Connect with us

Hi, what are you looking for?


Management & Strategy

Legacy of Wisdom: Security Lessons Inspired by My Father

Honoring my father by translating his timeless life lessons into practical wisdom for the cybersecurity profession.


It is hard to believe that it has been nearly a year since my father passed. The outpouring of support and sympathy I received after his passing and in the days, weeks, and months since has been truly incredible. I am very grateful for what has been a huge help during a very difficult time.

You may be asking yourself why I’m writing about this in SecurityWeek. I, like many others, believe in paying it forward. While my father was not a security professional (he was a manufacturing engineer), he taught me many important lessons during his life. I’d like to honor my father’s memory and thank all of you for your support by adapting some of my father’s life lessons to the security profession.

My father was a very practical man, and he was also a talented craftsman. He was never happier than when he was in his woodshop during his retirement years, surrounded by his grandchildren, passing on life’s lessons to the next generation.

Here are five security lessons that we can learn from my father:

  1. Like your job: When I was young, my father frequently told me that it is important to like your job. When I got older, I realized that my father did not like his job at all – he went to work at a job he disliked every day to provide for his family. I asked my father why he told me this if he didn’t like his job. I’ll never forget his answer: “Why do you think I told you that?” My father wanted my life to be better than his, and thankfully, I believe that is the case (I enjoy my job tremendously). As security professionals, it is important that we like our jobs. We will be happier, we will work harder, and we will perform better. That, in turn, will better protect the organizations we work for. If you are in a role that you don’t like, find another one that you do like.
  2. Be proud of your work: As I noted above, my father was a very talented craftsman. He was very proud of his work, as well he should have been. Particularly when it came to woodworking, my father’s work was of the highest quality and never disappointed. It was clear that he was meticulous, at every stage, when taking on a project. We as security professionals should do the same. We should strive to do our best – always over-delivering on our promises, always going the extra mile, and always being top contributors to our teams.
  3. Measure twice, cut once: This well known adage is very apt in today’s world, particularly in the security profession. With how prevalent and pervasive computing power and resources have become, it is easy to succumb to the temptations of trial and error. This is unwise, however. At the very least, trial and error as a method consumes valuable time and resources that could be better spent on other activities. At worst, trial and error can result in human error, the introduction of new vulnerabilities, outages, and other issues. It is far better to be precise, calculated, and strategic.
  4. Make lists: The people I respect the most are those who can be counted on to come through, on time (or ahead of schedule), time and time again. They don’t miss deadlines and then throw excuses at you like “I forgot” or “I’ve been so busy.” One of the easiest tools to help a person come through on time is making a list. My father, in being so practical, maintained several lists at any given time. I remember being near his desk as a child and seeing the list of bills that needed to be paid each month with a table where a check mark could be placed each time a bill was paid. I also remember him writing out food shopping lists to ensure that nothing would be forgotten at the supermarket. I also remember visiting my father at work and noting that he also kept lists there. My father wasn’t one to forget things or not to come through, and lists were a big part of why. We as security professionals can learn from this – by keeping lists, being organized, and prioritizing our activities, we can ensure that we spend our time wisely and that we come through for those counting on us.
  5. Don’t put things off: I remember the first summer I was home from university. I came home late at night. When I woke up the next morning, my father had left me a list of chores to do around the house. I don’t think I fully appreciated the value of this lesson when I was 18. In essence, my father was teaching me that when we are part of a team (in this specific case, a household), we contribute. We don’t put things off, and we don’t let others pick up the slack. Not even for a day. I believe that if we as security professionals strive to uphold this value, we will do well for ourselves and for the organizations we defend.

We are all prone to getting lost and caught up in the hustle and bustle of day-to-day life. At the end of the day, or perhaps more aptly, at the end of days, what is it that our friends and families are left with? In a word, it is our legacy. It seems to me that each of our legacies is mainly the impact we have had on others’ lives (hopefully for the good), along with what we have shared with others (moments, lessons, kindness, etc.). In other words, when we depart this world, it is others’ memories of us that remain. I wonder what a different world it would be if we all took a few moments each day to reflect on that.

Thanks for the lessons Dad. We love you, we miss you, and we definitely feel having lost you.

Written By

Joshua Goldfarb (Twitter: @ananalytical) is currently Global Solutions Architect - Security at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem