Where are the Protest Songs?
As a baby boomer, I grew up in an era in which popular music directly reflected the political issues of the day. I remember singing the I-Feel_Like_I’m-Fixing-To-Die-Rag while in military training, and consciously annoying many of my peers with these incendiary words:
It’s a one-two-three: what are we fighting for?
Don’t ask me I don’t give a damn!
My next stop is Vietnam!
And it’s five-six-seven: open up the pearly gates
Well there ain’t no time to wonder why:
Whoopee – we’re all gonna die.
http://en.wikipedia.org/wiki/I-Feel-Like-I’m-Fixin’-to-Die
Of course Country Joe was a crusader, but even middle of the road artists made calls to principled arms – consider this early Elton John missive:
Holy Moses I have been deceived
Let us try to find a way to make all hatred cease
There’s a man over there
What’s his colour? – I don’t care
He’s my brother – let us live in peace.
http://en.wikipedia.org/wiki/Border_Song
I sang these lyrics throughout my teens and they contributed as an ethical guide to the founding of my principles.
They were also part of a much longer, important musical tradition in which ordinary people voiced their struggles, and managed to get them heard in the music of the day. They spoke to the pain of ordinary people, as in Robbie Robertson’s lament about the struggle of the American South during the American Civil War:
Well I don’t mind chopping wood – and I don’t care if the money’s no good
You take what you need and you leave the rest –
but they should never have taken the very best.
http://en.wikipedia.org/wiki/The_Night_They_Drove_Old_Dixie_Down
Music was the voice of the oppressed, finding a receptive audience in depression-struck America during the 1930’s, when Woodie Guthrie would position businessmen as criminals, and criminals as the saviors of the poor:
As through this world you travel, you’ll meet some funny men/ Some will rob you with a six-gun, and some with a fountain pen.
http://en.wikipedia.org/wiki/Pretty_Boy_Floyd
The 1930’s depression anti-establishment sentiment was echoed by legends like Leadbelly in Gallis Pole (a song which readers may recognise as an uncredited Gallows Pole on Led Zeppelin 3), describing the corruption of the prison system – a reality which ex-prisoner Leadbelly understood very well: What did you bring me to keep me from the gallis pole?
http://en.wikisource.org/wiki/Gallows_Pole
The unions came into their own in the 1930s and, needing an anthem, adopted a slave song:
We shall not, we shall not be moved
We shall not, we shall not be moved
Just like a tree that’s standing by the water
We shall not be moved
http://folkmusic.about.com/od/folksongs/qt/ShallNotBeMoved.htm
The 1960’s led to an explosion of protest music, led by Bob Dylan who so understood the tradition that he attended Woody Guthrie’s deathbed http://www.guardian.co.uk/music/2011/jun/16/bob-dylan-woody-guthrie. Dylan, daring to challenge the post-American capitalist sentiment had the courage to openly express his contempt for the political-capital-military alliance:
Let me ask you one question
Is your money that good
Will it buy you forgiveness
Do you think that it could?
These were more than words: when Joan Baez sang of Dylan -
Where are you calling from?
A booth in the midwest
It was because he lived the ethos – abandoning the comforts that Tin Pan Alley http://en.wikipedia.org/wiki/Tin_Pan_Alley could have offered and “following Woody Guthrie’s footsteps” by traipsing across the country to experience the lives of the working men.
It is worth pausing to compare the commitment of these musicians to that of modern politicians.
Bob Marley spoke to his constituency, lamenting the effects of poverty:
Them belly full but we hungry
A hungry mob is an angry mob
A rain a fall but the dirt it tough
A pot a cook but the food no ‘nough
http://www.mp3lyrics.org/b/bob-marley/them-belly-full-but-we-hungry/
Women – and feminism – also found a voice, exemplified by Nina Simone singing defiantly:
Got my heart, got my soul,
Got my back, got my sex …
http://www.metrolyrics.com/aint-got-noi-got-life-lyrics-nina-simone.html
By the mid-70’s it was recognized that music legitimately represented the aspirations of the working class, so much so that John Lennon could say, with some cynicism: A working class hero is something to be
http://en.wikipedia.org/wiki/Working_Class_Hero
The point of all of this is that music has traditionally been the voice of the oppressed. It has found the words for those without a voice, expressed the anguish for the numb, reached the audience that could help, brought empathy to the socio-cultural sentiment.
Today there was a protest in Oakland, part of the Occupy movement. As the resentment towards capitalism grows, there is silence from the popular artists that would traditionally have reflected this struggle. I tracked the Oakland events on Twitter, reported by Anonymous – but there have been no songs speaking for this movement, no troubadours capturing the soul of the struggle in music that would clarify our collective responsibility towards each other.
The musicians that should be speaking have become a part of the system itself, and have neither the desire nor the insight to recognize their social responsibility; or care about their potential to create positive change. The torch has shifted to the social media where some democracy and conscience still exists. It feels to me as if the heart of the music has been compromised by money, and the ethic of the medium is gone.
I hope I am wrong.
Band of Brothers
When Johnny comes marching home again, hurrah, hurrah
We’ll give him a hearty welcome then, hurrah, hurrah
The men will cheer and the boys will shout
The ladies they will all come out
And we’ll all feel gay when Johnny comes marching home
One would like to think that Patrick Gilmore recognised the irony in his lyrics, but given his association with the military I doubt it. He wrote the lyrics for the men coming home from the American Civil War, and the song was used by the military on both sides, each choosing to perpetuate the myth that the soldiers would arrive home to jubilation.
The song was brought to mind this week when I was invited to a get-together by ex members of the South African 44 Parachute Brigade, commonly known as the Parabats. A couple of days later I became aware of an online fracas on Facebook at https://www.facebook.com/pages/A-Shot-at-the-Big-Time/246810415372489, generated by Janet Van Eeden’s recollections about her brother’s death on the border. Each of these discussions reminded me of my intermittent periods of duty (2 years conscription, followed by 10 years of camps), and caused me to reflect on how such an important rite of passage has faded into obscurity, while still retaining all the emotional complexity of the time for those of us that went through it.
