Too often in IT ego drives one to be rigid and stubborn. This results in a myopic and distorted perspective of technology that can limit ones ability to gain an enlightened view of dynamic and highly volatile environments. This defect is especially true of information security professionals that tend towards ego driven dispositions that create obstacles to agility. Agility is one of the key foundational tenets to achieving an enlightened perspective on information security; humility enables one to become agile. Humility, which is far different from humiliation, is the wisdom to realize one’s own ignorance, insignificance, and limitations of intellect, without which one cannot see the truth.
19th century philosopher Herbert Spencer captured this sentiment in an oft-cited quote “There is a principle which is a bar against all information, which is proof against all arguments and which cannot fail to keep a man in everlasting ignorance – that principle is contempt prior to investigation.”
The security blogging community is one manifestation of the information security profession, based upon which one could argue that security professionals lack humility and generally propose contempt for an idea prior to investigation. I will relate my own experience to highlight this concept.
Humility and the Jericho Forum
I was one of the traditionalists that was vehemently opposed to the ideas, at least my understanding of the ideas, put forth by the Jericho forum. In essence all I heard was “de-perimeterization”, “Firewalls are dead and you do not need them”, and “Perfect security is achieved through the end-point” – I lacked the humility required to properly investigate their position and debated against their ideas blinded by ego and contempt. Reviewing the recent spate of blog postings related to the Jericho forum I take solace in knowing that I was not alone in my lack of humility. The reality is that there is a tremendous amount of wisdom in realizing that the traditional methods of network security need to be adjusted to account for a growing mobile workforce, coupled with a dramatic increase in contractors, service providers and non pay rolled actors, all of which demand access to organizational assets, be it individuals, information or infrastructure. In the case of the Jericho forum’s ideas I lacked humility and it limited my ability to truly understand their position, which limits my ability to broaden my perspective’s on information security.
The volume of concepts for which I have established an opinion or had contempt for prior to investigation are too numerous to list. This does not make me more or less able to gauge market conditions, forecast evolving trends or identify strategic initiatives that will drive my organization to achieve higher levels of success – but it does allow me to be humble, and in my humility I move closer to achieving an enlightened sense of information security. Does your ego limit your ability to be agile, to be humble, to see beyond your own perceptions, to become needlessly fearful or overly confident in the face of increasing demands on IT professionals?