Vegas-shmegas. There is nothing like a week in the wilderness slaying rainbows and cutthroats to help you put your day job into perspective. I don’t know too many people in cybersecurity that also like to fish, or vice versa, so herewith what I hope is a little insight from the creel.
- Remember that you have no real control. A perfect sunny day turns into a squall. You brought your best casting rig and hard body lures but the fish are feeding off the surface. Just as they start biting you get a snag and its ten minutes before you can put a line in the water again, at which point the fish have moved on. There will always be times when you come up short. Those fishing shows where every third cast results in a keeper in the live well? That thirty-minute show is really several days of actual fishing. That you can build a cybersecurity capability that works perfectly ever time is an illusion. Even the pros get skunked sometimes.
- You have no idea what you are going to get. You want to slay some bass but all you get are crappies. You take the kids out for panfish but little miss hooks a 20 pound channel cat on her Barbie pole. You hit the water early for walleye and land a burbot. You have to be ready for anything. You can plan and prepare for all the current things, and be surprised by something old and pedestrian. If that sounds expensive and like a lot of work, it is, but if you’re trying to build a serious capability, it’s the price you have to pay.
- The best day fishing is still a messy business. Everything can go right. You can catch your limit of keepers before lunch, but you can’t enjoy any of it without having to stick a knife in their bellies. Detecting intrusions or other problems is just the beginning, not the end. Did you identify the entire problem? Are you sure nothing else is lurking about? The queries never end because the problem is perpetual. You have to do this because you love the entirety of it, the un-glamorous parts as well as the fun stuff.