One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 608638 |
| Date de publication | 2018-04-23 13:00:00 (vue: 2018-04-23 16:01:13) |
| Titre | The InfoSec Marshmallow |
| Texte |
I was listening to the Jordan Harbinger podcast the other day. If you are a student of social dynamics, listening to this podcast is the best way to spend at least one hour of your week. The producer of the show mentioned how a particular person was the type who “definitely ate the marshmallow”. This made me chuckle.
If you are unfamiliar with the reference to the marshmallow experiment, it is based on a delayed gratification test conducted back in the 1970s at Stanford University. It was designed to see if children who exercised delayed gratification would end up (many years later) performing better on aptitude tests as well as other positive life outcomes. The test was a bit complicated, and many follow up tests have been conducted over the years along the same lines. The reason it has become known as “The Marshmallow Test” is due to a more recent version of the test showing how some children reacted to the experiment.
Each child was given a marshmallow on a plate, and were told that they could eat the marshmallow now, or wait until the researcher returned, at which time they would be rewarded with two marshmallows. A hidden video camera recorded the reactions of the children as they awaited alone in the room with the marshmallow. The most popular version of that experiment can be viewed in this 3-minute video, sure to bring a smile to even the most hardened InfoSec curmudgeon.
When thinking of that video, I wonder how some of us in the InfoSec community would have fared if we were subjects of that experiment. Given the various InfoSec personality types, here are some comical thoughts about how we would perform.
The Hacker - This personality type would figure out a way to eat only the inside of the marshmallow, leaving the psychologist with a seemingly untouched specimen on the plate, thus getting the reward of the second marshmallow.
The Security Researcher – This type would poke the marshmallow numerous times to see if there are any weaknesses to exploit. Once a weakness was found, the researcher will seek a bug bounty to get more marshmallows.
The Pen tester – Similar to the security researcher, the pen tester will seek the weaknesses, however, the ultimate goal difference is that the pen tester will aim to pop the shell of the marshmallow to gain full access. The Pen Tester personality type will also be sure to have a “get out of jail free” card in case the intrusion is detected.
The Cyber Forensics investigator – this person would notate the current state of the marshmallow, tag it, bag it, and take it (and the reward marshmallow) home for further “examination”.
The Red Team member – This person would take bites from the marshmallow, waiting to get caught.
The Blue Team member – Guardian of the marshmallow!
The Security Auditor – This type would ask the psychologist for evidence about the reward marshmallow in order to achieve a “level of comfort” that the experiment is following the correct control protocols.
The Security Policy-maker – Marshmallow Policy: All marshmallows MUST be observed and not eaten until the experiment is concluded.
The Social Engineer – Of course, this personality type will convince the psychologist to watch the marshmallow while the social engineer holds and |
| Envoyé | Oui |
| Condensat | “definitely “get “level “the 1970s about access achieve admin aim all alone along also any aptitude are ask ate auditor awaited back bag based become been best better bit bites blue bounty bring bug but camera can captured card case caught child children chuckle ciso comfort” comical community complicated concluded conducted control convince correct could course curmudgeon current cyber day delayed deserved designed detected difference due dynamics each eat eaten end engineer enjoy essence even evidence exercised experiment exploit fared figure folks follow following forensics found free” from full functions further gain get getting given goal gratification guardian hacker harbinger hardened has have here here’s hidden holds home hope hoping hour how however incident infosec inside insights intrusion investigator jail jordan know known later least leave leaving life lines listening made maker many marshmallow marshmallow” marshmallows meantime member mentioned minute more most munches must new not notate now numerous observe observed omitted once one only order other out outcomes over own particular pen perform performed performing person personality plate podcast poke policy policy: pop popular position positive producer protocols psychologist reacted reactions reason recent recorded red reference remaining researcher responder returned reward rewarded room same second security see seek seemingly shell show showing similar smile social some specimen spend stanford state student subjects such sure tag take team test test” tester tests thinking those thoughts thus time times told two type types ultimate unfamiliar university until untouched various version video viewed wait waiting watch way weakness weaknesses week well when which who will wonder would years your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.