The Jedi Code and Cybersecurity

The Jedi Code and Cybersecurity

Inspiration : Inspiration

I am a fan of science fiction and fantasy genres in movies and books. Star Wars provides the perfect combination of fantasy style knights with science fiction technology. While I love the stories in movies, tv series, books, and comics, two books that are not actually stories but based on the Jedi are what inspires this page. The Jedi Code is mentioned in many books and stories, but they are laid out cleanly in The Jedi Path and The Jedi Mind. The Jedi Path is a fun book that lays out the many different sorts of Jedi and their roles. One sort of Jedi is a sentinel and some of them are concerned with technology and security. They are relevant to cybersecurity. This book also gives fighting styles and even rules on dressing and representing the Jedi Order. The Jedi Mind is a great book on mindfulness and gives great advice and ideas on how to practice and develop mindfulness through the lens of Star Wars. While finishing my master degree in informatics I had to interpret some program learning outcomes and create an online portfolio (Link to graduate e-Portfolio) so I was inspired to do the same with the Jedi Code. This is a fun project for me, I hope you enjoy this. Currently, as a substitute teacher I feel like a Jedi master with padawans. I feel that as a cybersecurity practioner I will be able to both teach cybersecurity and practice a Jedi like defense profession while being both satisfied and fulfilled professionally and personally. For a while I was debating whether I wanted to go into programming or data science, but cybersecurity is the only path that I am meant for; it is the fullest path for me. Cybersecurity is not mutually exclusive from software engineering or data science. This is my interpretation of the Jedi Code based on what I've read and how I imagine it applied. May the Force be with you!

The Jedi Code : The Jedi Code

PEACE, KNOWLEDGE, SERENITY, HARMONY, THE FORCE!

PEACE, KNOWLEDGE, SERENITY, HARMONY, THE FORCE!

The Jedi Code is about the internal mindset balancing both the external and internal world. This is essentially an is/ought battle. I enjoy the concept of is versus ought. The Jedi Code is about focusing the way we think and respond to the both internal and external struggles. In The Jedi Mind (p. 21) there is a quote from Qui-Gon Jinn: "Always remember, your focus determines your reality". In a computer science/cybersecurity world logic is important.

There is no emotion, there is PEACE : There is no emotion, there is PEACE

Of course there are most certainly emotions. Emotions must be acknowledged and not be bottled-up. The key is to externalize emotions and not let them control you and your actions. In the technology world it is important to be objective when confronting challenges. In the cybersecurity or information security world it is important to acknowledge emotions and be on the lookout for pyschological operations or social engineering. Emotions have their place in informing on a real threat, but emotions of love or anger can be disarming or manipulating. Emotions are not bad but acting on them without externalizing them can be dangerous. Recognize and acknowledge emotions; Do not supress and ignore them, but do not let them control you.

There is no ignorance, there is KNOWLEDGE : There is no ignorance, there is KNOWLEDGE

In cybersecurity everything can be figured out. Knowledge is also one of the three Jedi pillars. It is important to know or figure out how to secure assets. It is important to know and study threats and attack vectors. One important concept is to have incident response playbooks in place so that emotions and passions cannot take root during emergencies. Continous learning is paramount in technology, especially in cybersecurity. It is imperative to not only learn and review the fundamentals of security and response but to keep up with current events and developments in infosec.

There is no passion, there is SERENITY : There is no passion, there is SERENITY

This is a warning against a possessive obsession, i.e. about being well-rounded in your cybersecurity approach. Serenity is understanding that not everything can be 100% secured. Preparation with balance and within reason using concepts such as cybersecurity maturity models, risk assessments, and creating continuity plans. Using serenity, focus on the whole picture rather than blind focus on one aspect is important. Knowing that an incident will happen along with response plans and training will help to maintain serenity. Do not be blindly passionate on one aspect at the expense of balancing the whole cybersecurity picture. Focus on the task at hand is great, but it should not take up every waking moment at the expense of other cyber aspects. Don't focus on secure digital code and neglect locking the physical server door or training staff and educating customers.

There is no chaos, there is HARMONY : There is no chaos, there is HARMONY

As a cybersecurity sentinel it is important to understand how everything interacts. Networks, interfaces, applications, physical wires and signals, etc. Troubleshooting and understanding how one change can impact different aspects of the cybersecurity interests. Again, having troubleshooting and incident response training and plans in place is important to understand how to avoid confusion in seemingly chaotic environments. An incident will seem chaotic, having this mindset and being prepared will help to have balanced response to bring the environment back to harmony. I feel that as a computer science undergraduate I was tasked with dealing with organizing chaos as we mostly dealt with serverside concepts. As an informatics graduate student I had to deal with managing data from the serverside to the clientside. I feel that cybersecurity will allow me to use my technical education combined with customer service and substitute teaching experience to maximum impact in the service to both organizations and the users of cyber products. I know how to navigate seemingly chaotic environments in a harmonious fashion, because I have practiced it as a worker and educated myself in technology and data.

