BREAKING AT&T Data Breach: ‘Nearly All’ Wireless Customers Exposed in Massive Hack
Connect with us

Hi, what are you looking for?


Management & Strategy

From the SOC to Everyday Success: Data-Driven Life Lessons from a Security Analyst

By taking a data-driven approach to life, grounded in truth and facts, we can improve our chances of making better decisions and achieving better results.

Many of you have likely noticed that I enjoy looking for life lessons in the real-world that we can apply to the challenges we face in the security domain. In this piece, I’d like to take the opposite approach. I’d like to try and take the lessons I learned during my time as a security analyst working in various Security Operations Centers (SOCs) and apply them to life. My reason for this is simple. I believe that as security professionals, the healthier and happier we are, the better able we are to protect our respective organizations.

In particular, I’d like to focus on the strong data-driven approach adopted by the teams I was fortunate enough to be a part of. I think that the timing is particularly good. Why? Unfortunately, it seems that we as a society are slowly losing our respect for truth and facts, and at the same time, we seem to be becoming aware of an epidemic of narcissism that is well underway. That lies and opinions are so readily accepted as truth is extremely dangerous. More troubling still are the behaviors and actions that are justified based upon them.

So here are my thoughts around five life lessons we can learn from security to live healthier and happier lives, and in turn, be better security professionals because of it:

1. Don’t assume: Some of my biggest mistakes as a security analyst came when I made assumptions, rather than drawing conclusions only when the data supported those conclusions. It is tempting to jump to conclusions, and it is challenging to stop ourselves from doing so, but it is important. The trouble is that once we allow ourselves to jump to a conclusion that is not supported by data, it is very difficult for us to undo that logical (or rather, illogical) jump. The implications for security are obvious – we can very quickly get into risky territory if we aren’t basing decisions on facts. The same is true in life – jumping to conclusions that aren’t justified by data can set us down unhappy and unhealthy paths and keep us from righting our ways.

2. Obtain visibility: Making decisions based on data and evidence is important. So is the ability to collect that data in an unbiased fashion. In security operations, we often triangulate, comparing application logging, network data, and endpoint data (among other sources). When they all agree, we can be reasonably confident that we are seeing a decently accurate picture of what is going on. We can extrapolate that to life in general. Always trusting the same source, never asking the hard questions, and never challenging our sources leads us to make incorrect decisions based on biased data. No matter how logical or how good at making decisions we are, if our data are inaccurate, we will not arrive at the correct conclusion. When this happens, we either need to delude ourselves or live in a state of dissonance. Neither leads to a healthy and happy existence.

3. Use the data: Once we have collected the requisite data, we need to use it – correctly. In security, this involves logic, algorithms, and analysis. If we ensure that we do so in an unbiased manner, and that we don’t allow emotions or feelings to cloud our judgment, we will arrive at better results and decisions than if we do. Similarly in life, the results we achieve and the decisions we make will be better the more objectively and impartially we arrive at them. This is easier said than done, of course. Succeeding in this lofty goal most often results in a far better quality of life, and yes, you guessed it, a happier and healthier one.

4. Document: Relatively early in my career, I worked for a manager who often reminded us that “if it isn’t written down, it didn’t happen.” With each year that passes, I see more and more how right he was. In the security field, documentation is extremely important. Whatever we are working on – policies, procedures, risk registers, incident investigations, incident reports, manuals, how-tos, configurations, alerting/rules, or anything else – documenting them serves a number of beneficial purposes. Unfortunately, in the world today, it seems that so many people go out of their way to avoid putting anything in writing or having any sort of a record. To have to constantly maneuver to avoid putting anything in writing and to live in constant fear of having anything you’ve said or done on the record can’t make a person particularly happy or healthy.

5. Tell the whole story: In security, telling the whole story is important. While it might be tempting to cover up an incident, tell part of the story in an incident report, feed management half-truths, and report biased statistics, it is never wise. Eventually, the truth will come out, and when it does, having hid the truth is generally a far bigger problem than whatever actually happened would have been had it been dealt with straightaway. The same is true in life, I believe. Shoot straight – it is so much easier than having to manage narratives, tell that next lie to cover the last one, and worry about who has access to what data and which people. That relief generally brings about a higher level of happiness and a healthier existence.

Advertisement. Scroll to continue reading.

    It might feel good to shout into an echo chamber, but it seldom leads to a happy and healthy life. By taking a data-driven approach to life, grounded in truth and facts, we can improve our chances of making better decisions and achieving better results. That, in turn, means that we do not need to waste time and energy deluding ourselves or living in dissonance. It appears to me that this makes for a happier and healthier life.

    Written By

    Joshua Goldfarb (Twitter: @ananalytical) is currently Global Solutions Architect - Security at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.


    Daily Briefing Newsletter

    Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

    Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


    Event: ICS Cybersecurity Conference

    The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


    People on the Move

    ICS and OT cybersecurity solutions provider TXOne Networks appoints Stephen Driggers as new CRO

    Identity orchestration provider Strata Identity appoints Aldo Pietropaolo as Field CTO

    Cybersecurity provider for the aviation industry Cyviation has appointed Eliran Almog as Chief Executive Officer.

    More People On The Move

    Expert Insights