Photo Credit: Santy1964 via Compfight cc
(or why failure is part of security success)
In the 1984 film Karate Kid, Mr. Miyagi gets angry at the kid who, when asked if he’s ready to learn Karate answers “I guess so”. Miyagi retorts: “You can choose whether to do or do not. There is no try.”
The lesson to take home from this is that if you’re committed enough, willpower and commitment alone can bring you far, maybe even all the way. If you’re not committed, you will fail. It’s a great lesson, but does it apply to infosec? Yes……and NO.
Insofar as any “I guess so” approach to Infosec will be failure, Mr. Miyagi’s wisdom applies, but in infosec you cannot choose to do or not do. You can only try, and you will probably, based on (insert any infosec conference presentation slides here) and (insert every global security and threat report ever) fail.
Failing is our only option. Demoralizing, isn’t it?
It leaves only trying or maybe “do not”. Do not is probably not the smartest move, which leaves trying, and consequently, failing, as our only viable option.
However, to me this isn’t demoralizing at all, because I’ve realized and have been trying to spread the message that trying is enough: trying, failing, improving, rinse and repeat. And again.
To the tune of Chumbawamba’s –“ Tubthumping” (you know, “I get knocked down, but I get up again, you’re never gonna keep me down”) – and with a stubbornness like Kevin Costner in Tin Cup you should be able to make the cost of attacking you so high, that you’d be able to stand up in public and say “you can try, but we’ll come and get you afterwards”
This analogy is also available in the following alternative languages.