Vision Exercise
October 24, 2006
In a recent entry, I talked about the importance of having a solid vision for your life and about looking at it from the opposite direction. On that same topic, I put together a recording to help walk you through the long-term goal setting session that I mentioned in the overview of my life management system.
As I said in that prior entry, many of us create a vision moving forward in our lives – we look at 10 years from now and imagine it how we’d like it to be, with all the trappings. The exercise is designed to show you how your life looks when moving backwards – how do those things that you think you want change when you’re looking at them as past rather than future?
If you enjoy the exercise,
Click here to download the MP3. (20MB)
SCADA Security
October 24, 2006
One of the hot topics these days seems to be SCADA security. When I was at LURHQ back in 2003, we were talking about how we could do this well, and it seemed like the idea of offering SCADA protection services was a good one.
Now, from my friend Jim’s blog, I read that Eric Byres has put together a company to do just that. Eric’s an incredibly smart and capable dude, and when he gets this off the ground, there’s no doubt that the product is going to rock.
Especially since the din about SCADA Security (and how bad it is) is getting louder… seems like Eric’s right on time with this one.
The Subtle Effects of Birthdays
October 24, 2006
A few months ago, I read an interesting post on the Freakonomics blog about the effect of birth date on soccer stars. I thought it was an interesting effect at the time, and pondered whether it could pop up in other sports.
Well, apparently it affects minor hockey in Canda, too. From the article:
“A new study shows that kids born later in the year are more likely to be filtered out of hockey at a young age, even though they will end up being as big and strong as the players who have birthdays earlier in the year.”
What I find most interesting about this is that I remember, as a kid, noticing this. On my AAA and Junior hockey teams, we almost never had a kid who had a birthday in the fall (except one, who was tiny and particularly skilled). We never thought much about it at the time, but it’s definitely something that exists.
This is definitely an indication of places where sublte bias come in to play – we notice this in interviewing and hiring all the time. As much as you can say that you’re not biased towards a given outcome, the unconscious mind is a tricky thing, and leads to biases that you never would have believed.
So, if you’re aiming to have a kid who plays in the NHL, it looks like you should be trying to get pregnant in the early spring. (The saddest part of that is that I know some parents who would do exactly that.)
Security and Risk Management
October 24, 2006
I’ve been talking a lot about risk management lately and I’m not the only one. And people are starting to get security and risk management all tied up. I know that’s what inspired Rich Mogull’s recent post about how the world needs both security and risk management.
I take issue with his title, though – he says that security and risk management are “lovers, not twins”. I think that’s over-inflating the importance of security. The relationship is far more one of parent (risk management) and child (security) – the two disciplines aren’t peers… security is a sub-set of risk management.
While we want to believe that security is important (and it very much is), it’s not THAT important that it takes on the same status within a business as operational risk management – security is a part of the discipline of operational risk management, but only one part.
Compressing “Good” Work
October 23, 2006
I was recently on a GTD Connect teleseminar, and the speaker said something that I found fascinating – that the key to excellence is doing less “good” work.
His argument was that most of us spend something like 15% of our time goofing off, 70% of our time doing good/normal/routine/everyday work, and 15% of our time doing amazing, excellent, super-cool, WOW! projects. He noted that the “goof off” time is an inbuilt reflex – most people try to “discipline” their way into never goofing off, and that’s generally unsuccesful because you’re fighting an instinct.
So, he reasoned, the key to excellence in life is to compress the amount of “good” work that we do in order to expand the amount of time we have for excellent projects. This was his reason for doing GTD.
This reminds me of something Seth posted recently about layoffs and firings – that about 50 people get laid off for every one that gets fired for doing something amazing. (Dan posted about this topic as well). I’m sure that all of those people did “good” work. Seth points out:
“At least once a day, I get mail from people worrying that if they are too remarkable, too edgy, too willing to cause change and growth… they’re risking getting fired. I almost never get mail from people who figure that if they keep doing the same boring thing day in and day out at their fading company that they’re going to lose their jobs in a layoff.”
Imagine what life would be like if you could find a way to eliminate or compresss the “good” work to only 1/2 of the time it usually takes you today… what could you do if you put 50% of your time into your calling?