There is no death, there is THE FORCE : There is no death, there is THE FORCE

This is what Jedi are all about. This part of the Jedi Code is fun. The Force, like knowledge, is also one of the three Jedi Pillars. There are two concepts of the Force, the Living Force, and the Unifying Force. The Living Force is about a living beings being connected. I think a motivator for cybersecurity is protecting everybody using the internet, especially motivating is thinking about curious little kids and blissfully ignorant adults, especially older adults. The Unifying Force can be about just how we are all connected via the internet and sattelites. There is the aspect of protecting fellow beings but also the acknowledgement that we are all connected both as living beings be very connected by current technology. To become a Jedi Sentinel Slicer (Star Wars for hacker, but in the sense of technological aptitude not seedy criminal) it must also be a calling. A person can't force themselves to like cybersecurity and dedicate themselves to the profession. I can't ever be a doctor, I don't like needles or blood. I invite you to read The Jedi Path there are medical corps, educational corps, diplomats, peacekeepers, researchers, etc, and interpret the Jedi concepts to your calling. I do think your profession has to be personally fulfilling and in service to others in order to apply the Jedi Code. I might be wrong, surprise me.

The Three Jedi Pillars : The Three Jedi Pillars

The Force : The Force

Since this is part of The Jedi Code as well I will not present too much here. I will note that The Jedi Path (p. 23) says we are "unique" and "The Force gives us purpose, and compels us to share our gifts with others." I believe we all have a calling, even the introverted can contribute to society in their unique way. I personally am not extremely shy, but many of my former computer science classmates are. Probably the kind of people I want working with me in cybersecurity and who also like the Jedi Code.

Knowledge : Knowledge

It is not innate skill that is valued, it is continous learning that is valuable. In technology it is a necessity, whether cybersecurity, software engineering, or even buying a new mobile device. The Jedi Path (p. 28) states, "Ignorance is shameful only if you choose not to correct it".

Self-Discipline : Self-Discipline

This pillar emphasizes mindfulness and meditation before focusing on the physical lightsaber forms. This is about The Jedi Code all over again. This is about going back to the basics of mindfulness and balancing yourself. The Jedi Path (pp. 36-37) explains many sorts of meditations, some where you purge emotions, some where you focus on a task. But it is also about physical self-discipline.

Lightsaber Forms : Lightsaber Forms

The fun thing about Jedi is that even though balance is important and forefront, they are called to act. In cybersecurity thinking and preparing are important, but knowing how to act is valuable and essential. I will try to apply this to my nascent understanding of cybersecurity. It is fun to interpret the Jedi concepts to my chosen field of cybersecurity. In books, sparring and lightsaber forms are important to the Jedi.

Form 0: Non-Violent Solution to a Problem : Form 0: Non-Violent Solution to a Problem

Where are my computer scientists? Forms start at 0; What!? In computer science numbers start at 0, not 1 in most programming languages. Also 0 in computer science means false. The starting point is non-violence. This is poetic. Did I say interpreting Jedi concepts is enjoyable? It is!

Form I: Shii-Cho; Determination Form or Way of the Sarlaac : Form I: Shii-Cho; Determination Form or Way of the Sarlaac

This form is the basics, learning your basic strikes and blocks. In cybersecurity this is learning all of the basics, it is where I am. Even though I have substantial knowledge as a computer science undergraduate and informatics graduate, my cybersecurity learning is at this level. I am pursuing Security+ certification and practicing on TryHackMe.com. I also took many cybersecurity courses during my informatics graduate degree.

Form II: Makashi; Contention Form or Way of the Ysalamari : Form II: Makashi; Contention Form or Way of the Ysalamari

This form is knowing how to fight other lightsaber users, Form I is not necesarily against other users. In cybersecurity I would say this is understanding threat actors or even just ordinary users. Threat actors with malicious intent is obvious, but even input from innocent users needs to be sanitized in an application.

Form III: Soresu; Resilience Form or Way of the Mynock : Form III: Soresu; Resilience Form or Way of the Mynock

This form is defensive. Mostly protecting from attacks. In cybersecurity I would say this is the blue team tasked with actively defending and monitoring cyber defense.

Form IV: Ataru; Agression Form or Way of the Hawk-Bat : Form IV: Ataru; Agression Form or Way of the Hawk-Bat

This form is offensive. This is mostly attacking with agility. This could be external threat actors. But internally I feel this could be red team. Those who are tasked with finding vulnerabilities and possible exploits that have been overlooked. These are penetrations testers that actually help to defend be revealing weaknesses before threat actors can take advantage of them.

Form V: Shien or Djem So; Perserverence Form or Way of the Krayt Dragon : Form V: Shien or Djem So; Perserverence Form or Way of the Krayt Dragon

This form is counterattack. Shien is about redirecting blaster fire towards a target, while Djem So counterattacking lightsaber vs. lightsaber. In cybersecurity I feel this is about creating honeypots to study attackers or if it is a police agency taking down offending servers or military or state-sponsored actors. It could also be deconstructing code and viruses.

Form VI: Niman; Moderation Form or Way of the Rancor : Form VI: Niman; Moderation Form or Way of the Rancor

This is sort of a jack-of-all-trades, but master of none form. In cybersecurity this might mean a CISO or manager who can do the basics while delegating. Or maybe an understaffed crew who need to do what they can while they wait for hired outside expert help.

Form VII: Juyo; Ferocity Form or Way of the Vornskr : Form VII: Juyo; Ferocity Form or Way of the Vornskr

This is a dangerous form. This form allows "a Jedi to attack under the guidance of controlled passion" (The Jedi Path, p. 135). I don't think this has a place in cybersecurity in the technical aspect of digital code and networks. But maybe this can be valid for protecting against physical attacks on coworkers in a data center or somewhere sensitive by violent intruders. Also, maybe allowing passion to enter your mindset for creating fun cybersecurity games that teach employees or students can use Juyo. Or using passion to ideate creative bollards that both physcally protect a data center and provide an aesthetic improvement.

References