A fool is a person who acts unwisely or imprudently. A Tool Fool is someone who unwisely or imprudently loves tools. They don’t necessarily love the tools they have; they just love tools. The more tools, the better.
Don’t be offended. We’re all fools from time to time. When it comes to our information security, we do the best we know how. We don’t intentionally act the fool, but when it comes to our tools, too many of us are the fool.
Don’t be the Tool Fool!
Here’s the top 10 things about the Tool Fool:
- Brags about their tools, but they don’t know how to use them.
- Brags about a big budget, but they can’t justify it.
- Thinks “tool first” instead of a “needs first”.
- Thinks tools fix process.
- Thinks tools makes problems easier to solve.
- Likes easy but confuses “easy” with “simple”.
- Has tools they don’t know they have.
- Advocates for tools because fools like company.
- Oblivious to they’re most significant risks.
- Knows how to use some of their tools but won’t to use them well*.
The Tool Fool costs the organization more than they know. Tool Fools waste money on tools they don’t need, don’t understand, and/or can’t use. The Tool Fool can convince themselves that their tools will keep them secure when the opposite is true. Worst yet, the Tool Fool’s work has convinced management of the same.
The Tool Fool has a false sense of security. The Tool Fool makes security worse.
The Tool Fool will be the topic for this Thursday’s Security Shit Show with Chris, Evan, and Ryan. Be sure to catch the show LIVE on YouTube at 10pm/2200 CST!
*This is relevant to a dialog between Senator Wyden (D-OR) and witnesses (Kevin Mandia, Sudhakar Ramakrishna, Brad Smith, and George Kurtz) in the recent open hearing, “Hearing on the Hack of U.S. Networks by a Foreign Adversary” before the U.S. Senate Intelligence Committee (2/23). This particular exchange happens at 1:22:08 in the recording here, and has been transcribed here.