I've created a monster!
Well, a humble, well-spoken and intelligent monster who -- like me -- isn't afraid to admit that sometimes it's better to let go than grip the bat too tight. That doesn't happen often, but when it does, it's a wonderful thing.
I reckon that despite having opinions, perhaps sometimes it's better to listen with two holes and talk with one, shrugging off the almost autonomic hardline knee-jerks of defensiveness that come from having to spend years of single minded dedication to cramming good ideas down people's throats.
It appears Amrit's been speaking to my wife, or at least they read the same books.
So it is with the utmost humility that I take full credit for nudging along Amrit's renaissance and spiritual awakening as evidenced in this, his opus magnum of personal growth titled "Embracing Humility - Enlightened Information Security" wherein a dramatic battle of the Ego and Id is played out in daring fashion before the world:
Too often in IT ego drives one to be rigid and stubborn. This results in a myopic and distorted perspective of technology that can limit ones ability to gain an enlightened view of dynamic and highly volatile environments. This defect is especially true of information security professionals that tend towards ego driven dispositions that create obstacles to agility. Agility is one of the key foundational tenets to achieving an enlightened perspective on information security; humility enables one to become agile. Humility, which is far different from humiliation, is the wisdom to realize one’s own ignorance, insignificance, and limitations of intellect, without which one cannot see the truth.
19th century philosopher Herbert Spencer captured this sentiment in an oft-cited quote “There is a principle which is a bar against all information, which is proof against all arguments and which cannot fail to keep a man in everlasting ignorance - that principle is contempt prior to investigation.”
The security blogging community is one manifestation of the information security profession, based upon which one could argue that security professionals lack humility and generally propose contempt for an idea prior to investigation. I will relate my own experience to highlight this concept.
Humility and the Jericho Forum
I was one of the traditionalists that was vehemently opposed to the ideas, at least my understanding of the ideas, put forth by the Jericho forum. In essence all I heard was “de-perimeterization”, “Firewalls are dead and you do not need them”, and “Perfect security is achieved through the end-point” – I lacked the humility required to properly investigate their position and debated against their ideas blinded by ego and contempt. Reviewing the recent spate of blog postings related to the Jericho forum I take solace in knowing that I was not alone in my lack of humility. The reality is that there is a tremendous amount of wisdom in realizing that the traditional methods of network security need to be adjusted to account for a growing mobile workforce, coupled with a dramatic increase in contractors, service providers and non pay rolled actors, all of which demand access to organizational assets, be it individuals, information or infrastructure. In the case of the Jericho forum’s ideas I lacked humility and it limited my ability to truly understand their position, which limits my ability to broaden my perspective’s on information security.
Good stuff.
It takes a lot of chutzpah to privately consider changing one's stance on matters; letting go of preconceived notions and embracing a sense of openness and innovation. It's quite another thing to do it publicly. I think that's very cool. It's always been a refreshing study in personal growth when I've done it.
I know it's still very hard for me to do in certain areas, but my kids -- especially my 3 year old -- remind me everyday just how fun it can be to be wrong and right within minutes of one another without any sense of shame.
I'm absolutely thrilled if any of my posts on Jericho and the ensuing debate has made Amrit or anyone else consider for a moment that perhaps there are other alternatives worth exploring in the way in which we think, act and take responsibility for what we do in our line of work.
I could stop blogging right now and...
Yeah, right. Stiennon, batter up!
/Hoff
(P.S. Just to be clear, I said "batter" not "butter"...I'm not that open minded...)