Many of you have likely noticed that I enjoy looking for life lessons in the real-world that we can apply to the challenges we face in the security domain.
I'd like to try and take the lessons I learned during my time as a security analyst working in various Security Operations Centers and apply them to life.
Don't assume: Some of my biggest mistakes as a security analyst came when I made assumptions, rather than drawing conclusions only when the data supported those conclusions.
The trouble is that once we allow ourselves to jump to a conclusion that is not supported by data, it is very difficult for us to undo that logical jump.
The implications for security are obvious - we can very quickly get into risky territory if we aren't basing decisions on facts.
The same is true in life - jumping to conclusions that aren't justified by data can set us down unhappy and unhealthy paths and keep us from righting our ways.
Obtain visibility: Making decisions based on data and evidence is important.
So is the ability to collect that data in an unbiased fashion.
In security operations, we often triangulate, comparing application logging, network data, and endpoint data.
Always trusting the same source, never asking the hard questions, and never challenging our sources leads us to make incorrect decisions based on biased data.
No matter how logical or how good at making decisions we are, if our data are inaccurate, we will not arrive at the correct conclusion.
Use the data: Once we have collected the requisite data, we need to use it - correctly.
If we ensure that we do so in an unbiased manner, and that we don't allow emotions or feelings to cloud our judgment, we will arrive at better results and decisions than if we do.
The results we achieve and the decisions we make will be better the more objectively and impartially we arrive at them.
In the security field, documentation is extremely important.
Tell the whole story: In security, telling the whole story is important.
Shoot straight - it is so much easier than having to manage narratives, tell that next lie to cover the last one, and worry about who has access to what data and which people.
It might feel good to shout into an echo chamber, but it seldom leads to a happy and healthy life.
By taking a data-driven approach to life, grounded in truth and facts, we can improve our chances of making better decisions and achieving better results.
It appears to me that this makes for a happier and healthier life.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 02 Jul 2024 11:43:06 +0000