• United States




‘Nuff said!

May 09, 20197 mins
Application SecurityCyberattacksCybercrime

The Marvel Cinematic Universe started in comic books as the creations of three main visionaries: Stan Lee, Jack Kirby and Steve Ditko. They weren’t always successful. Through following the vision of their creators, a new group was able to build on their vision and achieve stunning successes like Avengers: Endgame. As a new generation of security leaders emerges, they have the chance to build on the vision of improved security from this industry’s original ones, much like the Russo brothers built on Lee, Kirby and Ditko’s vision.

avengers wallpaper
Credit: Moviemania

[Caution:  Mild spoilers for Avengers: Endgame and Captain Marvel below.]

When I was a kid, I taught myself how to read by reading comic books when I was 4-5 years old.

While I know this isn’t the path that an average educator would ever recommend, and probably explains a lot about me and my personality, it did introduce me to Stan Lee’s Soapbox in the issues of the “Incredible Hulk.”

The end of every issue had the reader letters and editor’s responses. At the end of almost every letter was Stan Lee exclaiming “’NUFF SAID!” Stan Lee had incredibly funny responses to reader mail, and almost always ended with that catchphrase.

When I saw Avengers: Endgame and watched him drive off into the sunset the last time in a white car with the bumper sticker of “’Nuff Said!” I realized that this was more than just a symbolic moment. This was the last time he would appear in a Marvel film, and was the second time he did so posthumously, with the first being in Captain Marvel. He appeared as a cameo in almost every single Marvel Comics movie, including the excellent Deadpool series, and in a central role in Mallrats, which Captain Marvel also paid homage to.

Marvel: The visions of Stan Lee, Jack Kirby, Steve Ditko and recovering from bankruptcy

Stan Lee was one of three artists primarily responsible for the Marvel Comics Universe, with the others being Jack Kirby and Steve Ditko. He was the last surviving one of the three. Their impact on modern entertainment is only underscored by the popularity and cinematic impact of the MCU, which combined at this point have made over $20 billion at the box office worldwide.

It always wasn’t this pretty. Marvel Comics went bankrupt in the winter of 1996, mainly due to speculators crashing the entire industry and trying to make money off of collectibles. They sold off the movie rights to a number of their characters years beforehand. They were so bad at making movies that the idea of a Marvel comic book movie was a joke, with Howard the Duck, The Punisher with Dolph Lundgren and the Roger Corman-directed Fantastic Four given as prime examples.

They started small with Blade, starring Wesley Snipes, and were able to prove their mettle with the X-Men series and Iron Man. They built from there to the juggernaut they are today. The acquisition by Disney gave them the strategic planning ability they needed to achieve this vision. Their recent acquisition of Fox Studios and the movie rights to a plethora of other Marvel characters gives them a future slate of new characters to use (especially Deadpool).

These forces culminated in one of the biggest box office openings of all time with Avengers: Endgame, which emphasized that this MCU film series is the highest grossing ever, beating out Star Wars and Harry Potter. The visions of Lee, Ditko and Kirby were made complete by Disney and the Russo brothers.

What can we learn from this as information security professionals?

We have a number of professionals who built this industry into what it is that are now retiring or are at later stages of their careers. People such as Steve Katz, Craig Shumard and Dr. Gene Spafford are the reason many of us are here and following the best practices that we do, because they established them. They built the vision and the platform that this current generation stands upon. They facilitated the communication and mentoring for us.

We need to enable the current generation who is leading and mentoring, and make sure that we carry that vision onwards. This industry has come from nothing to be a multi-billion-dollar behemoth that employs millions and influences decisions of CEOs and boards. While it may have gotten its start differently, it’s completely changed from what it was.

How is security like the evolution of Marvel?

Comic books started as something that were for children. They became big business in the ‘90s, crashed and had an impressive rebirth due to movies and video games. There are both kids and adults who enjoy them.

Security, likewise, started with intrepid explorers figuring out what computers and systems were capable of, not designed to do and moved into big business. Now we use technologies such as Kali Linux, Raspberry Pi, Arduino and the numerous open source technologies to further explore in many ways, while there are multiple billion-dollar companies that also handle security. We have both these explorers and people who discovered security as part of their job or education in this field, oftentimes working together.

Avengers: Endgame was the culmination of the vision of Kirby, Ditko and Lee by a new generation spearheaded by the Russo brothers. It is the gateway to new adventures over the next decade, especially with the acquisition of Fox Studios by Disney. The current transition and handoff to the next generation of security leaders will lead to the combination of the old-school explorers, people who learned on the job or in the armed services and people who went to school for security to build our future. Everyone shares an interest in security, even though they started in different places.

What do security leaders need to do?

Our leaders need to know how to work with the different groups of people in information security now, understand their differences and work to keep everyone educated. We need to focus on what we do best, which is to educate ourselves, teach others and work in the spirit of exploring, discovering and educating others.

We need to avoid the drama, the personalities who look down on others with insults and disdain and the rampant issues that plague the gamer community. We’re better than that. We need to continue to work to address the perception by some that hacking should be criminalized, and that reverse-engineering, discovering new unintended uses for products and backing up legally owned data should not be penalized either.

We have to continue to build security into what we have, and make it accessible to everyone, not something that is the providence of a few who hold it back from others until them deem them worthy.

We need to tell the story to everyone and open the market up from just people willing to buy comic books. Marvel was able to transition to a much larger market through excellent storytelling and staying true to the original visions of Kirby, Ditko and Lee. We need to stay true to ours and continue to message correctly. We cannot buy Security. It is not the provenance of a guild designed to keep others out or our customers mystified. It is not our job to spread or facilitate fear, uncertainty and doubt.

It is our job to combat fear, misinformation, encroachment on our privacy and security, and misuse of our data.

It is our job to combat misinformation and manipulation on social media and advertising by governments and scam artists, to work to have laws and legislation that protect our rights and prevent others from using technologies against basic human rights.

It is our job to lead and improve the world around us through exploring, education and empowerment, not just benefitting a select few.

‘Nuff said!


Mitchell Parker, CISSP, is the Executive Director, Information Security and Compliance, at Indiana University Health in Indianapolis. Mitch is currently working on redeveloping the Information Security program at IU Health, and regularly works with multiple non-technology stakeholders to improve it. He also speaks regularly at multiple conferences and workshops, including HIMSS, IEEE TechIgnite, and Internet of Medical Things.

Mitch has a Bachelor's degree in Computer Science from Bloomsburg University, a MS in Information Technology Leadership from LaSalle University, and his MBA from Temple University.

The opinions expressed in this blog are those of Mitchell Parker and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.