no fear?

Another tidbit from Josh Corman’s excellent talk on FUD (Fear, Uncertainty and Doubt) in the information security industry… the following comes from Frank Herbert’s Dune series of scifi novels: 


I must not fear.
Fear is the mind-killer.
Fear is the little-death that brings total obliteration.
I will face my fear.
I will permit it to pass over me and through me.
And when it has gone past I will turn the inner eye to see its path.
Where the fear has gone there will be nothing.
Only I will remain.

Josh asked an important question during his talk – is there any place for fear in information security?
My two cents:  Humans (and animals) fear for a good reason; responding to perceived threats in a timely fashion is very handy if your goal in life is to survive.  In the info sec world, I think that fear has some use, as an indicator and a call to action.  However, once the threat causing the fear reaction is identified and evaluated, we need to discard the fear and replace it with a heightened sense of awareness and a sense of the true nature and proportion of the threat.  The fears we face in info sec are not typically existential in nature; once we know and understand our enemy, we need to devote our mental and physical energy to meeting the challenge – fear just gets in the way.  
So, we must not fear (for more than a couple of minutes).

I think this is going on my wall…


Leave a Reply