Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

What Does Bad Advice Look Like?

Five Angles That One Can Use to Evaluate Whether a Piece of Advice is Good or Bad

Five Angles That One Can Use to Evaluate Whether a Piece of Advice is Good or Bad

When I was a teenager, I once complained to my father that everyone, it seemed to me at the time, wanted to give me advice.  Some of the advice was useful, though much of it didn’t seem particularly helpful at all. My father advised me to listen to the advice, be grateful for it, and then to decide for myself whether or not the advice was useful or helpful.  Since then, I’ve tried to follow my father’s advice, working to hone my internal filter and the sounding boards I consult with externally.

It would be foolish on my part to think that I’ve got it all figured out, or that I know how to filter, analyze, and implement advice better than others.  That being said, I have noticed some common threads that run through both good and bad advice, particularly in the security field. I’ve found taking notice of these common threads to be quite helpful over the course of my career.

How can you identify when someone feels the need to offer advice, even if they have nothing of value to offer?  Or, how can you identify when someone thinks they have something of value to offer but doesn’t realize how unhelpful it is? Lastly, how can you identify when a piece of advice truly is a good one? In this spirit, I’d like to offer five angles that one can use to evaluate whether a piece of advice is good or bad.

1. Identify the giver’s interest:  While I have known more than a few selfless people in my life, I have also known, unfortunately, more than a few people who look to personally gain from nearly every interaction. First and foremost, it is important to understand what type of person you’re receiving advice from. Beyond that, it can help to consider a few questions that can help you evaluate the quality of the advice you’re receiving.  What does the person giving the advice stand to gain from the situation? What possible reasons could a person have for giving you a particular piece of advice? What do you stand to lose from implementing the advice?  What risk are you taking by listening to the advice?

2. Beware of over-complication: Good advice is generally straightforward, well thought out, and easy to understand and internalize. If advice comes to you in a convoluted manner, through a stream of consciousness, and in a way that is difficult to make sense of, it’s usually a sign that the advice is questionable. As Occam’s Razor states, “the simplest solution is almost always the best.”  In my experience, this is certainly true for advice as well.

3. Be cautious of assumptions:  When someone presents various different pieces of information, are they based on fact or on assumptions?  Knowing how to spot the difference is critical to properly evaluating and filtering advice.  If a piece of advice presents a logical conclusion deduced from one or more initial conditions or pieces of information, the quality of that conclusion is highly dependent on the quality of the information. If the information is based on facts, then the logic used to arrive at the conclusion can be considered and evaluated, as can the advice resulting from that conclusion. On the other hand, if the information is based on assumptions, feelings, and/or conjecture, it is inherently flawed.  Regardless of whether or not the logic applied to that information is sound, any conclusions deduced from inherently flawed information will themselves be inherently flawed.  This, of course, renders any advice resulting from inherently flawed information to be inherently flawed as well.

4. Ask for details: If a piece of advice is helpful, it will be solid and stand up to questioning. When evaluating the quality of a piece of advice, it is important to understand the details behind it.The easiest way to do so is to ask the person offering the advice to provide those details. If that person cannot or will not readily provide important details when asked, but rather evades or otherwise tries to avoid providing additional information, it is a sign that the advice is likely flawed.

Advertisement. Scroll to continue reading.

5. Expect transparency:  In my experience, good advice generally comes from good people with good intentions. I’ve learned over the years that good people are most often transparent. Therefore, a good piece of advice, the information underlying it, the logic used to deduce it, and other details about it should be transparent as well.  When evaluating a piece of advice, consider whether or not the circumstances around the advice are transparent and constant. Does the story keep changing?  Are there important details that seem to be in flux?  Does the background around the information used as a base for the advice seem to vary from time to time? These are all indications that the advice, and the person behind it, may not be transparent. That taints the quality of the advice significantly.

So what is my advice to you? Listen to my father’s advice – it has served me well.

Written By

Joshua Goldfarb (Twitter: @ananalytical) is currently Global Solutions Architect - Security at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem