The Michael Scott Theory

I'm a big fan of "The Office."  Particularly, I love the insane things that Michael Scott says.  One of my favorite Michael Scott quotes is "Wikipedia is the best thing ever.  Anyone in the world can write anything they want about any subject.  So you know you are getting the best possible information."

Of course, this method of thinking is completely wrong.  But I realized during my latest re-watch of this episode that Michael Scott is on to something.  No, of course everything we read online isn't accurate.  But lots of people think that's the case.  Let's apply it to network security.  I had someone tell me recently while we were working on a firewall issue that they had configured it a certain way because they read something about it on a forum.  The person on the forum making the recommendation seemed very knowledgeable, so this customer had taken the suggestions and applied it to their own device.  I had to explain to the customer that the configuration wasn't secure, and that the information they had gotten from the forum was inaccurate.  They changed their configuration once I explained the best way to do it, but it means that their firewall had been running with a configuration that wasn't as secure as it should have been.

It's something we all have to be mindful of when we are dealing with the security of our networks.  There are lots of people and companies out there that think they are experts on the subject, and so they speak in a way that makes us believe them.  We have to be smarter than that, though.  Just because someone says they know network security doesn't mean they do.  If we are going to trust them to make recommendations, we have to make sure we have vetted them out and verified that they have the knowledge and expertise they say they do.