A Tale of Monsters and Impending Doom

Aug. 8, 2022

Ahhh – summer holidays are here. This week, I was sitting poolside at a resort in Key West, Florida, the southernmost town in the continental United States and a testament to America’s fondness for whimsy and a good, airy place to enjoy a drink with the ghost of Ernest Hemingway. It was hot and humid as it always is this time of year, so we limited our running around while maximizing our relaxation.

At the pool, we met a nice family visiting from the Netherlands. Dad had to take a business call, so he left his wife and their three daughters to have fun in the pool. It was a pleasant time for us all until we heard the shrieks. We leaped out of our loungers to see what elicited them. There, on one of the Dutch girls’ loungers, was a four-foot iguana, raised on his front legs obviously alerted by the noisy attention.

Mom was desperately looking around for a defensive weapon to protect her daughters so I jumped up, and used my hands to ask her if I could help. She had the same English vocabulary to match my non-existent Dutch. She grudgingly acknowledged my help, so I approached the nuisance creature and shooed it away far outside the pool perimeter.

I looked back to see her family’s relief as the lizard ran across the parking lot to the bushes on the other side. I made a shrugging gesture and gave a laugh, thinking I was conveying this was no big deal and I wasn’t exactly Crocodile Dundee. She responded with a quizzical look, so I just shrugged and went back to lay down next to my wife.

Her husband returned to the pool deck a few minutes later, and I enjoyed watching the ladies explain their harrowing confrontation with the foreign land dragon in Florida. The arm gestures, the pointing, and the depictions of the creature’s size were obvious even if you, like me, cannot understand the language.

I can appreciate their excitement. Between the sinewy claws, the spiny ridges and ruffs, the colorful scales, and gaping jaws, the iguana resembles a prehistoric monster ready to rip your face off. In reality, they are normally just shy vegans looking for a leaf or bud to consume. The invasive species in South Florida has grown accustomed to humans and, aside from a few testy, territorial, old males, won’t even challenge a human. They are easily run off to seek their nourishment elsewhere.

The ladies’ initial response was quite understandable. They had no experience with iguanas, so had to make a risk decision based on the grim, lizard appearance alone. For all they knew, it could have used its muscular legs to lunge at any one of them and sink it claws and jaws into exposed flesh, causing great injury if not death.

As humans, we often make emotion-based risk decisions as well when we lack detailed knowledge of the threat and its capabilities. A classic example was the big computer virus scares of the early 2000s and the perennial compromised credit card threats. These fears were targeted at all consumers and fueled companies like Symantec and McAfee into technology juggernauts. But threats adapt and technology evolves. The ability to keep up with the dynamism is dependent on our insights and ability to recognize the capabilities of these threats.

Our security profession is one of seeking out this knowledge daily. It requires us to stay aware of emerging threats to the assets under our control and demands our vigilance to avoid the misapplication of limited tools and capabilities. Simply seeking to maximize our defensive toolset is inefficient and costly. It’s far better to invest heavily in threat identification and assessment. It allows us to use our limited resources to focus on what is important while tuning out those passive vegans passing through our lives.

About the author: John McCumber is a security and risk professional, and author of “Assessing and Managing Security Risk in IT Systems: A Structured Methodology,” from Auerbach Publications. If you have a comment or question for him, e-mail [email protected].

About the Author

John McCumber

John McCumber is a security and risk professional, and author of “Assessing and Managing Security Risk in IT Systems: A Structured Methodology,” from Auerbach Publications. If you have a comment or question for him, e-mail [email protected].