The ethos of skateboarding is born out of a maverick spirit. It's wrought from verve and a stubborn determination to flow on one's own terms. There's a subtle rebelliousness in carving out tight lines along hot asphalt, propelled forward by one's own power. Challenged by your physical environment, you go for it - bombing down a hill or grinding out a curb, making the most of exposed surfaces. You skate because you can. And, like skaters sharing new tricks, threat intelligence thrives on collective discovery. It's pretty rad.

From Blasé to Bad Ass

I was recently turned on to a TED talk that legendary skateboarder Rodney Mullen gave back in 2014. Considered the "Godfather of Modern Street Skating," Mullen is credited with inventing the flat ground Ollie that revolutionized skateboarding. His ability to manipulate the board, launching it up and over objects, helped morph the sport from the sedate motions of freestyle to the gritty contortions that define modern street skating. All of the sudden, skate-able terrain included seemingly impossible features, like stairs and handrails.

...all skateboarders speak a language of our own devising. We take simple movements and chunk them together in such a way that we form more complex ones.

-Rodney Mullen

About half way through his lecture he drew similarities between skaters, hackers and the open-source community. Say what? He surmises that these communities are similar, each conducive to innovation and collaboration. And he makes some good supporting points, like no one person "owns" a trick. They are shared, learned, modified and shared again among peers.

The creative process of developing code or creating a new trick are as much about breaking barriers as they are about raising a proverbial fist and shouting expletives in triumph at the status quo. Writing and committing clean code provides its own rush - a by-product of the creative process.

Rodney shares more insights on his comparison:

"They connect disparate information, and they bring it together in a way that a security analyst doesn't expect. It doesn't make them good people, but it's at the heart of engineering, at the heart of a creative community, an innovative community and the open-source community, the basic ethos of it is, take what other people do, make it better, give it back so we all rise further."

He frames his skateboarder/hacker/security analyst analogy with anecdotes that highlight the altruistic contributions to the process - whether it be engineering or skateboarding - and then seeing the creation take on a life of its own when others embrace it. "…we all rise further." Think about that. The result is a richer, organic by-product, a version of a vision that found expression and became reality. It's a beautiful thing. And yet, like skateboarding, open-source software (OSS) also carries substantial risks and vulnerabilities.

But first, what exactly is open-source software? Generally speaking, it is software that can be freely accessed, changed, used and shared by anyone. The Open Source Initiative's definition outlines 10 criteria that must be met by any software license to be labeled as such, including free redistribution, integrity of the author's source code, technology neutrality and no discrimination against persons or groups.

OSS enables organizations to continuously improve and deliver quality products. Using it can help accelerate development schedules, reduce licensing costs, and better leverage personnel. Like skating, large user communities share an interest in quickly finding solutions to do something better.

In the case of security folks, it's in identifying and fixing vulnerabilities.

Skate at Your Own Risk (Management)

The Cybersecurity and Infrastructure Security Agency (CISA) defines threat intelligence sharing as a key part of a robust cybersecurity program. It enables organizations to leverage the knowledge, experience and capabilities of a broader community to improve their security posture. Threat intelligence sharing enables organizations to continuously improve and deliver quality security. It's flexible, cost-effective and fast. Using it can help accelerate threat detection, reduce incident response times, and better leverage personnel.

In the spirit of open source, the threat intelligence community operates on similar principles of collaboration and shared knowledge. Security researchers, analysts and organizations worldwide contribute to a pool of information about emerging threats, vulnerabilities and attack patterns. This collaborative approach allows for rapid dissemination of critical intelligence, enabling faster response times and more robust defenses across the cybersecurity landscape.

A prime example of this collaborative approach in action is the Cyber Threat Alliance (CTA). Founded in 2014, the CTA is a non-profit organization that exemplifies the skateboarding collective Mullen describes. This alliance facilitates the exchange of timely, actionable threat intelligence, fostering a shared defense against cyberthreats.

The CTA's automated threat intelligence sharing platform allows members to exchange information on malware, phishing, mobile threats and other malicious activities. This real-time collaboration enables cybersecurity professionals to anticipate, identify and respond to threats more quickly and effectively.

As a founding member of CTA, Palo Alto Networks Unit 42 has its own partnership program for sharing threat intelligence. This also includes partnering with the U.S. Department of Homeland Security, the intelligence community at-large, international law enforcement and government agencies.

Another example of this collaboration in cybersecurity is VirusTotal which serves as a hub where security professionals and everyday users alike can contribute to and benefit from communal threat intelligence.

Founded in 2004 and later acquired by Google, VirusTotal allows users to upload suspicious files or URLs, which are then analyzed by multiple antivirus engines and website scanners. The results are shared openly, creating a vast, continuously updated repository of threat data.

Sharing Is Caring

Much like skateboarders sharing new tricks or open-source developers contributing code, threat intelligence professionals share indicators of compromise, malware signatures and attack methodologies. This communal effort helps to create a more comprehensive and up to date view of the threat landscape, allowing organizations to stay ahead of potential attacks.

However, this open approach also comes with its own set of challenges. The sheer volume of shared information can be overwhelming, and not all intelligence is equally reliable or relevant. Organizations must carefully vet and contextualize the intelligence they receive, adapting it to their specific environment and risk profile.

Moreover, threat actors can potentially exploit this openness by injecting false information or using the shared knowledge to refine their attack techniques. This creates a constant cat-and-mouse game where both defenders and attackers evolve their strategies based on the latest shared intelligence.

Despite these challenges, the benefits of collaborative threat intelligence far outweigh the risks. By fostering a community that values sharing, learning and continuous improvement, the cybersecurity world can better defend against the ever-evolving threat landscape. In this way, the threat intelligence community embodies the same innovation and mutual progress that Rodney observed.

So, embrace your inner Caballero, Hawk or Torvalds. Code. Skate. Code some more. And if you're going to commit, do so with the utmost confidence that Mullen has your back.

Oh, and stickers. There are always stickers, should you need a moment of further self-expression.

Stay in the Security Flow

Transform your SOC with Cortex® and Unit 42.

Public link

Please use the above public link if you want to share this noodl on another website.