Twas the Night Before the Breach

Twas the night before the breach, when all through the cloud, not a creature was stirring, not even those sourced through the crowd.

The policies and procedures were hung by the chimney with care, in hopes that the auditor soon would leave there.

The SecOps team were nestled all snug in their beds, while visions of SIEM solutions danced in their heads.

And CEO in her ‘kerchief, and CISO in her cap, had just settled their brains for a long winter’s nap.

When out on the IDS there arose such a clatter, I sprang from the bed to see what was the matter.

Away to the computer I flew like a flash, logged into my VPN to avoid a backlash.

The alerts on the screen gave me little on which to go, was this a threat, or someone just using IT in the shadow?

When, what to my wondering eyes should appear, but a series of SSH connections to the country formally known as Zaire.

With a trojan horse, so lively and quick, I knew it was planted by an ill informed mouse click.

More rapid than eagles the connections they came, I picked up the phone to the incident response team and called them by name!

“Now Frank! now, Peter! now, Jacob and Ian! Oh, Patrick! Oh, Ahmed! oh, and oh Sheehan! To the list of the alerts! to the top of the firewall! Now dash them away! Dash them away! Dash them away all!”

As dry leaves that before the wild hurricane fly, when they meet with an obstacle, a new tool they will buy.

So up to the value added reseller they flew, in the hope of a corporate gift, and Seahawks tickets too.

And then, in a twinkling, I heard on the phone bridge, one of my engineers was listening to Melissa Etheridge.

As I drew in my head, I told them to mute, I imagined the disclosure briefing, the CEO in a pantsuit.

She was giving a prepared statement, about our security being great. But that didn’t matter as this was a threat we couldn’t negate.

A bundle of compliance certificates she had flung on her back, but ultimately she was just trying to avoid getting the sack.

Her eyes-how they starred! her face how angry! Her cheeks were like roses, her attention on her Blackberry!

Her droll little mouth was drawn up like a bow, and her blonde hair was turning white as the snow.

The budgetary asks she held in her teeth, I told her I wanted to hire a consultant called Keith.

Keith had a broad face and a little round belly, that shook when he laughed, like a bowlful of jelly!

He was chubby and plump, but he had a CISSP and was working towards a couple of other certs which filled me with glee.

A wink of his eye and a twist of his head, soon gave me to know I had nothing to dread.

He spoke not a word, but went straight to his work, and found all the vulnerable machines, then turned with a jerk.

And laying his finger aside of his nose, and giving a nod, up the boardroom he rose!

He sprang to his Prius, to my team gave a whistle, and away they all flew like the down of a thistle.

But I heard him exclaim we were now secure, ‘ere he drove out of sight, “Happy incident free Christmas to all, and to all a good-night!”

Adapted from the original poem, by Clement Clarke Moore.

Information security professional specializing in SecOps, IR and Digital Forensics. Author of the Digital Forensic Diaries, and now, the Pen Test Diaries.

Information security professional specializing in SecOps, IR and Digital Forensics. Author of the Digital Forensic Diaries, and now, the Pen Test Diaries.