TSA Lessons for Security Analysts
In the past I've run several security teams, such as the Air Force CERT's detection crew and the MSSP division of a publicly traded company. In those positions I was always interested in assessing the performance of my security analysts. The CNN article TSA tester slips mock bomb past airport security contains several lessons which apply to this domain. Jason, a covert tester for the Transportation Security Administration, has been probing airport weaknesses for five years, beginning with big mock bombs before switching to ever smaller devices as the TSA adapts to evolving terrorist threats ... Even before the September 11, 2001, terror attacks, government agencies deployed "red teams" such as this one to look for holes in airport security ... But instead of running from tests, the agency has embraced the idea that testing has a value that goes beyond measuring the performance of individual screeners . Tests, the TSA says, can show systemwide security vulnerabiliti...