I was watching Feynman videos and saw this unique list (10 times Feynman blew our minds) that has insight into what we should focus in Cybersecurity as well.
I wanted to distill this video into 5 top items and relate them to Cybersecurity.
#5 Asking How Things Work Can Start You on a path of discovery (the definition of a hacker), and keep asking how, make experiments etc.
#4 History is fundamentally irrelevant when trying to solve new problem. As the new problem will not have an old method solution. (Of course Feynman assumes you DO know the methods of the past). This is akin to TTP Tactics,Techniques, and Procedures in Cybersecurity. We as humans tend to let our history guide our future, but if we want to solve new problems, we need to have new solutions. In this arena we do not need history (fundamentals still need to be known).
#3 In trying to learn about the world, ask questions and doubt. Can you live with doubt and approximations? Not everything learned is exact. In cybersecurity there are many areas that we do not know – for example: ” How will the next attack come into our environment?” . Can you live with this knowledge? We have to learn how to perform risk management with an incomplete picture
#2 Naming things(xyz) does not give you knowledge (it allows you to talk to others about xyz). Fundamental knowledge is not about the name. Also analogies are also bad as they can mean different things to different people.
#1 Know that you don’t know – and what it is you don’t know (basic tenet of blue team defense).
As Rumsfeld has been known to say “There are known knowns and known unknowns” Things that you think you know that it turns out you did not.
With these 5 tenets we can develop Cybersecurity top5 tenets:
- Known unknowns – Keep searching for new methods to learn environment in new ways.
- Explain methods and reasons without technical jargon
- Always review your environment with a level of uncertainty
- Tactics, Techniques, and Procedures cause a certain mindset to develop, one must still try to think out of box to see the attacker’s viewpoint.
- Asking how things work is good beginning. And eventually it can build into being a subject matter expert.