Primarily because Brooks asked, but also because there are a whole lot of days where I face the “Magic Bunny” problem.
Simply put, in any complex system – say, an application stack which has a backend database, some application servers, some presentation servers and the connecting security stuff and network stuff – there are a number of Subject Matter Experts who need to be at the table when troubleshooting. The issue is that as far as each is concerned, the other areas of expertise are the domain of Magic Bunnies. The Application folks don’t really grok the network glue stuff and so they talk about how one machine “can’t see” the other. The database guys don’t grok the need for a firewall between them and the world because it makes things difficult to administer and there is where you’ll find more Magic Bunnies.
Too often when I get called in on a troubleshooting swat team, it’s because as the security dude, I’m always more aware of the entire picture (grok the whole) than the SMEs and I can walk them through the problem from foundational Layer 0 stuff (is the data centre still there?) through to the Layer 9 stuff (is there a god who cares?) And damn if every time I sit in on one of these sessions, we don’t discover that there isn’t a nice overlap between areas of expertise and there’s a huge number of Magic Bunnies infesting our applications.
Do you have Magic Bunnies?
Is there a spray or ointment?
Chat amongst yourselves.
Or the bunny gets it.
[tags]magic bunnies, security skills, troubleshooting[/tags]