Who ya gonna call? CISOs!

A brief interlude to brighten your day, security-minded readers, as Guerilla CISO Michael Smith explains how Everything He Needs To Know About Security, He Learned From Ghostbusters. Many information-security personnel could do a lot worse.

Smith's a contractor working at a government agency and, for want of anyone else to take up the task, the de facto security officer there. Like many security folk, he occasionally has trouble explaining the job to people, including himself. And so Smith took a moment on his Guerilla CISO blog to map his general routine to the action in beloved 80's movie -- not so much the Stay-Puft Marshmallow Man (or the memorization of ISO 27001, for that matter), but the approach that best gets the job done without causing irreversible harm to Sigourney Weaver the workplace and its processes.

It's fun stuff, and few security personnel would dispute that it's best when asked if you are a god, to say yes. ("Of course I can see what you're doing when you download those pictures from 4chan, boss. I can see everything.") It's possible that other, more explicitly security-related movies feel more like your own day-to-day infosec routine (your writer's an eternal fan of Sneakers, though she hears that The Conversation is right up her surveillance-and-privacy alley), but those opening scenes of weird ghoulies sneaking through the stacks of a huge library are just about as tidy a visual metaphor for most networks as you'll find.