cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
j_M007
Community Champion

If you can't be a good example, then you'll have to serve as a horrible warning! (Worst advice)

"Shun advice at any price. That's what I call good advice."  Piet Hien (Scientist and poet)

 

Many people offer advice, and not all of it is good or appreciated.

 

As you have gone down the road of Infosec, what "lessons learned" can you share with others? (Of course, neither infringing the Code of Ethics Canons, nor impacting any tenets of confidentiality, integrity and availability.)

 

Thanks for your thoughts or opinions.

7 Replies
denbesten
Community Champion

  1. People listen best when they ask (or pay) for advise.
  2. Supporting and gently steering somebody else's idea works better than proposing your own similar idea.
  3. It is often more about the delivery than the message.
  4. Security is an easier sell after the horse has escaped.  Too bad our job is to keep the horse in the barn.

Thanks for asking Smiley Happy.  I appreciate the opportunity to preach to the choir.

Early_Adopter
Community Champion

Something sticks in the back of my mind from about 15 years back when I was starting out in InfoSec:

 

    "I know more wrong ways to do things than right ways..."

 

This was quite powerful, as it articulated a number of challenges that are true of infosec, software development, system design, service delivery etc:

 

  • You are likely to make mistakes, probably good to share these, the worst you can do is cover them up;
  • There are lots of opinions on what's right or wrong, and many people will want to put forward their views;
  • When all is not quite as you think it should be, listening very carefully to the person telling you are wrong, try to understand what is being said and what is behind it. There is often a problem that the person can't deal with, so give the best advice you can, and if too contentious decide absolutely if you absolutely need to fight that battle or if there are other ways;
  • As much as you can avoid 'knowing' something too firmly when in grey areas, people will communicate more with you and that helps you help.

Will it ever be ideal? No, but while there is black and white in many things as complexity scales up you start to see more inherent conflict and points of friction, and ultimately these areas are where we earn our keep.

j_M007
Community Champion

Thanks Early_Adopter.

 

Errors can be costly; but sometimes no errors can even be costlier. The issue with "error free" and "worry free" is complacency; and complacency is a one-way ticket to catastrophe.

 

I wonder how to ease the notion to the see-no-evil types that they should be even more alert if everything is copacetic?

 

Someone told me once,"If you can't see flaws, you're not looking hard enough!" I thought they were just being unpleasant then, but an older and wiser me now thinks, "Yep. That's true."

 

Cheers.

j_M007
Community Champion

Thanks denbesten,

 

I love horses. Beauty, intelligence, grace. A lovely and powerful creature to be sure. I think your analogy is spot one. When the horse is loose, people try to patch the paddock. Sadly, maybe they weren't being too kind or careful to the creature in the first place..

 

Another one about horses:"You can lead a horse to water, but you can't make him drink." To me, this means, you can perform due diligence and and take due care and calculate all the risks and provide for all the threats, but there's always someone who will find a way not to comply or willfully to circumvent countermeasures.

 

Ironically, sometimes they may even be in the choir!

 

So preaching to the choir is always appreciated.

 

Best!

JoePete
Advocate I

Not quite along those lines, but I remember when I raised a security issue in a proposed process, the CFO of the organization said to me, as the other stakeholders looked on, "I think you're telling us something we'd rather not hear."

j_M007
Community Champion

Lol! Classic, and so true.

 

I wonder what off-the-cuff response one could make? "Better the devil you know than the devil you don't?"

 

Cheers.

rslade
Influencer II

There is a truism in science:

 

No experiment is ever wasted.  It can always be used as a bad example.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468