Plan B

I recently went on an international business trip and did a mediocre job planning for contingencies. What does that have to do with cybersecurity? That comes at the end, I promise.

Plan B is a must in computer operations. I have spent much of my career making sure that if Plan A goes awry I have Plan B: a tested, functional alternative which will mean that essential tasks are done, no matter what. We are in a belt AND suspenders profession.

I like to think that I am good at providing contingency plans which are not too expensive but which provide sufficient functionality when the need arises.

It turns out that I am good at the kind of analysis that I have done so often, but that I am not as good at anticipating problems in other fields.

I recently went on a business trip abroad, the first in quite a while. My, how technology has made much of the mechanics of travel easier, faster and better. My, how much I now depend on my phone.

Everything went just fine on this trip, mostly because one of my colleagues was in charge and she is terrific at this kind of thing. That meant that I had the luxury of the occasional moment of reflection. Given my profession, I spent some of these moments thinking about things might NOT have gone so swimmingly.

First of all, I realized that a huge portion of the model international travel process assumes that you have a smart phone. More than that, a smart phone that is charged, turned on and working with some kind of network connection. If you have all that, then you don't need paper tickets or boarding passes, you get real-time alerts about gate changes and delays and you can pass along those updates to support staff as needed.

At my colleague's suggestion, my carry-on bag had chargers and adapters in it, so that I could recharge my phone if needed. So far, so good. But what if something had happened to my phone? (Hacked, stolen, broken all come to mind.) I had not bothered to have paper backup, but in my defense the system is not set up to support that: if you start the process by getting a paper ticket, it is hard to make a paper backup. But I should have tried harder.

I dithered about turning on my phone's international service. I decided not to bother, since in theory I would not need it. And I did not need it, since I was being shepherded about 90% of the time, But that 10%...I could not use GPS to find my way around and these days that is how the world is set up. I can read a map, but I did not have a map and it was raining. I ended up having to memorize routes in my hotel room and then do it from memory because it turns out that I needed time to get comfortable with off-line maps and I did not leave myself that time. Next time I will turn on the international service and I think I will bring a map.

I live an almost completely cashless existence. It is easy where I live and I prefer it. But it turns out that moving around a foreign city with no cash is not a great idea. Certainly not if you want a Plan B.

Experience is an excellent teacher, but the timing is often inconvenient and sometimes the price is pretty high.

One thing I take away from this experience is the realization that I am to international travel as many of you are to cybersecurity: I think I have a pretty good idea of what it is, but I am out-of-date and inexperienced, making my confidence higher than it should be.

Don't be like me, wandering around a hotel and thanking God that my colleague had Euros and a firm grasp on where we needed to go next and how we were getting there. If you are going to need expert help in navigating a situation it is way better to know that you need the help and make sure that you get it.

Don't drift through your career with a vague sense of what is being done to keep you cybersafe. Think about what is being done and who is doing it. If you are lucky enough to have people to do that for you, show how grateful you are by asking them if there is anything they need from you. You are in this together, after all.