These are the Cybersecurity Lessons from La Casa De Papel (Money Heist)

Samuel
4 min readJun 10, 2022

--

These are the Cybersecurity Lessons from La Casa De Papel (Money Heist)
Image by Jupi Lu from Pixabay

A few weeks ago, I was watching the Netflix series La Casa De Papel (Money Heist). I thought that the gang’s narrative may disclose some best practices for dealing with the security of the goods we produce.

Please be aware that this content includes spoilers. If you haven’t seen the program all the way through and plan to, please return to the article later. Alternatively, go at your own risk.

Threat modeling can safeguard you against unanticipated situations.

First and foremost, what exactly is threat modeling?

In layman’s terms, threat modeling is an analytical procedure. It is used to coordinate product development engineers with the security team. They work together to improve the product’s security architecture.

More specifically, it is the model — how the product may be attacked — and what is worth preserving (assets). They also demonstrate what they should be less concerned about.

They are less worried not because they do not care. However, protecting it might be more expensive than the item itself.

Against all odds, threat modeling can get you a long way and shield you from some scenarios.

In our “Money Heist” example, what is threat modeling? It is Professor’s (aka Sergio Marquina’s) strategy against all possible outcomes. Having options, even for the most unlikely events. The assets are definitely the stolen money or his crime partners.

A single point of failure can set off a cascade of undesirable events.

Threat modeling may assist you in recovering from a variety of security issues that may develop. After a cyber-attack, you can recover, but things will never be the same. A break in the security wall might cause a chain reaction.

Consider a lake dam with a few fractures that go undiscovered and are exploited by nature. You can always rectify it, but it may take some time for lake tourists to trust you again.

Similarly, according to a report, small businesses that face a security issue may shut in the coming months.

This is similar to the Professor, who lost respect once the gold (temporarily) disappeared. Even while his excellent problem-solving abilities aided in the resolution of the situation, things quickly became hairy.

Luck is not a long-term plan.

There are several intriguing examples of luck throughout the episode. As an example:

  • Raquel has left the police force.
  • Plans to invade the bank by the police and troops have failed.
  • Several times failing to hit the objective. Especially by troops who are meant to be expert shooters.

After all, there is an entire chapter in the pragmatic programmer book on how horrible it is to program by happenstance. It compares luck-as-strategy to the soldier who goes without a plan through a minefield.

Snitches and poor defense may offer you some more time to execute your strategy or flee. However, you must take use of it. Either carry out your strategy or flee. Always expect your good fortune to run out shortly.

Never let go of your firearms.

This is applicable not only to cybersecurity, but to life in general.

Pain is just momentary; quitting is permanent. Accept your errors, correct them, and learn from them. You are not dead as long as your heart is beating.

  • Architectural blunder? Repair it right away and re-architect the product (yeah, I know…delivery and business constraints)
  • Monitoring for underperformance? Fix it right away. Increase the number of individuals and explore how they might be more productive.
  • Are there any serious flaws in the code? Secure procedures and security-focused code reviews should be taught to your team. Purchase a license for a product such as Snyk or Nessus. Plan a proportion of your ability to repair the most serious ones.

Maintain your cool even in the worst of situations.

Consider a ransomware assault. It’s there, and it’s occurring. Screaming at people will not fix the situation.

When you can’t win against an attack, you have to do your best not to lose. Don’t get too worked up.

As the Socrates say, you must be your best self when it comes to the things you can control. And let the rest alone. Accept their offer.

The next stage of an attack is beyond your control. But you may do your best to avoid it, to avoid making the same mistakes, and to close the gaps that already exist.

That is also true for non-tech concerns. What would you do if a pipe in your house burst? First, you stop the damage and maybe provide a long-term solution (given the timeframe). Then you try to figure out how to prevent this from happening again.

Don’t lose your cool and keep your cool, like Tamayo did when he understood the gang was blackmailing him for numerous reasons.

He became enraged, blackmailed, and even mocked in the eyes of the European Central Bank. What was the end result? He was defeated, despite lying to the media about victory.

Bye Folks

Excellent cybersecurity does not come cheap. And, since there are so many potential drawbacks, it is not for everyone.

But with some discipline, introspection, and humility, you can do amazing things. Also, if you haven’t watched the show yet, you should.

Buy me a coffee

--

--

Samuel
Samuel

Written by Samuel

Full-stack developer specializing in building web applications with React.js. Constantly learning and pushing the boundaries of what's possible with code.

No responses yet