Chapter 31The Swan Effect
I love telling this story because it shows the absurdity that is common in security while also highlighting how, in this job, you have to adapt on the spot in tricky situations.
This was some time ago when I was working for another company, just building my skills and trying to show clients the benefits of such assessments.
I had been unable to go to the site physically and perform any of my normal recon, work that is vital to understanding the layout, the employees, and the patterns of life that are so critical to finding security flaws.
Often, during recon, I would be fortunate enough to gain access to an employee's security pass. Many times, I would sit and stake out a building with a high-power camera to take photos of badges and mock up fakes to use for gaining access.
I had been hoping to get a security badge for this company, as it was pretty tight from what little I could glean from descriptions; this was before Google street view, if you can imagine that.
I had a stroke of luck, as often comes with this type of work. Out of the blue, I heard that one of the sales guys in our company was going to visit the client to hash out some other work they wanted from us. I called the sales guy and persuaded him to help me infiltrate.
He found himself the willing bit-part in what must have felt to him like a spy novel. His mission was clear, I told him.
“Walk in and get your visitor badge, as normal. As soon as you can, excuse yourself to the bathroom, ...
Get How I Rob Banks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.