Tuesday, April 30, 2013

the abc's of security

over the years i've found myself becoming increasingly dissatisfied with the boiler plate advice i formulated when i was younger, as well as all the other boiler plate advice i've seen/heard given by other people, and even the very concept of boiler plate advice itself. this includes things like best practices (aren't you done practicing yet?) and really any simple, prescriptive answer to questions involving how to keep oneself secure. more and more they seem like incomplete or obsolete anachronisms that aren't suited to the diverse and ever changing circumstances in the real world. never mind the fact that everyone's values (and thus their priorities) are slightly different from each other so boiler plate advice is rarely a really good fit - and of course people's priorities change over time, too.

i've grown and evolved as a security user (a user of security), and no boiler plate seems capable of reflecting my reality anymore. it's just not how i think about or approach the problem of keeping myself secure anymore and i find it difficult to direct others down such fixed, one dimentional paths.

and yet i know people still need advice and direction in order to grow themselves. the subject of first principles and fundamentals occasionally comes up and so i thought to myself what is the most fundamental thing in all of security? if there was just one thing about security that i could impart to another human being, what would it be? the answer is surprisingly simple, surprisingly complex, and surprisingly not limited to just security but in fact really a life lesson that happens to have meaning within security.

the most important thing for anyone to remember when it comes to defending yourself and the things and people you care about is this:

when i say this, i don't mean changing mindlessly like some derivative of the crazy ivan maneuver from the movie hunt for red october (although being unpredictable certainly has tactical advantages) but rather that you change what you do to protect yourself in intelligent, mindful ways. you should always be learning, always growing, always evolving, always adapting, always improving. don't stand still because your adversaries certainly won't be and you don't want to fall behind (or at least any further behind).

there are no easy answers, no matter how many people may be offering them (it seems like everyone does), and no matter how well-intentioned they may be.