My experience of the time was typical: I came from a family that had gone to war at every calling for three generations and for whom the willingness to support the prevailing 1970’s political opinion superseded the need to acquire a conscience. My family met any suggestion that we whites were getting it wrong with a combination of anger, scorn and mistrust – and so I followed that tradition and shouldered a rifle on patrol. It’s easy to say, now, that I didn’t fit in – but of course one adapts: I would have been as quick as anyone to return fire, and the comrades that I depended upon became as close as any friends I ever had. So despite my political leanings I have developed an affinity with those that were there, and an appreciation that not everything was – or is – as clearly defined as the media would suggest.
I had been invited to the Parabat function by D___, an old friend that had seen enough military action to change him forever. D___ was not an ex Parabat: he came from the British South African Police (BSAP) and the Rhodesian Light Infantry (RLI); but had remained close enough to matters military to have been invited himself. My perception of the Parabats was that of an elite unit – and so I was surprised when, having finally located the hall, above a pub, in an obscure East Rand suburb I found it to be mainly occupied by women and children: the Parabats were there with wives, children and grandchildren. The camaraderie between the men extended to this larger group who clearly knew one another well. The room was devoted to this use: Military Paraphernalia littered the walls, with chairs facing a podium with the Parabats Insignia proudly displayed.
I had arrived for the last meeting of the year, but the conversation still seemed incongruous: much discussion about the end of year function and debate about the cost of the meat. One member was offering self defence classes and gave a small demonstration of the approach, which elicited interest. Another talked about an upcoming function to honour the Pathfinders. The men joked with one another throughout the proceedings, showing clear affection and ribbing each other about the relative merits of their military units: it became clear that this was a meeting place for men from different military backgrounds to share a common interest. A new member had applied for membership and a vote was taken: there were no naysayers, although it was made clear that final acceptance would only be provided after further investigation.
When the meeting broke up and the members shuffled away to join a braai that was being held next to the bar, I approached the head of the group to discuss the likelihood of recording members of his group in a podcast. I was well – but cautiously – received: the organisation had been bitten by negative publicity in the past and did not want a repeat. They were happy to facilitate the discussions but left it to members of the group to comment as they saw fit.
Having achieved my objective I went down to the bar where D___ introduced me to G___ with some measure of affection and clear respect. G___ was older than us both, but wiry with a grip that reduced my hand to pain. As he spoke he would look intently into my eyes, and if they glanced away he would grip my shoulder or arm to catch my attention again. The intensity of his bearing was repeated in his manner: brusque, commanding. G___, it transpired, was an ex member of the SAS, one of the most elite military units on earth. Having seen action in the (then) Rhodesia, he made his way down to South Africa when the war ended: having been involved in such fierce and ongoing conflict he believed that it would be too dangerous to stay for fear of reprisals. D___ had remained in the new Zimbabwe for a while, but could not comfortably adapt to the new dispensation: after a brief attempt to set up home in Scotland (the home of his family’s birth), his yearning for the sun had brought him back to South Africa.
The three of us, all from different military units, reminisced – although my military experience as a conscript was years apart from that of the professional soldiers before me. G___ brushed away this comment: I had served my time and that was enough for him.
He did want to share his experiences though: after leaving Zimbabwe he came down to South Africa and joined the Recces (South African Special Forces Brigade). I asked his opinion of the Recces in comparison to the SAS: perhaps unsurprisingly he pursed his lips and shook his head. Probably to substantiate this, he launched into the tale of his last operation for the Recces, which seemed to comprise one logistical SNAFU after another, ending with a forced route march as they had been dropped in the incorrect Drop Zone. The South African trained Recces had fallen out from exhaustion while the SAS trained volunteers had pushed through; the experience left him jaundiced: he chose to resign before it all turned bad.
D___ and G___ had both gone into civilian life relatively unprepared, but gravitated towards militaristic occupations: D___ as a forensic investigator, G___ by starting a physical security company. Both had been successful – and I put it to them that this was because they brought military discipline to their professions. This seemed natural, nay obvious, to them both: they barely acknowledged the question.
It was different, though, when I asked what they would have done with their lives had there been no war: although D___ stopped to consider, G___ didn’t – couldn’t – understand the question. He was not being obtuse; the notion of a life outside the military had simply never occurred to him, and remained beyond his comprehension. For the first time all evening he remained silent. At one point he asked what I meant, but my explanation still eluded him. Eventually, I suggested that both men felt destined to be soldiers and everything else was peripheral. D___ pondered this. In Rome we would have been Centurions. In different times we would have fought for Shaka or Attila. And I understood. They believed this to have been their manifest destiny, it would be their destiny in any time – and now the war had passed, and this part of the meaning of their lives had reduced to reliving old memories and honouring fallen comrades. They lived lives unswervingly to a shared ethic of honour – principles that had been reduced to irrelevance by a changing political dispensation. No man can divest himself of responsibility for his role in any conflict – but this is not Nuremberg, and these men display pride and honour, not banality.
A week later I mentioned this to a 20-something woman at work. It took me a moment to realise that she didn’t know what war I was discussing. When I explained she was surprised then lost interest – and why not? The war is over in every way that a war can be: the battles have been lost, the memories relegated to the old, the principles cast into irrelevance by a new political context. I was born 15 years after the Second World War: it cast a shadow over everything – the cocktail discussions between my parent’s friends, the cartoon magazines, the movies, the books … but the border war has slipped into obscurity for all but those that were there. In a world with a surfeit of information, this history has shifted to the sidelines.
But I remember G___’s firm grip, and the intense way he looked directly into my eyes as we spoke, and I think that Wilfred Owen better expressed the South African experience, describing how the soldiers would return:
A few, too few for drums and yells,
May creep back, silent, to still village wells
Up half-known roads
A different view
I worked for 27 years within a bank, and only recently had the opportunity to cross the fence and join the consulting community. Change is always interesting, and I have enjoyed the experience immeasurably. I regret not having done this before although – of course – everything has it’s time.
Naturally I new it would be different (and apart from saying it’s fun I find it difficult to answer when people ask me how I’m finding it) but it has taken some reflection to realize that this change has given me a range of insights I had never experienced before.
