Cloud Security
Published in

Cloud Security

Cybersecurity Architecture

Learning the value of proper engineering from an old house

This past week I’ve been busy with more consulting calls, but I’ve also been inundated with issues related to my new office (in my house). If you’ve ever purchased a historic 100-year building or watched This Old House, you may have some idea what I’m going through. The room where I plan to be making videos has a cracking beam and is adjacent to a different room with a separate issue causing a sinking floor.

Upon review by multiple foundation companies, HVAC, electricians, structural engineers, contractors, and plumbers on the way, I’m starting to formulate a plan to address all the problems in the inspection report and beyond. Although the house is old, it has been upgraded previously to remove knob and tube wiring and has new joists underneath, a new roof, and a new air-conditioning and heating system.

Most of the immediate and significant problems I am dealing with are related to an addition lacking any type of structural engineering, not the original house design. The part of the house constructed in 1920 seems to be fairly solid. The back of the house is slowly sinking into the sand being washed away by the neighbor’s runoff and an improper HVAC drainage implementation, among other things.

Attempting to insert structural engineering after the fact is like trying to tack on cybersecurity at the end of a project to deploy a production system. To fix the problem the contractor evaluating my house is going to have to tear out walls and restructure things and then put it all back together another way to get the load-bearing components in the proper location.

He can’t just replace the beam because the beam may be in the wrong part of the room to support the load. At a minimum, it is not sufficient to handle the load. He needs to see the construction underneath to see the direction of the ceiling joists to ensure the beam is aligned correctly. My understanding is that joists need to be perpendicular to the beam to support the load. A second beam may be required. To determine the appropriate solution, he needs to tear out the ceiling. He will also need to tear down or at least apart a wall or two to complete some other changes I want to make to correct design flaws and handle the load.

Any work done on one part of the house may affect the load on another part of the house. The previous owner put a deck over a room that did not have a ceiling with enough support for the deck. The adjacent room next to the one with the cracked beam has a sinking floor that may be caused by the deck or a completely different issue.

To fix the sinking floor, the foundation companies proposed wildly different solutions with varying numbers of jacks from zero to about 15 to about 30. The two that said I needed jacks said they could not promise the floor would be level when they were done. They seemed uncertain or overly confident about the beam.

The contractor and structural engineer will be reviewing the situation further to make a recommendation that focuses not only on the foundation but on the whole structure of the house. When the contractor came over, he crawled under the house and on the roof. He measured different aspects of the house and analyzed the rooms to determine how it all fits together and how changing one part might affect another. Simply jacking up the house may or may not level the floors can cause cracks in plaster walls or break historic windows. And yes, that may also cause further damage to the cracking beam.

The same concept applies when choosing to make your security plans at the time of architecting a solution or dealing with the aftermath when you don’t. In my class, I always tell people, pay now or pay later. Think about your security upfront and bake it into processes and architecture. If you try to tack on security after the fact, you might have structural issues. Those issues may require tearing the whole thing apart to integrate security into your solution in a manner that will adequately protect your systems.

Like the people focusing on foundation issues, some people focus on a single aspect of security rather than your system or enterprise architecture as a whole. Some people specialize in deep knowledge of networking, operating systems, or applications. If you find someone who knows a broad spectrum of cybersecurity architecture and technical implementation you’ll get a more holistic recommendation.

2nd Sight Lab tries to provide a solid foundation for students applying cybersecurity to a cloud environment in our cloud and cybersecurity training. We cover a broad base of concepts from application development and DevOps to networking, cloud configuration, and fundamental security concepts. The goal is not to learn how to use one particular cloud feature but rather to learn how to look at cloud security holistically and reduce cyber risk.

Clients often ask me to review an architecture or plans before implementing a system or move to the cloud in the consulting calls through IANS research and more extensive projects. Having a second set of eyes on your plans before you start may save some headaches down the road. You can get confirmation that you’re moving in the right direction and possibly get some new ideas or points of view to consider as you finalize your plans.

My advice comes with a range of experience and security certifications. All of the information I provide targets getting off to a good start on your next cybersecurity project. A good solution needs to take threat modeling, risk management, configuration, infrastructure, applications, security, engineering, and the overall architecture into consideration from the start.

Teri Radichel — Follow me @teriradichel

© 2nd Sight Lab 2021


Want to learn more about Cybersecurity and Cloud Security? Check out: Cybersecurity for Executives in the Age of Cloud on Amazon

Need Cloud Security Training? 2nd Sight Lab Cloud Security Training

Is your cloud secure? Hire 2nd Sight Lab for a penetration test or security assessment.

Have a Cybersecurity or Cloud Security Question? Ask Teri Radichel by scheduling a call with IANS Research.

For a recap of cybersecurity news last week check out the 2nd Sight Lab Cybersecurity News Blog. Malware, vulnerabilities, data breaches, cost of a data breach, cybersecurity laws, and interesting cybersecurity developments.

Cybersecurity & Cloud Security Resources by Teri Radichel: Cybersecurity and Cloud security classes, articles, white papers, presentations, and podcasts




Cybersecurity in a Cloudy World

Recommended from Medium

Quick Guide to Data De-Identification in Qualitative Research Transcriptions

How to get a cybersecurity job without any experience

Alchemy Pay Introduces Virtual Cryptocurrency Cards Featuring Visa and Mastercard Compatibility

Redesigning password UX: What’s the best solution?

Finding the best Germany based RDP on the Internet.

Certification: eCPPTv2

Accelerating Ecosystem Diversification

{UPDATE} EMERGENCY Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Teri Radichel

Teri Radichel

Cloud Security Training and Penetration Testing | GSE, GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN | AWS Hero | Infragard | IANS Faculty |

More from Medium

Extremely Easy Security — Learn Cyber Attack Types in Plain English (1.2 Part 1)

Security and Compliance in the Cloud — Do it Right the First Time!

How to Map Data Sources against MITRE ATT&ACK Techniques

Boost your Cyber Security Awareness — Phoenix TS