Another Cool Blogging Friend
October 23, 2006
Yet another co-worker has joined the blogosphere – James C is a brilliant security guy, and especially is a brilliant voice on SCADA Security.
He’s also a guy with a great number of varied opinions on cool stuff – no doubt, he’s going to say lots of stuff worth reading.
Subscribe to Jim’s blog by clicking here
Moving Beyond Certifications
October 22, 2006
In a recent entry, I mentioned the training program that we conceived at nCircle to take relatively inexperienced engineers and turn them into security rock stars. The genesis of that program was in the search for a certification that actually meant something – even with the huge number of certifications out there, we couldn’t find a set of training or testing that would actually move an engineer from a normal level of technical skills to become a real high-octane security engineer in an orderly fashion.
The problem is really the dilemma of a certifying body that requires money to survive – in order to make money, the certification has to get recognized. In order to get recognized, a certain number of people have to have the certification (and be willing to do the work to get it). In order for that number of people to get the certification, the certification has to be sufficiently easy to allow them to get it.
Thus, you’re not likely to ever see a certification that actually reflects excellence, simply because the economic incentive isn’t there to create it. The same set of economic incentives are out there for anybody creating a training course for security – if their plan is to make money in the mass market, it simply can’t push people too far.
So, we realized that we had to move beyond certifications and create our own program, but what to put in it? So, we asked the following question:
If I were to snap my fingers and create the ideal super-star security engineer (SSSE), what skills would they have? What traits would they have? And how would they think?
What would your answer to that question be?
Requesting Philosophical Assistance
October 22, 2006
From one of my early undergraduate courses, I remember reading a brilliant argument about the nature of the universe that described the nature of temporality – the argument was around a statement of the form:
“if I had gone out for my walk this morning wearing a hat, it would have meant the entire universe would have been different than it is.”
The line of reasoning from there was fascinating to me – he set out the argument that the antecedent events that necessitated him deciding to wear a hat extended backwards in time to the origin of everything. It was, in many senses, like the inverse of the Butterfly Effect.
The problem I’m having is that I can’t remember the philosopher or the work that it was in. And I’d really like to go back and re-read it. I keep thinking it was G.E. Moore, but I can’t find any reference to any sort of discussion like that in his work. I have Googled everything I can think of, and even went so far as to email the professor who I thought taught that class (who gave me an absolutely brilliant response that I’ll have to blog about soon enough, even though he wasn’t the person who taught the class and didn’t know the actual reference).
Can anybody point me to the appropriate philosopher?
The Meaning of Episteme
October 22, 2006
Recently, I was asked about the origin of this blog, and, more specifically, what the word Episteme means.
You’ll hear “Episteme” most often in the context of philosophy – one of the three core domains of philosophy is Epistemology, which is the study of knowledge. In that context, when we talk of “episteme”, we’re discussing knowledge.
But what is more interesting is the ancient meaning of episteme – Socrates used the word to describe not only knowledge but wisdom.
Additionally, the word carries a third meaning – my wife (who is Greek) informs me that, in modern greek, the word is used to describe belief.
I have always loved the ability of a word to carry so many interrelated meanings. When you think about it, can you be aware of the subtle interplay between knowledge, belief and wisdom?
Thanks for the Reminder, Tom…
October 21, 2006
One of my favorite bloggers on the planet is Tom Peters – I love his take on the world, and most of all, I love his powerpoint slides. (Anyone who has seen a recent presentation from me will notice some similarities).
One of his posts yesterday is one that I need to take a reminder from:
“Remember: “Pissed off at a glitch? Fine. But be nice. Very nice. Very, very nice. The person on the other side of the counter [etc] is the Only Human Being on Earth, at the moment, who can help solve your problem. Or not.””
My wife would love it if I could keep this one in mind more often – glitches piss me off. Especially when they’re systematic ones (is there really only one DMV in the entire state of New Hampshire that can issue a Canadian citizen a driver’s license?)
The thing about being pissed off is that it really doesn’t help, and it’s not particularly resourceful. There are always more resourceful states that one can choose – particularly, it sometimes helps situations immensely to use the WMP (Weapons of Mass Politeness) as Tom called it.
Tom did some great slides on Dale Carnegie recently – it’s always useful to remember the advice from How to Win Friends and Influence People