Personal insights:
The first began immediately I had to sell. I’d always been on the other side of the table, listening to consultants trying to convince me of the viability and the importance of their solution. I never wanted to regurgitate the same phrases I’d been exposed to year on year – I don’t believe them anyway. I earnestly feel that consultancy cannot be done from a distance and requires insights into the company: that’s a difficult sell – companies want to restrict cost (and hence time on site) while I consider it reckless to offer generic guidance without engaging closely with the company stakeholders. But I found myself listening carefully, trying to pick up cues that might indicate what would sell. I realized I could say anything, and that some customers were gullible enough to listen. I was fortunate enough to have the support of an ethical company, and guidance from trustworthy peers to clarify how to remain principled and still successfully sell.
I was amazed at the speed with which small companies can get things done – in the first week of joining we had to take an important decision that would affect a tender: in the bank we would meet, debate, lobby, create minutes and document the decisions. I have seen decisions of that scale take months – in my new company we resolved it in a cellphone round-robin debate between the directors within thirty minutes. And once the decision was taken, it stood. Of course the smaller company has fewer variables (especially political) to consider; but the decisions also affect cash flow – which is often an abstract concept in a bank – so they are no less important and have a more immediate and personal impact than corporate middle-level decision-making does.
The speed of these decisions seems wonderful – but they come at a cost: organizations implement administrative processes to enforce standardized quality. I know that our informal approach has a limited applicability, and will certainly not endure if the company continues to develop at it’s current pace. The company is in the early throes of growing pains and we cannot expect to continue as we have been doing for long – the trick will be to retain the agility while embedding quality into an expanding organization.
The processes are not in place because small companies simply don’t have the support structures that corporations build for themselves. As an example: I approached a peer for advice on how to retain the best staff. His advice: give them ongoing, honest and formal feedback. In the bank, of course, we underwent six-monthly performance appraisals; and as niggly as they were to go through they gave everyone a clear indication of their responsibilities and progress – small companies seldom invest the time to formalize this. I found it amusing that the processes I felt I was escaping were to become objectives for me to re-implement in my new workplace.
I had, over the years in the bank, overseen numerous implementations of one or other solution. As a consultant it means that as much as I extoll the benefits of some solutions I also caution about the difficulties of implementation and encourage customers to take manageable steps rather than attempt grandiose ambitions. To my personal frustration I watch customers dismiss viable, nay needed solutions that I know would make all the difference; but I am obliged to step back and remember that my role is to advise only.
Vendor insights:
The first weekend of my new job I ended up at a government IT strategy session. I felt privileged to be there, and I said so to a peer from a company known for pressing alcohol onto their customers in liberal doses. He moved his hand behind his back in a gesture referencing bribery: “too much of this”. It was an early introduction to the club of vendors, competing with one another, familiar with one another but all sharing a common objective. I was amazed at the candor with which customers are discussed. Every vendor has an opinion on who is able to sign a cheque, who influences events and who wastes time. And while some vendors obviously profit from bribery I have seen total frustration amongst the vendor community when this raises it’s head. I occasionally sit at meetings where the client starts hinting – and at that point the integrity of the relationship is lost and becomes irrecoverable. It disempowers both the vendor offering honest services, and the company that entrusts individuals to act ethically on their behalf. The people profiting are arrogant, shameless profiteers. They are scum.
The slow pace of corporate administration is frustrating when you work inside the organisation – it’s doubly so when, as a vendor, you depend upon organizations over which you have no control, and they appear unable to take even the simplest decisions without months of dithering. Unless you have worked inside a corporation you can’t imagine the unhurried pace and degree of lobbying that is necessary to get things done internally, but it leaves vendors hanging, undermining their cash flow management.
Customer insights:
Of course customers are as varied as people are – ranging from those that want to listen and learn to those that are too arrogant to hear; those that have done commendably well within their organizations to those that want to hide their level of failure. Each needs to be approached in such a way that their personal needs are understood and addressed.
But there are many common recurrences when meeting with customers. Firstly, almost invariably they view me with suspicion: they suspect that I will attempt to convince them to buy something they don’t need. I frequently hear that they don’t trust consultants, or that they have been burned before. They want me to provide an immediate indication of what I will do to help them, while remaining coy about their problems. I understand that these are barriers that I have to overcome, and understand why they exist – but it underlines the cynical view that the industry holds of consulting – and suggests that consultants have a lot to ask for.
Unlike my last job where I seldom spoke to security practitioners outside of the bank, I now get insights into where the industry is at large. Many of my earlier opinions are being sadly ratified: one customer after another admits that they still face basic compliance problems that should have been finalized a decade ago. Sometimes they’re embarrassed to acknowledge what their compliance numbers are; occasionally they admit that they don’t know. In short, the literature and reality are disparate – very few organizations run themselves professionally, and I admire those that do. In the main, management seems to be wasting time and money chasing fashionable trends without first fixing the basics.
Does any of this mean anything? Probably not – I have just gained an insight into the way things have always been. But it highlights weaknesses in the way we practice security:
- Vendors are the weaker partner in the relationship. This is appropriate, but when the customer disrespects vendors it materially undermines the relationship: you can only unilaterally demand price cuts once – after that the margin will be built in up front, to everyone’s detriment;
- Customer changes – the budget cuts, the endless restructuring, the shifts in strategy – have substantial implications for the vendor community that supports them. It is – again – at the customer’s discretion to run their business as they wish; but they have little sense of the impact they have over their broader stakeholder community. They are ignorant at best, arrogant at worst – and different organizations fall at different points along that spectrum;
- Vendors also play a game: we all know of the sales teams that present a cure-all, but have little behind them to meet the expectations. The customer cynicism is not unwarranted: if we expect an ethical and respectful behavior from our customers we must be prepared to do the work to provide it ourselves, and too often vendors take the money and run.
In a perfect commercial world honorable and honest vendors would undersell and over-deliver to insightful, fair and agile customers that make the best business decisions for their companies. That’s not going to happen – there are too many vested interests in perpetuating the inequities I have described. We have the choice, though, of accepting this status quo or working within ourselves and our companies to do it better. Information Security is not a trivial undertaking – it requires focus and a willingness to do the right thing even though it comes at a cost.
Information Security is a business in which ethics matter. It pervades not only our internal actions within our place of work, but also the way in which we deal with external stakeholders. I’m glad I changed jobs – it has given me a new lease on my career and given me insights I didn’t have before – but it has highlighted the stark disparity in ethics that different people bring to the table. And without it we provide an inadequate response to the risks we face.
Changes at DiscussIT
This is a time of change at DiscussIT.
Firstly, the Securedata sponsorship of the Pubcast has ended, and has been picked up by Performanta. Securedata carried the Pubcast through the first two years of its sponsored life, and we would not be where we are without their gracious support. The entire Pubcast team extends their thanks for the support which extended to money, content, and the association at the ITWeb Security Summit. We wish you well and hope that we will continue the association.
Those that know me personally will be aware that after 27 years with my previous employer, I have taken up the position of MD at Performanta Consulting. Notwithstanding this role, the agreement I have with Performanta is that the Pubcast retains its independence, and that we will interview whoever provides interesting and relevant content. The commercial provisions of the contract will be met through the “Technology Explained” series, as it was with the Securedata contract.
In short, then, the Pubcast content will continue unchanged.
My new role, however, has opened up opportunities for me to speak to people in new industries. Furthermore, Nombulelo has expressed a desire to focus on Scamto, and so you will see more podcasts emerging under both the Scamto and After Dinner brands. We will continue to look for interesting content, and to build opportunities where individuals would like to start their own podcast brands. DiscussIT was always about democratising the opportunities for people to express themselves – and we would welcome anyone that wants to join us.
There are, hopefully, two additional changes.
We currently average 1300 downloads per episode of the Pubcast. That dedicated INFOSec audience has caught the notice of some marketers that are approaching us with commercial propositions. We hope that will lead to new, relevant content for our audience that we will continue to provide at no cost.
Finally – Nombulelo and I have always wanted DiscussIT to act as a vehicle for positively changing people’s lives. We live in a country aching for the economic transformation that will finally help us attain the aspirations of ’94, and yet the country continues to wallow in poor growth. We wish to highlight organisations that are doing the important work to grow the country for us all. We hope that you will support us in doing this.
The podcasts start next week with the first “Technology Explained” episode. In year three of an IT Security podcast we will finally get around to discussing firewalls. We hope you’ll join us.
- Tony and Nombulelo
Vic the Barber
Vic was my occasional barber. That is to say Annie was my barber, but every now and then she would be busy – or away – and Vic would step in to help me out. He was generally quiet, but amenable, and many of my monthly trims went by without comment. When he did speak, he laboured through the words, struggling at times to express himself in slang-filled and frequently profane phrases – pronounced regularly by an obvious hangover.
A small statuette of a rock singer stood next to his basin, accompanying the scissors, trimmer and other paraphernalia. It was strange that a man like Vic would retain any objects’ de art and asking about it opened a flood: he returned from the back of the store with a photo album of his glory days as the drummer of an 80‘s rock band. The pictures showed anonymous stages, some group photographs and headshots, a publicity shot of the band on the roof of a building, evidently during a German tour – clearly doffing a hat to the Beatles. It all explained his ongoing commitment to the mullet hairstyle and the designer stubble; and when he said “we could have been a great band”, unknowingly mimicking Marlon Brando on the waterfront, it was clear that he lived so in the past that the bleakness of his current circumstance eluded him. Memories of his heyday, diluted in liberal quantities of ale sustained him, and allowed him to deliver daily haircuts with no sense of failure – even if his customers sometimes left the premises with hollow depressions in their hair.
Having shared his past with me, we had become confidantes of a sort: that is to say while I exposed nothing about myself he started a monologue about himself that would continue for more than a year. I never got the whole story – Annie still attended to me and the tips I would leave whenever she was available. But as he got the opportunity he would update me.
His first concern regarded his girlfriend. He felt that our relationship permitted him to talk loudly enough for everyone in the store to hear, often leaving me a bit embarrassed – an unwilling participant to a dialogue I just happened to overhear. “Women”, he started. “You can’t live with them – can’t shoot them.”
I feigned polite interest, as if this was a reasonable assertion, but that only encouraged him to continue. “It’s my girlfriend. I love her, and that – but she wants me to support her.” I would learn that Vic had a close relationship with the phrase “and that”. It both broadened the scope of his discussion and imbued it with a sense that he was being as reasonable as anyone can be.
“She lives in the cottage in the back of my house. She used to pay rent but now that we’re together she wants me to pay for her. I told her I’m just a barber and that – but she’s not listening. So I’m going to have to tell her to leave or she must get a job”.
He paused for reflection. “It’s not my house either- so it’s embarrassing.” He lowered his voice confidentially. “Actually I live with a rich moffie. I rent a room in his house.” Moffie is a particularly derogatory South African term for homosexual men, and I repeat it here only in the interest of accuracy: Vic transparently had no sense of the insulting connotations attached to the term. He used it as easily as one would use any noun.
“It’s alright though – he tried it with me once but I told him I’m straight and that, and now we’re ok. He works at night and sleeps in the day, and I do the opposite so we hardly even see each other. Sometimes he brings men home, but it’s his house and I just leave it alone.
Our discussion ended at that point, and I didn’t see Vic for some months – Annie was back in residence. But as these things happen, Annie’s sometime boyfriend raised his fists to her again and Vic was soon in attendance. His girlfriend had found employment as a cashier, and with his immediate problems resolved Vic had turned his attention elsewhere.
“On Wednesday I was here alone and I had to go for a piss, so I locked up the shop and went to the toilets in the mall.” As always, there was no detail too inconsequential or grubby to share. “When I came back this old woman collapsed in front of me, so I got her a chair from the furniture store and got them to call the paramedics and that. I kept talking to her to keep her conscious, and all these people were just standing around. The furniture store’s manager wanted to take the chair back but I told him not to be so stupid. Those paramedics are good, hey – they got there and gave her oxygen and that in about twenty minutes.
“So as we were standing there I look to my left and there’s this blonde next to me. So I said to her that I like her hair.” Vic missed the irony, assuming this to be an entirely reasonable comment to make to strange women at the scene of a medical emergency. “So she said she liked my hair too. I introduced myself and asked her back to the shop for some coffee, and she came”.
I asked about the health of the collapsed woman. “Oh no – she died.” Vic had moved on: the woman’s death was only relevant as the vehicle for Vic’s introduction to his companion. “She likes me hey – her son works at the bank here. She drops him off in the morning then she comes here and sits with me all day.” I was about to privately reflect on what woman would find Vic that desirable – until he put my mind at rest: “She’s like Pamela Anderson – but without any tits. You know Pam?” I kept my face impassive as I assured him I did. “And she has to wear makeup or you can see how old she is.”
This was a reasonably accurate description as it transpired: in the coming months she would wander into the shop and I would watch her in the mirror. Annie asked if I had met “Barbie”, her voice thick with contempt. Annie was used to running the show in the barber shop and Barbie’s presence offended her – but neither Vic’s nor Annie’s description portrayed how gaunt she was, how big her hair was, how haunted were her eyes. Something lay in her past that attracted her to guileless, harmless Vic – he that would accept the imposed affection without question.
He did feel that she was in a different class, though, and that he should capitalize: he wanted my opinion on a burning issue quite soon. “You know my girlfriend?”. By this time Barbie had replaced the backyard incumbent. “I love her and that – but we haven’t pomped yet. I think she wants to, but I’m not sure. So on Monday I’m going to ask her to follow me to my house. I’ll go on my bicycle, she can follow me in her car. The moffie will be at work and I’ll let her in through the side door so my ex won’t see her.” He’d thought this through, but he was nervous about how she’d react and seemingly not committed to this course of action. I was sufficiently interested in events to encourage him – I remember reminding him that he would only live once and perhaps this decided him because at the next haircut he assured me that things had gone well, that this had become a regular enough event for his ex girlfriend to be taking offense: there had been words between the two objects of his affection.
Even Annie was angry: Barbie was always in the shop, interfering with activities. She didn’t mind what Vic did in his spare time but this was, after all, a place of employment. Annie’s life had taken a turn: having been invited to visit her grandparents in Greece, her pugilist boyfriend had been shown the door and she was focused on saving money for the trip: any distraction or potential impact to her tips was a serious issue. The barber shop had acquired an unpleasant tension – with Annie commenting or laughing loudly about Barbie whenever Vic was out.
Vic, for his part, had lost some of the bonhomie that had accompanied the early part of his relationship. I noticed more hangovers and he seemed to fall into longer silences. I watched one day as Barbie walked into the busy shop with a Crème Soda in hand, put it on the counter and said “Here Bokkie – it will make you feel better”. He kissed her cursorily, but I noticed it sat untouched as she waited wordlessly on the bench for the day’s work to conclude. He was realising that even Pam presented problems: he confided once, when we were alone, that sometimes he wished it had never happened. “I love her and that – but her husband knows about us and he hits her. Sometimes she comes here with bruises all over. I tell her that we should end this but what can I do? She buys me things. Last week she bought me a Snackwich. A nice one, too. You know what a Snackwich costs? I tell her that I can’t repay her but she doesn’t stop.”
That’s where the discussion stayed for two months. Christmas came and went, I had my hair cut while away on holiday. Annie went off to Greece and when I next saw Vic I ddn’t realise it was to be for the last time. Annie had returned from Greece and picked up with her boyfriend where they had left off – although the absence had changed things: she was sporting both an engagement ring and the beginnings of a pregnancy. Her new status left her self-confident. She held court, describing Greece, the pregnancy, her forthcoming wedding. She was frequently on the phone, continually greeting passers-by; it was clear that everything had changed: Vic could no more run the shop without her than he could fly.
When I spoke to Vic he was openly despondent: Pam’s husband had left, but not before beating her one last time. She found herself alone over Christmas, and so Vic had asked her to join him and the moffie for a Christmas braai. They had cooked steak, but her husband had knocked out her teeth: Vic found himself reduced to cutting it into small pieces or else she could not gum away at it successfully. Watching her bruised, masticating face, Vic’s affection dissipated – a Pamela without tits was intriguing: without teeth she became another failed aspiration. Vic understood this in his bones, but didn’t have the words: “I love her and that, but it’s not right you know? I’m a barber – there’s no way I can support her.”
By the beginnings of that summer it was all over. I went past to get my haircut and found the shop closed and partly stripped. There was a hair salon close by and I found Annie there, noticeably pregnant now. She spoke reflectively about events: Vic had been caught drunk at work and had been fired. The barber shop was closed and she had been offered employment at the salon, but she wasn’t going to stay – she intended cutting men’s hair from home once she’d had the baby – this place didn’t have the same clientele or mood. I could see her point: Vic had played a wiling second string to her chorus; here she was a pregnant hand-me-down She gave me a handmade business card with details in a large, childlike script. I agreed to call her when next I needed a trim. We both knew I wouldn’t.
She mentioned that she had heard that Vic had been seen begging for money in the mall, but she had no way of contacting him. “He’s probably buying alcohol with it”, she said, and I agreed. It was an end to an era: Vic had taken one more stumble towards an inevitable sad end, Annie had accepted whatever price she had to pay to assure a father for her child, and I retired back to comfortable conformity, deprived of a steady flow of Dickensian insights and dinner anecdotes.
Was there anything positive to be taken out of any of this? I grappled to find it – Vic and Annie had, for all their faults, highlighted their shortcomings with a naive and brutal honesty, without the sophistication to misrepresent themselves. Their openness had often been amusing, but the underlying circumstance of their lies lent a sense of pathos to it all. I hope they will be alright, but I doubt it. And I miss them.
27 Years
I recently resigned after 27 years in a bank. There were many reasons for doing so, and I won’t dwell on them here: nobody stays anywhere for almost three decades if the relationship is not mutually beneficial. The time for me to leave came as new opportunities arrived – and in the end the leaving seemed inevitable.
