmas is complete!”

From all of us at GFI to all of you, our loyal readers, we wish you a Very Merry Christmas, a Delightfully Happy Hanukah, a Joyous Milad un Nabi, a suitably dark Winter Solstice, a Festive Yule, a Blessed Saturnalia, a Happy Kwanzaa, a Fun Festivus, a Wonderful Pancha Ganapati, a Happy Boxing Day, and a Jolly Newtonmas. And if I missed anything in there, it was truly unintentional, so please leave a comment to educate me on your end of year festivities.

