avatarTeri Radichel

Summarize

Cybersecurity Architecture

Learning the value of proper engineering from an old house

Related posts on: Cloud Security Architecture

Free Content on Jobs in Cybersecurity | Sign up for the Email List

This past week I’ve been busy with more consulting calls, but I’ve also been inundated with issues related to my new office (in my house). If you’ve ever purchased a historic 100-year building or watched This Old House, you may have some idea what I’m going through. The room where I plan to be making videos has a cracking beam and is adjacent to a different room with a separate issue causing a sinking floor.

Upon review by multiple foundation companies, HVAC, electricians, structural engineers, contractors, and plumbers on the way, I’m starting to formulate a plan to address all the problems in the inspection report and beyond. Although the house is old, it has been upgraded previously to remove knob and tube wiring and has new joists underneath, a new roof, and a new air-conditioning and heating system.

Most of the immediate and significant problems I am dealing with are related to an addition lacking any type of structural engineering, not the original house design. The part of the house constructed in 1920 seems to be fairly solid. The back of the house is slowly sinking into the sand being washed away by the neighbor’s runoff and an improper HVAC drainage implementation, among other things.

Attempting to insert structural engineering after the fact is like trying to tack on cybersecurity at the end of a project to deploy a production system. To fix the problem the contractor evaluating my house is going to have to tear out walls and restructure things and then put it all back together another way to get the load-bearing components in the proper location.

He can’t just replace the beam because the beam may be in the wrong part of the room to support the load. At a minimum, it is not sufficient to handle the load. He needs to see the construction underneath to see the direction of the ceiling joists to ensure the beam is aligned correctly. My understanding is that joists need to be perpendicular to the beam to support the load. A second beam may be required. To determine the appropriate solution, he needs to tear out the ceiling. He will also need to tear down or at least apart a wall or two to complete some other changes I want to make to correct design flaws and handle the load.

Any work done on one part of the house may affect the load on another part of the house. The previous owner put a deck over a room that did not have a ceiling with enough support for the deck. The adjacent room next to the one with the cracked beam has a sinking floor that may be caused by the deck or a completely different issue.

To fix the sinking floor, the foundation companies proposed wildly different solutions with varying numbers of jacks from zero to about 15 to about 30. The two that said I needed jacks said they could not promise the floor would be level when they were done. They seemed uncertain or overly confident about the beam.

The contractor and structural engineer will be reviewing the situation further to make a recommendation that focuses not only on the foundation but on the whole structure of the house. When the contractor came over, he crawled under the house and on the roof. He measured different aspects of the house and analyzed the rooms to determine how it all fits together and how changing one part might affect another. Simply jacking up the house may or may not level the floors can cause cracks in plaster walls or break historic windows. And yes, that may also cause further damage to the cracking beam.

The same concept applies when choosing to make your security plans at the time of architecting a solution or dealing with the aftermath when you don’t. In my class, I always tell people, pay now or pay later. Think about your security upfront and bake it into processes and architecture. If you try to tack on security after the fact, you might have structural issues. Those issues may require tearing the whole thing apart to integrate security into your solution in a manner that will adequately protect your systems.

Like the people focusing on foundation issues, some people focus on a single aspect of security rather than your system or enterprise architecture as a whole. Some people specialize in deep knowledge of networking, operating systems, or applications. If you find someone who knows a broad spectrum of cybersecurity architecture and technical implementation you’ll get a more holistic recommendation.

2nd Sight Lab tries to provide a solid foundation for students applying cybersecurity to a cloud environment in our cloud and cybersecurity training. We cover a broad base of concepts from application development and DevOps to networking, cloud configuration, and fundamental security concepts. The goal is not to learn how to use one particular cloud feature but rather to learn how to look at cloud security holistically and reduce cyber risk.

Clients often ask me to review an architecture or plans before implementing a system or move to the cloud in the consulting calls through IANS research and more extensive projects. Having a second set of eyes on your plans before you start may save some headaches down the road. You can get confirmation that you’re moving in the right direction and possibly get some new ideas or points of view to consider as you finalize your plans.

My advice comes with a range of experience and security certifications. All of the information I provide targets getting off to a good start on your next cybersecurity project. A good solution needs to take threat modeling, risk management, configuration, infrastructure, applications, security, engineering, and the overall architecture into consideration from the start.

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2021

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
Security Architecture
Security Engineering
Cybersecurity
Cyber Risk Management
Cybersecurity Strategy
Recommended from ReadMedium
avatarTaimur Ijlal
AI GOVERNANCE Is The Cybersecurity Job Of The Future .. Here Is How To Learn It

A Simple Guide To Start Your Path To AI Governance

5 min read
avatarStefan Bargan
Essential Tools for SOC Analysts

As a Security Operations Centre (SOC) analyst, having the right tools at your disposal is crucial for effective investigation, reputation…

3 min read
avatarHelen Patton
Cybersecurity: When is “Good Enough” Good Enough?

Considering Best of Breed in Security Solutions

4 min read
avatarTyler Wall
Lessons from 10 years in Cybersecurity

I started in the cybersecurity scene in the early 2000s and becoming mature is about learning what to ignore.

7 min read
avatarBill Mathews
Confessions of a Recovering Cybersecurity Creature #2

Story 2: When Consultants Attack

5 min read
avatarLuke Pivac
Systems Thinking in Agile Program Management

Agile program management is a dynamic and iterative approach that focuses on delivering value through flexible planning, progressive…

3 min read