I had occasionally, during frustrating periods over the years, imagined what it would be like to resign: the self satisfaction of dropping the letter, the regret expressed by the company – but in the end it was not that way at all. The weight of all the years hung heavily on me, and I was aware that I was leaving a place which had become a home.
I find myself in a strange circumstance: still part of the company that has been part of me for so long – but already an outsider. People respond in different ways to the news, ranging from shock to indifference. There has been consistent support from almost everyone I know, but I am no longer an insider: I have crossed the fence.
I work in a building housing thousands of people, and yet – seeing them almost daily – I know almost all of their faces, if not their names. As I walk the corridors, wondering whether I will see all of these people again once I leave, people greet me by name. More know my name than I know theirs: age, perhaps – or simply that I have become as much a part of the landscape as the desks, the escalators, the solid sign at the entrance.
As I walk the halls and attend the meetings, I reflect on all that has happened over the years: my first day, learning how to load computer tapes; walking through the half-built administration building as they laid the services ducts; the stripper that found her way into a meeting room; the ATM robbery that occurred inside the building one Saturday while I was there; the meetings, the projects, the deadlines, the year-end parties; the people, the people, the people.
In the end the bank has been the people. It allowed me the privilege of working with a cohort of professionals for twenty years – we have dealt with the enmities and jostling of career progression and have ended, more often than not, as friends. More than anything I will miss the comradeship of the counterparts that made this bank what it is.
I was also given the opportunity to mentor and work with young people, new ideas, usually having to persuade them to have faith in their own capabilities and not let the scale of the organisation intimidate them. They have enriched me immeasurably, and I know they will still change the bank: it is their time to stamp their character and I look forward to watching how they do it.
I am joining a small organisation with big aspirations and capability: I have the opportunity to explore something new which has revitalized my sense of joy. I leave the bank with no regret – and excitement for my future. On reflection, I could not have wished for more.
Manson Tweets
Over two nights in August 1969 a group of wayward hippies, following the directives of a strange, wild-eyed, long haired messianic outcast, murdered a group of friends at a house in Cielo Drive, Benedict Canyon, Los Angeles; and followed this by killing the married couple of Rosemary and Leno Lo Bianca in Waverley Drive, Los Feliz. Their most famous victim was the pregnant Sharon Tate, a blonde, beautiful all-American actress that was waiting for husband Roman Polanski to return from England. Everything about this case reeked of sensation: the Hollywood set, the brutality of the murders, this mysterious “family” that would kill for no rational reason, the girls that followed this man. Linda Kasabian, the young woman that eventually provided the key State’s information stood as a pretty waif, emerging from unimaginable circumstances to give us all insights into a murderous, misguided subculture.
I was nine years old when Manson acquired the status of this demonic, powerful figure. To a child everything about him commanded respect and a measure of fear: he looked like a messiah, commanded a following of murderous acolytes, holding sway over an unimaginable underworld of drugs, sex, control and murder.
During the trial he carved out a cross, and then a swastika into his forehead, claiming he was “X”ing himself from the normal world. The streets outside the courtroom were populated with young girls who came to show their support for his cause, cutting the same cross and then shaving their heads in a demonstration of faith. One of his followers, “Squeaky” Fromme would achieve her own notoriety by attempting unsuccessfully to assassinate the then President Ford.
I grew up consuming the facts, starting with Vincent Bugliosi’s interesting by mildly self-serving book “Helter Skelter”, both films of the same name, the book “The Family” about his relationship with the Hell’s Angels, his co-authored autobiography. I watched Linda Kasabian’s interview with Larry King. When Bono said Manson had stolen Helter Skelter from the Beatles, it was clear that he had slotted into a central role in the pantheon of post-60’s counter-culture icons.
The Manson Family went to trial and were found guilty. Of the key protagonists, Charles “Tex” Watson found religion and runs a web-based church from his prison cell; Patricia Krenwinkle has recently been denied parole; Susan Atkins (who cruelly told Sharon Tate she felt no mercy as she stabbed her) first married, then died of cancer in prison – while Manson seems to have resigned himself to never leaving prison. Still, the mystique of such a strange and terrible event in this dreamlike time has persisted – until now.
Manson tweets under the pseudonym of “heltershelter” from Corcoran Prison, California and those of us that have long been fascinated can hear his words directly. But in those words he is stripped bare of this mantle that history has given him, revealing who he really is. Perhaps it’s because until now all of his utterances have been legitimized – magnified and given an inappropriate authority – by the newspapers, television and magazines that repeated them. McLuhan would have understood: for a brief period Manson’s persona suggested the spectre of a new class of man, transcendentally evil, more frightening even than the horrific deeds committed in his name. His stare reached out from the screens and pictures, fanning the collective timidity we feel when exposed to absolute evil.
But now he tweets, and his words need to vie for my attention against the over 200 people and organisations that I follow. Twitter democratises discourse: Manson must compete, now, not on his media-induced grandiosity, but on the quality of his intellect, the strength of his reason and his ability to entertain. We read his words and find him wanting: the frightening phrases of 1969 are transparently hollow. He proclaims himself the messiah, criticises Charlie Sheen’s Twitter antics and relishes the woes of an earthquake-racked Japan. Every phrase exists to generate fear, horror or revulsion, with a paucity of self-reflection or insight.
On the night of the Tate murders Manson told the killers to “leave something witchy” behind – and Susan Atkins obliged by writing messages on the walls in Sharon Tate’s blood. Forty years later he still searches for the messages that will inspire fear and awe, elevating his demonic presence and feeding his insatiable desire for self-aggrandisement. But we are in a conversation now, and we see his failings clearly. He exposes his contempt, his arrogance and his detachment from reality. We listen to the oracles of the demon and find them incoherent, inspiring little more than loathing.
I started to follow Manson on Twitter, hoping to hear the insights of a man that had spent a lifetime gazing squarely into the darkness: I found an old man that has never moved past his days of inglory. I weep for the horror and pain to which he subjected the innocent that crossed his path. And I reflect, again, on the power that the social media have to expose the clay feet of those that once commanded our respect.
As always, Wikipedia provides a good overview of the events, which can be found at http://en.wikipedia.org/wiki/Charles_Manson
Manson’s Twitter page can be found at http://twitter.com/#!/heltershelter
The Ross Institute for the Study Of Destructive Cults has numerous articles on the family at http://www.rickross.com/groups/manson.html
Thinking it through
Three years ago I attended an Information Security Strategy session to debate what future steps we should be taking in the organisation where I work. We had put together 12 of the South African consultants that we most respected to discuss the issue, spent two days positioning ourselves and understanding the landscape and then we got down to the nitty gritty of deciding actions.
Everybody couched their opinion cautiously: it’s not easy to identify what way a large ship should turn; but the same comments came out repeatedly: do an assessment against best practise, identify the weaknesses and build a plan of action. Compile an ISMS framework, get executive buy-in and support, review policy: nothing that we had not heard repeatedly. ISO 27000 was bandied about as the start point and the end goal. I then asked whether anyone had ever seen ISO27000 effectively implemented in any large organisation. Nobody around the table had.
I asked the same question of a senior consultant from one of the big four consultancies this week, and got the same answer: as much as ISO27000 is part of our lexicon, it is too big, expensive and daunting for organisations of any scale to have embraced and implemented. Very little has changed in three years.
I thought about this again when we recorded the 2011 preview Pubcast in January: I queried during the discussion what we were likely to see on the PCI front this year – and got an interesting response: pushback. The opinion was that PCI is perceived as too expensive for retailers to adopt that some organisations would resist, and may consider the fines to be just the cost of doing business.
And now we have the Protection of Private Information Bill, threatening to provide one more set of requirements that organisations are obliged to fulfil – if it ever finds its way to being enacted! The conference halls are full of advice on how to address the issue, the consultants have compiled their frameworks of advice; and again I find myself wondering what the impact of yet another requirement is likely to be on the InfoSec industry.
I think we can all see some immediate effects:
• An industry has built up around ISO27000, another around PCI and we will see the same occur with privacy. Every product imaginable will come pre-configured with capabilities to address the requirements out of the box. Similarly, consultants will provide insights at a cost, perform assessments and make any number of recommendations that should be followed;
• Practitioners will highlight these requirements earnestly during the budget cycle, talk about fines and reputational damage and – if they are successful – identify programmes of work that will run every risk of over ambition;
• Government will address this at the pace that government does, may choose to make examples of some intransigents, but will provide a legal requirement with insufficient resources to police it, and a juristic system poorly equipped to understand it.
Perhaps I should explain: I am not opposed to the creation of any best practise, guideline or legal framework. This is a difficult enough profession and we need whatever directives will assist. My problem is: I don’t know to what degree they will actually make organisations more secure. Because here’s the problem: these frameworks, while laudable and created with the best possible intentions are out of step with almost every other aspect of business:
• While there is a growing focus on consumer privacy, the same consumers are consciously giving away their information. The underside to the freedom of social networks is that they lull users into sharing details without a clear sense of who is accessing this information, with the result that organisations invest effort and money protecting data which is often (at least partly) in the public domain already;
• These frameworks are expensive at a time when the world has not yet emerged from a recession, and business budgets are used either on cost containment or the early phases of business growth. The same practitioners that are obliged to deliver on these requirements are struggling to access funds to do so;
• Attacks are being levelled against organisations by increasingly well funded and organised protagonists: there is an imbalance between the effectiveness of the attackers (who have only to find one weakness) and the defenders (who must defend everything). This has led to the view that organisations must adopt risk-based (and hence more narrowly defined) approaches to protecting their assets: they simply cannot afford the cost in money and effort to implement these all-encompassing models.
So where does this leave us? The models are as legitimate as they have always been. They are as valuable as they were intended to be and nobody is suggesting that they should be abandoned – but they should be seen in the context of what is appropriate in any organisation at a given time. Sometimes more value can be achieved by just fixing the obvious: I have seen organisations pursuing accreditations and building elegant risk management frameworks while not satisfactorily addressing their most basic security requirements.
There is a lot of talk about how Information Security should be aligned to the business; but business is about nuance and agility: the need to re-divert resources quickly in order to satisfy customer requirements; the need to collaborate across strategy, inbound logistics, operations, delivery and finance – and these models don’t do that. At best they provide some assurance that things are being done more securely – at worst, pursuing overambitious implementations, they layer in cost.
Information Security is – firstly – about applying thought to the state of the company and the risk it faces, then addressing the obvious risks, and ensuring that the work is in line with business requirements. The frameworks help – and provide invaluable insights – but are no replacement for the hard work of thinking the problem through, taking measurements and making the hard choices that will best assist the business.
I don’t want to be #African
I had an argument with my father over 30 years ago in which we debated identity. My view was that I self-identified myself as a South African, and considered all other South Africans as part of my community. That view enraged my dad: the only society to which he wanted to belong was very white and very Calvinistic. We never reconciled our views: to his death he railed against the new order, even as South Africa was trying to live up to the “Rainbow Nation” label that we were given.
In the post-1994 years I had to come to terms with what my viewpoint meant: I had naively associated myself with a myriad of cultures that I didn’t understand – couldn’t understand from a white privileged upbringing through the 60’s and 70’s. And my faith that we could simply reconcile was not borne out by the reality: the beer-advert utopia of a shared community was just the marketing which glossed over the reality of a still-divided South Africa in which the only shared communities were those enforced upon us at schools, workplaces and movie houses.
I have visited Nigeria, Lesotho, Kenya, Egypt and Uganda. The sight of the continent from the air has always left me feeling deeply attached to this earth; the people I met always seemed to be the best part of the visits; but I could not pretend that we are of the same blood: a cultural chasm exists between myself and the people I have met to the north. I don’t share their history; I often don’t understand the subtleties of their motivations; and our shared aspirations for Africa are borne more out of economic necessity than a desire to commune.
So when Sentletse claims that we are not all Africans (http://www.thoughtleader.co.za/sentletsediakanyo/2010/12/28/we-are-not-all-africans-black-people-are/) I understand why he would choose to make the distinction. I also don’t particularly care: I have committed myself to being South African, to sharing and trying to best develop this little corner of the continent. I have driven through Lagos: it was not home. I walked through Nairobi: it was not home. When I stood next to Lake Victoria I was overawed – but it was not home.
If Sentletse wishes to retain the distinction of being African to himself he is welcome to do so. I, however, choose to identify myself as South African. And it has been troubling to see how divisive this issue is for South Africa: this argument over one word has flooded the local social network with anger and vitriol – which Sentletse has parried with bemused superiority: he got the response he wanted and has skilfully played a game which has dramatically elevated his persona. His skill has been in presenting a coherent intellectual argument: this is not the right-wing rambling of a Steve Hofmeyer but someone who has successfully challenged the intelligentsia on their own turf. The anger that has been displayed is simply because he cannot be easily dismissed. The only winner in this debate has been Sentletse himself.
But I would ask why he chose to discuss this issue now. He deliberately chose to be provocative and salt the same wounds that have existed since before we became a democracy. We all have the right to discuss anything we want – but he orchestrated a result which has undermined our collective efforts to move on, to create a nation, to compete successfully. With everything that we could write about – the need for education, for service delivery, for reconciliation – he chose this. It has placed him squarely in the public eye – and so I would assume he considers it to have been a success.
The great leaders, the men and woman that have progressed this nation, the figures that history will remember as bringing us together achieved this by identifying and elevating the things we shared, and by allowing us to collectively aspire to be something greater than we are – not by scraping through the residue of old enmities. If being African means being divisive I don’t want it. I aspire to more.
Shifting Gears
The nature of Information Security management is that it progresses incrementally, punctuated by occasional incidents. It involves operational micro-management, patches, updates, audit responses, penetration tests and monitoring metrics. Despite the popular perception, INFOSec is more about Edward Deming than Harrison Ford.
Occasionally, though, things change. I attended an information security conference in Prague in 2000, at which the watchword was that a new reality had emerged: Information Security was progressively becoming criminalised. And although that didn’t immediately materialise, over the following years we progressively focused less on preventing defacement and more on safeguarding assets. It was the first time in my INFOSec career that I was aware that an inflection had occurred.
I had this sense again in 2008 when Conficker was shown to use professional software management disciplines, patching its own vulnerabilities and proving to be complex and difficult to eradicate. Malware development had become an organisational activity. Gears were shifting, and Graham and I discussed the issue in an episode of the IT Security Pubcast.
And in 2010 I saw gears shifting again twice.
Firstly – national INFOSec interests repeatedly attained centre stage: firstly, when China was accused of hacking Google, then when China was again accused of diverting 15% of the internet’s traffic for 18 minutes in April; and finally when Iran’s nuclear facilities were affected with a bespoke piece of cyber malware – Stuxnet. Of course political attacks are not new: we can go all the way back to Code Red in 2001 to open the conversation. But Stuxnet was not an amateur effort: it was specific, targeted and probably orchestrated by one or more national agencies. The way these things happen, it would be difficult to say whom: too many players stand to gain from the demise of the Iranian capability – but it is likely that western organisations had at least a token involvement. For a moment the curtain was drawn back and the public got a glimpse of what is likely a more regular occurrence than we suspect.
Secondly, from the release of the video of American military activity to the leaked diplomatic cables, everybody has spoken in depth about Wikileaks and I will not resurrect it again. What is important are the lessons it reinforced:
- regardless of technology, people hold the capacity to leak data;
- people will take to their keyboards to deliberately and maliciously demonstrate their support (or anger); and
- there can be substantial collateral damage in the wake of a leak. Note the attacks on Visa et al.
As a South African INFOSec practitioner this has left me musing, and I think that the following is important:
- there are some new realities – but they reinforce the need to do the job. Layered defence, micro-management, continual measurement – all of these remain as vital as they always were and we cannot lower our guard;
- but we need to apply additional focus in classifying , securing and monitoring our assets. The Privacy Bill is still a bill; PCI fines are in danger of becoming merely a cost of business and unless you are a multi national there is very little drive to aggressively curtail data loss. The travesty is that – although this is difficult – there is so much that can be done, from comprehensive awareness campaigns to Data Leakage Prevention. We need to do more because these leaks will increase so long as there are agents provocateurs like (a now common knowledge) Wikileaks and disgruntled employees;
- and – as professionals – we need to seriously consider the state of our national INFOSec defences. I am aware of good work being done by individuals in their own capacities – but government seems stalled and woefully behind the game. South Africa’s inclusion in BRIC is a measure of how important this country is becoming in the second economic colonialisation of Africa: we can expect to become progressively embroiled in the diplomacy of conquest – and the target of intelligence gathering aimed at gaining diplomatic and economic advantage. We need to account for this on two fronts:
- encouraging government to recognise the importance of this and attack responsibly; and
- where we are entrusted with defending national assets as part of our professional lives, to do so with integrity and commitment: this is no longer just a job – the professionalism we bring to ensuring continuity of infrastructure, banking, health, food production and other vital services could materially affect all of our futures.
The gears have shifted and 2011 is a slightly more dangerous environment in which to secure information. Our actions will determine whether we rise to the occasion and steer securely through this new reality. As cyber attacks progressively shift into the realm of national interest, Information Security practitioners carry a greater responsibility than we ever have before: let each of us neither underestimate the potential impact of failure, nor our accountability to ensure success.
For the Dominic White interview on the Google attack, see http://www.discussit.co.za/index.php?option=com_content&task=view&id=186&Itemid=65
For a commentary on the China diversion of the internet traffic, see http://www.renesys.com/blog/2010/11/chinas-18-minute-mystery.shtml
Wikipedia does a good breakdown of Code Red at http://en.wikipedia.org/wiki/Code_Red_(computer_worm)
I blogged previously about Wikileaks at http://olivieranthony.wordpress.com/2010/12/12/rules-of-the-game/
The Mail and Guardian have an insightful commentary on the South African inclusion in BRIC at http://www.mg.co.za/article/2010-12-29-sa-not-just-another-bric-in-the-wall
