May the Fourth be with you: A Star Wars InfoSec Bibliography

Collecting and connecting things is a big part of what we do here at ThreatConnect. We aggregate disparate sources of threat data/intel so it’s within easy reach when you need it. We integrate a bunch of tools and techs via our platform so all that aggregated intel can be put to good use throughout your security infrastructure. We bring your intel, IR, SOC, and other cybersecurity teams together so they can collectively defend the business. And we also like uniting process to make all the aforementioned stuff work better, smarter, and faster.

We also have a bit of thing for Star Wars. By “bit of a thing,” I mean the typical stuff people do like naming all meeting rooms after Star Wars venues, life-sized cardboard cutouts, office decorations, Tauntaun sleeping bags; a Han Solo freeze mold on the wall, themed product release titles, and custom-designed T-shirts. That is normal, right?

Anyway, we were thinking what better way to celebrate May the 4th than by bringing together all the Star Wars themed cybersecurity posts we could find and then sharing the compilation with the community. Star Wars has a HUGE number of lessons for InfoSec, but it’s kind of hard to learn them when they’re scattered all over the galaxy. Well, no more – this is the Star Wars InfoSec bibliography you’re looking for.

We’ll start this off in a galaxy not so far, far away…our own blog. If I know our folks well, however, this list will be out of date quickly 😉

• Threat Intelligence and the Downfall of the Galactic Empire (Dan Cole)
• Intel’s in the way that you use it, Snoke don’t you know (Wade Baker)
• Sending Aspiring Jedi Knights to Dagobah System (ThreatConnect Research Team)
• ThreatConnect Episode IV: A New Scope (Andy Pendergast)
• Luke in the Sky with Diamonds (Wade Baker)

 

I listed ThreatConnect first, but not because we’re the most prolific writers on the subject of Star Wars and cyber security. That honor goes to Jedi Master Adam Shostack, who has done more to guard peace in the galaxy than anyone else I know. The Force is strong with this one.

• The Security Principles of Saltzer and Schroeder
  • Star Wars: Economy Of Mechanism
  • Friday Star Wars: Principle of Fail-safe Defaults
  • Friday Star Wars and the Principle of Complete Mediation
  • Star Wars and the Principle of Least Privilege
  • Star Wars and Least Common Mechanism
  • Star Wars and Separation of Privilege
  • Friday Star Wars: Open Design
  • Friday Star Wars and Psychological Acceptability
• Security Lessons from… (DarkReading)
  Security Lessons from C-3PO, Former CSO of the Millennium Falcon
• The Pentesters Strike Back (Emergent Chaos)
• Cybersecurity Lessons from Star Wars: Blame Vader, Not the IT Department (Emergent Chaos)
• Governance Lessons from the Death Star Architect (Emergent Chaos)
• What Good is Threat Intelligence Going to do Against That? (Emergent Chaos)
• The Death Star: An Inside Job? (Emergent Chaos)
• Security Lessons From Star Wars: Breach Response (New School of InfoSec)
• Threat Modeling Lessons from Star Wars (Air Mozilla)
• Cybersecurity Lessons from Star Wars: Blame Vader, Not the IT Department (Council on Foreign Relations)

 

The good folks at Securosis (and their friends) also deserve their own shout-out for their SW-themed guide to the 2016 RSA Conference site. Even though the conference is over, you should NOT have a bad feeling about reading these.

• Threat Intelligence & Bothan Spies (Dave Lewis)
• R2DevOps (David Mortman, Adrian Lane, and Rich Mogull)
• Escape from Cloud City (Rich Mogull)
• The Beginning of the End(point) for the Empire (Mike Rothman)
• Training Security Jedi (Mike Rothman)
• Attack of the (Analytics) Clones (Adrian Lane)

By not calling out the rest, I am in no way detracting from their contribution to the rebellion. Many Bothans plied to bring us this information, and I commend them all for their dedication and sacrifice. These are listed in alphabetical order according to title. Enjoy; and don’t worry if it takes you longer than 12 parsecs to make a run through them all. They’ll be right here.

