Metrics, Irrationality, Sports, and Malcolm Gladwell

Posted March 19th, 2008 by

So it’s old news (originally published in The New Yorker in May 2006), but this is an interesting read:  Game Theory.

I’m reading this essay, and all of the sudden I had a “wow” moment.  It all revolves around the complexity of information security and because it’s dependent on so many external factors, it’s hard to point to one indicator to say “this one thing makes or breaks an information security program.”

For some of us, this is disheartening.  What do you mean there’s not one prime directive in running a security program?  Surprise, it’s the “Magic/Silver Bullet” problem rehashed.

For the rest of us, this is fantastic.  What it means is that since it’s a security program is holistic–in the words of the old-school Perl hackers, TMTOWTDI:  There’s More Than One Way To Do It

You can gather metrics about all sorts of things, but at the end of this academic exercise, it comes down to what you really want to accomplish–the soft-skills to temper the hard science.

There still is a place for Bubba the Infantryman and Guerilla CISOs out there in the world.  These are people who know instinctively when to ignore the numbers and execute.

Yes, America, good strong leadership can trump adversity if you know how and when to apply it.

Similar Posts:

Posted in Odds-n-Sods | No Comments »

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Visitor Geolocationing Widget: