Following the herd
Perhaps the most important skill a security specialist needs is the ability to ask what might appear to be a stupid question.
- This new firewall you spent $100,000 on, is it actually configured to reject any traffic?
The reason this comes to mind is the current financial crisis which commentators appear to agree was due to a widespread failure to correctly quantify risk. In particular it appears that at least some of the frighteningly clever derrivative instruments involved were so frighteningly clever that nobody could quite explain them.
How did things get like this?
Well, someone has a bright idea selling futures in diesel powered nuns. They mention it to a friend who thinks it might be a good idea to buy. Others follow suit and a market is born. In practice this means that a twenty-something chap or chapess with a second class degree in PPE or classics from Oxford and a smart suit makes money for their employer by being slightly quicker to spot market trends and lay ten million dollar bets on diesel powered nunnery than the twenty something from Cambridge in the bank next door.
People who ask what a diesel powered nun is will receive a condescending lecture on the difficulty of understanding high finance instead of an explanation. But most people will not ask and many will take a perverse pride in their ignorance.
Nobody will ask that is, right up to the point where the whole artifice collapses and the flaws become obvious.