• 3 Important Cybersecurity Lessons Learned From ‘Star Wars’ (Lucas Amodio; Law360)
• 5 InfoSec Lessons from Star Wars: The Force Awakens (Brian Beyer; Red Canary)
• A study of ‘Star Wars’ (Raytheon)
• Better cybersecurity might have saved the Death Star (Doug Olenick; SC
  Magazine)
• CyberPoint wants the Force to be with you when thinking about your firm’s cyber security (Jonathan Munshaw; Baltimore Business Journal)
• Cybersecurity and Star Wars (Joseph Blankenship; Solutionary)
• Data Breach Wars (Rich Mogull; Securosis)
• Don’t Succumb to the Dark Side: Security Management Lessons from Star Wars (Joanne Godfrey; algosec)
• Even Jedi Use Weak Passwords (grecs; NovaInfosec)
• Find Me Those Plans…. (Adrian Davis; The Analogies Project)
• Geekwire’s Star Wars Cybersecurity 101
  (Alexandra Yount; Staminus)
• How not to blow up your Death Star: genuine data security lessons from the Imperial Senate (piratemoggy tumbler)
• How to be a tech security Jedi: 5 lessons from the original ‘Star Wars’ movies (Corey Nachreiner; GeekWire)
• How to be a tech security Jedi: 6 lessons from the ‘Star Wars’ prequel movies (Corey Nachreiner; GeekWire)
• Key lessons for the Galactic Empire on cyber security and authentication (Jennifer Dean; Gemalto)
• Lessons Learned from the Galactic Empire (Kellman Mehu; SecTor 2012)
• May the (En)Force(ment) Be With You – Security Lessons from Star Wars (Terry Greer-King; Infosecurity Magazine)
• Raytheon Pitches New Weapons to Fix Star Wars Military Flaws (Kelsey Altherton; Popular Science)
• Star Wars Cybersecurity Parallels (Joe Gray; Advanced Persistent Security)
• Star Wars Fans Could Experience the Dark side Of Cyber Security (PGI Cyber)
• Star Wars security – Protect your imperial intelligence (Sam Pudwell; ITProPortal.com)
• Star Wars shows the dark side of cybersecurity (Raj Patel; Crain’s Cleveland Business)
• Star Wars: A New Hope – 5 information security lessons (WeLiveSecurity / ESET)
• Star Wars: The Cyber Force Awakens (Gary Hibberd; agenci)
• Star Wars: The Empire Doesn’t Fight Back on Cybersecurity (SecureLink)
• Systems, Not Sith: How Inter-service Rivalries Doomed the Galactic Empire (Ben Adams; Overthinking IT)
• The Force Awakens…Also in Cybersecurity! (Maya Nix; Deep Instinct)
• The Galactic Empire Has Terrible Cybersecurity (Alex Grigsby; Council on Foreign Relations)
• The Millennium Falcon And Breach Responsibility
• The Security Awakens: How Star Wars Teaches us About Tech (Aaron Kane; CTI Technology)
• The Worst Star Wars Cyber Security Mistakes (Tony Goicochea; TruShield)
• This video shows why the Death Star needed a cybersecurity platform (Stephen Babcock; Technical.ly)
• What Do Star Wars and Recent Data Breaches Teach Us About Cyber Ethics? (Dan Lohrmann; InfoSec Island)
• What Star Wars can teach us about cyber ethics (Dan Lohrmann; Security InfoWatch)
• What Star Wars Can Teach Us About Cybersecurity (Alex Gribsby; The National Archives)
• What Star Wars Teaches Us About BYOD and IT Security (Sean Kerner; eSecurity Planet)
• Which Star Wars characters are on your IT Security team? (Meredith Millman; Telus)

The possibility of successfully navigating all Star Wars posts in the cybersecurity field is approximately 3,720 to 1. I’m sure I’ve missed some. If you know of others, please let us know (@threatconnect or @wadebaker) and we’ll get them added to the list.
And May the Fourth be with you!