Is Your Security Glamping, Car Camping, or Backpacking?

On a recent camping trip I reflected on the different types of camping that exist. It made me think about all the different security environments out there and their level of maturity. Let’s go over them together in this fun thought exercise.

Glamping

Glamping (Glamorous Camping), defined as high-end luxury “camping” ranging from $300 to $3000+/night and can include hot tubs, dine-in service, and big screen TV’s in the forest is the best “camping” you can buy. Although, I don’t personally consider this camping, let’s for the sake of argument include this.

Glamping Security

The security version of Glamping is an organization with a seemingly unlimited budget for security. The ability to pay for the best talent and tools, and on top, leverage and influence in the organization to implement strict policies and procedures. Examples of this may be a publicly run company in the finance or crypto space, or public tech company with lots of sensitive data.

Car Camping w/Running Water

This type of camping is where you drive your car up to the campsite and setup camp alongside. You have running water and full facilities nearby (showers, sinks, full toilets/bathrooms). You can carry a big cooler with you and it’s essentially like a BBQ in your backyard since you brought so much food, but light a fire and still sleep in a tent.

Car Camping Security (w/Water)

The security version of this is an organization with a full-time CISO, decently sized team, and budget, but not unlimited. They have somewhat mature processes, but may have some, but not major, difficulties in either hiring, vendor management, or tools, but not likely all three.

Car Camping - No Running Water

Same as above, but you bring less food and you have to bring your own water and you only have access to portable bathrooms, which are probably full or almost full making many of the group really decide if they have to go or not. These constraints force you to be a little creative but more importantly resourceful with what you have.

Car Camping Security (No Water)

The security version is maybe an organization with a Head of Security reporting to the CTO and maybe a couple security engineers and a compliance person. They have some commercial tools, but most tools have to be OSS or homegrown, which is not necessarily a bad thing. They’re probably sharing their “SIEM” with engineering’s logging tool and not their own full-fledged SIEM. They may even be doing SOC 2 Type I.

Hike In Camping

Ok, now we’re getting to real camping. This is where you have to hike-in to the campsite. It can be half a mile to 5+ miles from where you park. That means you can’t carry a cooler with you or go back to the car anytime you want something (nor sleep in the car if it’s too cold or uncomfortable). You have to carry everything you need with you on your back, including food and sleeping gear. For fresh water, you have to carry the water in or filter water from a nearby source.

Hike In Camping Security

The security version of this is the lone security engineer. This security engineer was brought in to address critical security needs, but over time has come to compliance questionnaires, and gets tasked with SOC 2. The engineer was told they would get more people to help, but it’s yet to be seen.

Just like Hike-In Camping, it cannot be done for extended periods of time without replenishing support.

Backpacking

The most hardcore of camping where you go for miles and miles with just what you have on your back. Maybe you might live off the land by finding edible berries and fishing, but in any case it’s just you and the wilderness.

Backpacking Security

The security version of this is no full-time or partial security hire at all. So many companies are running this way. Oftentimes security is being managed ad-hoc by a good Samaritan Engineer or maybe the Head of Engineering if you’re lucky. There are no official security reviews when products are formed / created and security is generally an afterthought unless something happens or someone brings it up in a meeting on their own.

What’s your camping style?