Have you ever had a Mai Tai? If you drink, the answer is probably “yes.”
Was it made correctly? The answer to this one is “probably not.”
There is some debate about the origin of the venerable tiki cocktail, I personally believe the original recipe for the Mai Tai should be attributed to Vic Bergeron, aka “Trader Vic.”
This is the recipe:
- 2 ounces Jamaican rum (I use 1.5 Appleton Estate and a .5 Diplomatico, which is Venezuelan, but it’s damn good)
- 1/2 ounce orange curacao (Cointreau is fine even though it’s technically a triple sec)
- 1/2 ounce orgeat syrup (Check Wegmans)
- 1/4 ounce simple syrup (cane sugar)
- Juice of one whole lime
Pour into a shaker with a lot of cracked ice, and shake vigorously. You really want to froth it up in that thing. Then pour the whole thing, with the ice, into a double old fashioned glass. Top with a sprig of mint and one half of your spent lime shell. It’s supposed to look like an island with a palm tree. Look, I don’t make the rules, just go with it.
If this sounds odd to you, it’s because most Mai Tais today are made with a mix, and usually with fruit juices like pineapple, and/or coconut flavorings. Then a pineapple stick with a maraschino cherry is added. I do add the cherry myself, but the original recipe doesn’t call for that, or any of the other stuff. Over the years, it’s been twisted into something commercial, and often looking like it literally came from a commercial.
The “real” Mai Tai a simple drink that takes good, fresh ingredients and turns them into something pretty remarkable. In fact, you might read the ingredients on their own and wonder if this is actually any good, but the whole really is much greater than the sum of its parts.
Once a mix is put together, it can’t be disassembled. It’s OK to use mixes if they’re good, like Zing Zang, but when the mix you’re drinking differs wildly from the original intent of the thing the cocktail was trying to do in the first place, that should arouse some suspicion. The intent for the Mai Tai being that 1) rum can be appreciated and that 2) simple is better.
So what can cyber practitioners learn from the storied history of the Mai Tai? Do things simply, and execute them well. K.I.S.S. “Complexity is the enemy of security,” so too for a good cocktail. We’ve seen broad consolidation of tooling in the security market in 2024. Vendors herald this as a great thing for their customers, and naturally we’ve seen the return of the 2010s-era marketing around visibility through “a single pane of glass.”
I can well see through a bottle of cocktail mix. I have no idea what’s actually inside the bottle, or if it was mixed correctly. Practitioners should be wary of this scheme. A single pane of glass isn’t valuable if you can’t really tell what’s on the other side of the pane, or if the pane only becomes clearer with an additional license. Nothing in security begets more work than tooling, an endless series of options that generate more work for you and more ARR for your vendor.
The “zero trust” marketing from vendors hit a fever pitch about two years ago, then when generative AI became popular, it seemed to all go out the window. Why? Maybe it’s because zero trust is real work, or maybe it’s because good security practitioners can look at zero trust as an opportunity to stop using all of their expensive tooling and focus on basics, and vendors started to realize that too.
Palo Alto has disclosed multiple vulnerabilities in 2024 at a rate I haven’t seen before. Time will tell if this is a one-off, or if it’s because they’ve finally spread themselves too thin. Which is it? Their firewalls were the rum, the services were the syrups, and Panorama was the lime. You knew what it all did. Look at Palo Alto’s website now. Do you have that same assurance today that these parts are still just as effective? What about Crowdstrike? Are all of these features delivering value, or are they a solution in search of a problem, and if so, is the problem “we need to figure out how to deliver shareholder value?”
The fresh Mai Tai is unpretentious and needs no unnecessary adornment or sweetener. Don’t take my word for it, mix it yourself. There is no beverage on Earth more balanced (except for maybe Coca-Cola, which coincidentally also retains its original recipe); it’s sweet, but just so. Tart, but not too much. It is wholly punchy and refreshing. It knows what it wants to do and does it without getting in its own way, which is something security practitioners seem to continuously forget how to do.
It works smart, not hard.
You probably want to limit yourself to two though, unless you’ve got a couple of plates of skewered chicken and crab rangoon. Aloha!