with that in mind i thought i'd share my own mental processes on this subject in hopes that it might raise the bar, even if only a little bit... now i'm not going to just tell you to listen to the experts; for one thing that just shifts the onus on to how to figure out who's actually an expert or not, but also because that can be a little more exclusionary than it needs to be (for example, it excludes me, and if you shouldn't be listening to me then you should stop reading this)... here's what i am going to tell you, though - what to avoid and what to look for...
here's what you should probably avoid:
- famous people / big names - being famous on it's own doesn't make one smarter, it doesn't make one more accurate, more capable, or more in tune with the truth... fame is pretty much orthogonal to the truth...
- the media - their power to elevate the audience is matched only by their failure to do so... their job, ultimately, is to make their content look better/more important/more interesting than it is in order to sell advertising and thus make money... their is no motivation for them to present the unmodified / unhyped truth...
- vendors, or at least the marketing departments thereof - one need only search this blog for references to the term snake oil to see examples of why their words need to be taken with a grain of salt... marketing's interests are aligned with the company's interests rather than the publics interests...
- experts in some other field - though many experts seem to not be aware of this fact, expertise is non-transferable... you could be a genius when it comes to networking but that doesn't mean you know the first thing about malware...
- crowds - the wisdom of crowds is not universal, especially not where malware is concerned... in malware it usually turns into the wisdom of mobs, or digital maoism (to borrow a term from jaron lanier)...
all that being said, here are some of the things you should be looking for:
- relevant (malware-related) credentials - this means some kind of significant experience that's relevant to the field; maybe it's professional experience, maybe academic, maybe something else, but relevant credentials are the first and probably most important thing you should be looking for when trying to decide whether someone knows what they're talking about in this field...
- consensus with those who have credentials - just because someone doesn't appear to have credentials themselves, that doesn't mean they can't know a thing or two about the field... if what they say agrees with what those who do have credentials say then perhaps they do know something... this can be particularly significant when combined with past performance...
- past performance - if someone is right (or appears to have been right) most of the time about the subject then there's a good chance they'll be right in the future too...
- impartiality - all the credentials in the world won't matter much if someone has a vested interest that isn't aligned with the publics interests... the extent to which this matters depends a lot on the message; the easier it is to objectively and independently verify the information the person is giving, the less impact a vested interest can have...
- does it make sense - there comes a point where you'll have gained enough knowledge of the field that the idea being presented will just click and you'll be able to judge the message itself rather than having to worry about whether the person sending it knows what they're talking about and is impartial...
nothing is foolproof of course, even being an expert yourself won't guarantee that you are only trusting the right people...
(and now that i've written this, i suspect that it can apply to fields other than malware as well)
0 comments:
Post a Comment