Perfect is my least favorite word in the English language. Nothing is perfect. There are always things that can be improved upon, no matter how good they are. And striving for perfection is an express train to disappointment and unhappiness. I’m a card-carrying disciple of “good enough”. It doesn’t need to be perfect to add value. So I don’t obsess about typos, misplaced pixels, or any other such nonsense. Which can irritate certain business partners [and editors] at times. But I’m not going to change it. If I do work (or anything else), I get it to a point where I’m happy with it and move on.
That doesn’t mean I strive to be mediocre. Or that I accept subpar effort from myself or anyone else. I do my best. I focus on consistent effort, not super-human perfection. Some folks believe you need to push beyond your self-imposed mental limits to achieve truly great things. I get that. I have tried that. It made me unhappy because I found I had a high bar for what I expected to achieve. I have the hyper self-motivation gene. I didn’t need an external party to push me. What I needed was to get comfortable with good enough. In hindsight, it’s sad that I felt failure even in the face of significant accomplishment. That’s no way to go through life. At least not for me – you can do what you want.
This is a hard lesson to teach your kids, especially when the bar is set by someone else. The Boss and I expect our kids to work hard and achieve to their level of ability. XX2 has a large personality. She is passionate and talented and has tremendous potential. We see that potential and so do her teachers. Unfortunately her teacher this year is a perfectionist who thinks all the kids should be perfect. A few months ago her teacher had beaten her down and we saw it. She stopped trying because she knew she couldn’t achieve the perfection her teacher expected. Her behavior and grades went down a little because she didn’t care anymore. It was time to intervene.
So the Boss sat down with the teacher and they worked out a set of criteria that represents a good day for XX2. We thought some of the criteria were stupid but they were based on stuff that irritates the teacher. She gets check marks every day based on the criteria and we sign off daily. She gets a prize from the teacher at the end of the week if she got all positive check marks. Right, she needs to be perfect to get her prize from the teacher. Back to Square 1.
Clearly we weren’t going to move the teacher off her perfection fixation. So we went around the teacher. We made it clear to XX2 that we don’t expect perfection. F Perfect. F that teacher too. We put an alternative incentive plan in place. If XX2 gets 5 of 6 checks every day for the week, she gets something from us. And her success criteria is now how she did in our eyes, not the teacher’s. Win! Of course we also talk about what she did that day and what she can do better the next day. We push her to be her best. But not to be perfect.
To be human – perfectly imperfect – and we want her to be comfortable with that.
Photo credits: 19. originally uploaded by silangel
We are back at work on a variety of blog series, so here is a list of the research currently underway. Remember you can get our Heavy Feed via RSS, where you can get all our content in its unabridged glory. And you can get all our research papers too.
Security Analytics with Big Data
The CISO’s Guide to Advanced Attackers
- Verify the Alert
- Mining for Indicators
- Intelligence, the Crystal Ball of Security
- Sizing up the Adversary
Newly Published Papers
- Email-based Threat Intelligence: To Catch a Phish
- Network-based Threat Intelligence: Searching for the Smoking Gun
- Understanding and Selecting a Key Management Solution
- Building an Early Warning System
- Implementing and Managing Patch and Configuration Management
Incite 4 U
- You! Yes, you! You’re a target: Most folks who are compromised spend their days blissfully unaware. They figure who would be interested what they have? As this post on DealBook shows, every company with any kind of intellectual property is a target for these cyber attacks. DRINK! Yeah, the article gets a 15-yard penalty for excessive use of ‘cyber’. But their point is reasonable: start-up tech companies, who may think they know everything, have no specific mandate or requirement to do security. The authors put the impetus on investors to make sure the management team is challenged to ensure proper intellectual property protections are in place. But good luck with that. That’s like the blind asking the blind whether the moon is out. – MR
- Break the abuse cycle: It is well known that human behavior favors certainty over novelty. It varies based on our genes, but in general we like things to stay the same – it’s an inertia thing. That makes sense, considering that for many years changes signified impending death, so you might as well sprinkle a few red shirts with the explorer gene, but keep the rest of us safe at home (and no, I promise I didn’t learn all this watching The Croods with my kids). So it comes as no surprise that, almost 13 years on, Windows XP is still used in many organizations. To be honest, I think Gartner’s 10% estimate is low, especially if you count the entire retail and hospitality industry that runs their point of sale systems on XP. Really. Not only is it time to get off XP, because security support ends next year, but it is time to break the abuse cycle. We can’t afford to lock ourselves into 10+-year-old operating systems in today’s threat environment. We need to architect systems and operational processes (such as user training) to allow more frequent upgrades. I know, I know, I also got slapped with the optimism gene, but I expect natural selection to take care of laggards anyway. Darwin FTW! – RM
- Welcome to the surveillance society: Hat tip to Bejtlich, who pointed out a new service that mines Twitter, designed for law enforcement and other snoops, which even keeps track of your deleted Tweets. Everyone warns about how public social networking is, but they say a picture equals a thousand words. Check out those screen shots of the BlueJay service and how they are marketing it, and you’ll get it. The best part? All this stuff is on the Internet, so the target never knows about your surveillance and you don’t have to install any software or anything. Just open your browser and mine Twitter. Kind of like the Wayback Machine for Twitter. What could possibly go wrong? Reminder: good practice is to think twice before you Tweet once. And think about how that Tweet could be used by a grand jury… – MR
- Build your cloud: I am firm convinced that, over the next 10-15 years, most of our data centers will evolve into various flavors of private clouds. Public clouds are great for many things, but private clouds resolve a lot of compliance, governance, and cost management issues for internal teams. So it warms my heart to read that Intel built their own, and it is mainly used as a self-service infrastructure for developers and business units. That’s the real sweet spot – give them a web page where they can provision and manage their own servers without having to bug IT. I have no idea how they are handling security, and OpenStack security definitely requires some kung fu – especially at enterprise scale. So there are still some unknowns, but I mention this article for two reasons. First, to demonstrate that the cloud isn’t all hype, and many of you will eventually get pulled into cloud security unless you plan on retiring… tomorrow. Second, because it is a quick read and shows how private clouds are being used in the real world. – RM
- Google doesn’t know everything: Not yet anyway. Brian Bourne makes a great point about finding and consulting with mentors when you make key decisions. “Despite the wealth of information at our fingers, it is still very difficult to choose the correct solution to life’s complex problems. Guidance for many of these is best delivered by someone with first-hand experience in similar situations, not a search engine.” It seems like a lost art – you know, actually sitting down with someone and working through issues. I have been particularly guilty lately of having my head down and not reaching out enough to folks I know to see if or how I can relay some of my
road rashexperience, as they grapple with similar situations. Nor do I reach out to the folks whose opinions I value for a temperature check on the stuff I’m working on. But enough about me – Brian talks about finding mentors and how he interacts with his mentors. He also points out that you may outgrow your mentor at some point, and that’s a good thing. Overall, good food for thought. – MR