The other day I happened to be on a train next to a woman who worked as a government employee at a DoD facility. She was talking with a man sitting next to her. It was clear from the conversation that this woman did not know the man she was talking with by the general tone of the discussion. As I tried not to listen, their conversation started to turn towards what she did for a living. The man seemed interested (unusually interested, in my opinion) in what she did, asking questions such as: where she worked, how long she had been working with the DoD group, and what she was working on recently. Some of the conversation included: how unhappy she was where she worked, some of the recent projects she was working on, where her office was, etc.

After listening for awhile (by now I wanted to hear what they were saying) I decided it was my obligation (I have a security clearance, work in the DOD Public Sector, and am a Patriot) to remind her that what we did with the government was not something we should probably be talking about in public, on a train, and to a stranger. As expected both the woman and the man were furious that I had heard their conversation (hello?! Were on a train…) and that had the nerve to interrupt them. It was an uncomfortable moment for everyone, but a necessary one.

It’s easy to forget that we may often give out information that doesn’t seem to be important. I am always reminded of the saying, “Two separate pieces of information may not be sensitive, but combining those two pieces can be sensitive”. Even seemingly irrelevant questions can be a way for someone to gauge your willingness to answer questions about more sensitive information.

In the spirit of this discussion I wanted to share with everyone a book that I believe should be required reading for everyone.

The Art of Deception:
Controlling the Human Element of Security
By William L. Simon, Kevin David Mitnick