Articles

Get Off the Device, & Onto the Ice

Derek White
Director of Business Development
This article is written based on CMMC version 1.02, and may not reflect the updated requirements of CMMC 2.0.

For the latest information on CMMC 2.0, please click here.

How many of you have “outdoor skating rink + information security” on your analogy bingo card for 2022? If so, you're about to have a skate up on the competition.

Last year, as the COVID pandemic caused many of us to be confined to our homes and digging deep for creative ways to avoid going stir crazy, my neighbor and I decided to build an outdoor skating rink (ODR, and yes that’s an abbreviation used in the community). We figured, since it’s winter, we need to get the kids outside and capitalize on enjoying what “being a kid” should mean. We even created a slogan: “Get Off the Device, and Onto the Ice.”

As two NON-hockey families born and raised in Minnesota, it’s our moral (maybe even legal?) obligation to teach your kids how to skate on ice. One night, while using the Zamboni I built (more on that shortly), I started to realize how the process of building and maintaining an outdoor rink is a lot like building and maintaining a security program.

Hold on, what did he just say?” Stay with me…we’ll have fun with this.

Environment Matters

One of the first things a rink builder needs to understand is the environment of where the rink will reside. We live in Minnesota, which from a weather perspective, is much different than living in, say, Boston or Ohio, which makes it much harder to maintain good skating ice (yet people still do in those areas). In Canada or Alaska, it’s obviously easier. For example, as I write this, the temperature in Minnesota is going from a balmy 40°F, to -8°F in less than 24 hours.

Similar to the business world, every organization has a different environment in which they operate. All sorts of factors determine what it means to build an information system, and then protect that information with a security program. Factors like industry, size of the organization, and growth strategies are just a few that come to mind.

For an outdoor rink, factors like: How level is the ground? How much water is needed? How tall do the boards need to be? How much additional support is needed to hold the water/ice weight? How much sun hits the rink each day? How cold/warm is this season’s weather going to be?

As ridiculous as some of those sound, those factors are the difference between an awesome rink or an embarrassing & frustrating failed attempt at a rink.


Maintenance

Once the rink is built, the focus starts to shift to front-end maintenance (i.e. – getting the ice ready to handle skaters). Sound familiar to those who have built IT environments from scratch? It should. Taking time on the front end saves 10x as much time “fixing” down the road. More on that in a second…

So, what tools are needed for the front end and on-going maintenance? Sure, you can make a list of every tool or service you “want” that’s available in the market, but just like any organization, you have to be practical. I’ve yet to hear someone tell us “we have an open checkbook for all things IT and security, so do what you want.”

First, you need to survey what you have access to today (shovels, water access, hoses, etc.), versus what will require planning and investments at a later date (better shovels, warm water access, better and longer hoses, etc.). More importantly, and just like in business, you need to learn what works best for your rink. Same goes for a security program.

During “Year One” of building and maintaining our rink, it was a massive game of research, planning, and feeling confident in the decisions we were making. Does that mean we were 100% confident? Not even close. I had plenty of nightmares of the rink giving way and flooding out my neighbors, and some that looked more like a fast moving glacier taking out a home or two.

Yes, those nightmares really happened, which I’ll assume most IT and Security Officers can relate to. 😊

Now, during “Year Two”, I’m still making adjustments and improvements to the process. There really isn’t a “finish line” because, as mentioned above, things change and can be unpredictable (weather, specifically). You’re constantly learning and preparing for different scenarios, from the analysis of your environment.

As we increase our “tool belt”, we’re now more prepared for everything from random warm temperatures, heavy wet snowfalls, ice storms, leaves freezing into the ice, then melting their way to the top…which does happen…and thus, resulted in an investment in a propane torch! Who doesn’t love an excuse to own a "flame thrower"?


Monitoring, Patching, and Responding

Lastly, the not so "fun" part. Monitoring is everything! Paying attention to weather forecasts and how it aligns with your schedule, to learn what works best for each weather type, to the unexpected rodent chewing on your liner and causing leaks (yes, rodents are a very real problem that makes my eye twitch). If you aren’t monitoring what’s normal vs what’s not, how can you prepare to make corrections/improvements to solve problems?

Patching. Yes, patching. You have to patch the ice often in Minnesota. As frigid temperatures arrive, specifically following warmer temps, the ice cracks. Like an ice cube being dropped in a glass of water.

Cracking in the ice, although very helpful in strengthening the ice, causes chipped ice from skates, poses an injury risk if skates are to get caught in them, and can lead to more maintenance work if not addressed properly. Bad ice = harder skating = less excitement from the kids (hashtag sad face).

When it comes to patching, I called for some help…just like many IT and security professionals do. I went with the “entry-level” route…aka the kids! We take a buck of slush, fill in the cracks, smash the slush with hockey pucks (they love that part), let it freeze, skate on it…then Zamboni it! Yup, you read that right, a Zamboni…

This brings us to, responding.

Rink masters & IT/Security officers should always be “on-alert” and ready to act during critical situations. Running the Zamboni (or a homemade Zamboni, properly called a Homeboni) is the difference between smooth ice and choppy/flaky ice. (See below)


After each skate, the ice needs to be cleaned off and resurfaced. Sometimes that requires a squeegee process to help push shavings back into skate marks, to shoveling off a large snowfall, then squeegeeing, then zammin’ (now my favorite word during the winter). Sometimes it’s so bad that a snow blower has to be used (for those in warmer parts of the World, snow blowers are a real thing, I promise).

This process can easily take an hour or two, along with lots of sweat, because it has to be done. Is it fun? Not particularly (besides the zammin'). Is it inconvenient? Yes. Sounds a lot like the cybersecurity and IT industry, doesn’t it?

Periodic assessments, adjusting how often testing is done on the network, and adjusting to the evolving threat landscape (have to know you’re environment, remember??) are things that have to be done in order to maintain a good security program. No good security officer or IT manager gets to say “Nah, it’ll work itself out” with that type of responsibility.

“Why do we do this?”

Yes, building and maintaining a security program is a shade more important than an outdoor ice rink. I’ll concede on that argument. BUT, and hear me out on this, both are similar in nature because both are typically under-appreciated.

If the computers are working, they must be good, right? It’s cold out, so it’s easy to keep a smooth surface on a slab of ice, right?

Wrong.

We do it because it’s rewarding. Taking the time to research, prepare, build, maintain, analyze, monitor, adjust, improve and maintain some more…so others can have an enjoyable experience.

That is why we do it.

Does it come with a sense of pride? You're damn right it does. Does it cause some weird addictive tendencies and obsessions to always try and make it better? It better, otherwise you're doing it wrong.

If the end goal is to feel satisfied someday when looking back and knowing that your organization was never crippled or damaged by a cybersecurity incident or a breach, you’re in the right industry.

For us, the goal is to create memories that will be discussed for years to come. To hear the kids share memories about spending endless hours on the rink, even if only for an 8 to 10 week window during the winter… that's the ultimate reward as a rink master.

Derek White
Director of Business Development
Derek’s success comes from his customer first mentality, utilizing collaboration between security and technology, to create positive outcomes & compliant solutions.
Part of the most relevant industry groups and committees

Get a 30-minute demo from a cuick trac™ product expert

You've made it this far, now let us show you why cuick trac™ will be the smartest decision you'll make this year.

Schedule a quick product tour
See how we can secure your CUI in less time, with less effort, and more features than any other DFARS compliance products in the market.