March 5, 2009


By Adam Dodge

I have a not-so-secret secret to share with all of you today. I, Adam Dodge, tend to be a tad bit neurotic at times. Nothing very serious, mind you. I just have a tendency to obsess over the things I do. Afraid that I have somehow missed the glaringly obvious or that I have missed made a stupid mistake, I often read and research and then re-read and re-research. After this I start the process over again. My neurotic tendencies are never more obvious then when I am working on projects that will be shared with others.

For obvious reasons, I want my work product to be the highest quality possible, hence the obsession. I recognize the fact that, alas, I am not a perfect person and thus I will (and do) make mistakes. I jokingly refer to this as my “crushing lack of confidence brought on by being self aware.”  However, whenever this happens something occurs to me.

It is okay for the work that I produce to contain imperfections at first. After all, if “security is a process and not a product”, then it is this ongoing refinement that allows you to overcome these imperfections. I feel the need to constantly remind myself of this fact, and it is one that I think it is important for us all to remember. Allow me to elaborate by explaining a project on which I am currently working.

I am working on creating training materials so that I can deliver annual training mandated by a regulation. Since this will be the first such training, I am faced with the task of creating most of the training from scratch. About halfway through developing the training, a thoughy struck me. This is some of the worst training material I have ever created!

It is not that there is a problem with the content. It is just that I cannot think of a way to present this information in an interesting or fun way. I am making several mistakes with this presentation: I am reading from slides. I have very little interaction with the audience. I have too many slides with too much information.

I am going to stand in front of a group of people and flash Powerpoint slides at them for 30 minutes. All the while I will be met with a room full of dead eyes staring at the clock waiting for me to be done. Okay, perhaps it will not be quite this bad, but you get the idea.

I have obsessed over this, agonized over how bad it will be until I remembered one little thing. It does not matter. This training will be held annually and it doesn’t have to be perfect out of the gate. I can gradually refine the material over time to address problems that I find, add additional material, and work to make things more interesting. Just because this training starts out bad, doesn’t mean that I have to allow it to continue to be bad in the future.

None of us should allow ourselves to become overwhelmed by the ideals of perfection. Nothing is perfect. Everything changes. Problems only become problems when we fail to do something about them. In the words of Samuel Beckett:

“Ever tried? Ever failed? No matter. Try again. Fail again. Fail better.”

P.S. If you are going to be at Source Boston, come see me and Dr. Kees Leune give a talk about Information Security in Higher Education!

About the Author Guest Blogger

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.