It's time to be lazy!

I don't know about you, but as a Cyber Security professional, I'm tired. Tired of so many things that go into protecting organizations from the real and not real threats against them. Tired of Zero Days and the long nights they produce. Tired of perimeter defenses around a hybrid infrastructure that has no boundaries. Tired of Security Awareness Training that results in Security Know-It-Alls. Tired of connection requests that only want to connect to my budget sheet. Tired of it being harder to break down the walls of the boardroom to get security topics on the table than it is for script kiddies to breach your network. But most of all, I'm tired of FUD.

Fear, Uncertainty, and Doubt. It used to be that the main dealers in FUD were the technology partners who needed a way to incentivize you to buy their product. "If the SWAG doesn't get them, the FUD will!" But now FUD is everywhere. Dominating our newsfeeds. Coming from the C-Suite and the Board. Motivating the countless inquiries from users who get an email with one word misspelled, so it must mean Anonymous is attempting to steal their identity. When did we get so encumbered with FUD that we can't even pause in our defense building to decide if what we're protecting is even at risk?

When I was in grade school, I met a kid who brought all of his action figures to school everyday. Now, I loved toys as much as the next kid, but I struggled to understand why someone would feel the need to pack up his prized playthings daily and lug them around all day at school. His answer? He wanted to keep them with him in case his house was broken into during the day. And before you start wondering what sort of trauma this boy had experienced to cause him to have such a precautionary mindset, let me assure you he had never experienced a break-in, nor had his toys stolen before. But he had the FUD, and that was influencing his actions.

This encounter led me to understand a key aspect about myself. I was, and still am, lazy. 

There was no way I would EVER go to that much trouble protecting myself against such an unlikely event. (sure, houses get robbed, but when was the last time someone's He-Man and Skeletor dolls were the primary target?) I did not see any value in all that extra work, and no amount of FUD was going to get me to put in more effort than was needed.

Even thinking about being lazy is too much work

See, to me, being lazy isn't about doing as little as possible. Instead, its about making sure that I'm not wasting my time or efforts. If I'm going to put in the hours, if I'm going to devote blood, sweat, and tears to something, I want to make sure there's a darn good reason for doing so. Otherwise, I'd rather sit back and enjoy myself. Of course, I don't do a lot of sitting back. Instead, I spend a lot of my time making things easier for the day when I can be lazy. I work hard to bring as much simplification to the process as possible, so that I don't have to toil at worrying about the FUD. Conquering the Fear, defining the Uncertainty, and removing the Doubt are the ways that I get to be lazy and enjoy my toys, rather than constantly trying to anticipate the next big unknown.

And that's why I'm here. I decided to write this blog as a way of bringing some laziness to this hectic world called Cyber Security. No matter what your title, chances are that if you're reading this, you too have to deal with the break-neck speed that comes with working in this field. Racing to stay ahead of the FUD becomes the default for survival, and that is just too much work. Even if you enjoy the thrill and challenge, we can all benefit by adding some laziness to our lives, if for no other reason than to be able to shift focus to defeat the next big FUD on the horizon.