This was something I left intentionally vague in the poll to see how people interpreted it. Namely, some interpreted as competitive within your team, others as competitive in relation to a goal/adversary. Reveals some predispositions and bias, perhaps?
Consider the example of a wide receiver. They are internally competitive with their teammates because there are only so many spots on the team and passes to catch. At the same time, they are externally competitive towards the other team because they want to win the game.
In security, I observe that internal competitiveness is often over exhibited relative to the value and external competitiveness under exhibited relative to the value.
A key being, that if competitiveness is a trait, folks who have it need to let it out. The more thoughtfully you can redirect that toward external goals, probably the better.
Is internal competitiveness a bad thing? Too much almost certainly is, and even a little can be when combined with some other personality traits. Some is almost certainly beneficial. Lots and lots of nuance here.
There's also a difference between folks who are competitive with others versus exclusively with themselves. For example, folks who try to PR their bike rides or runs every time they work out but don't worry so much about everyone else on the leaderboard.
A monkey wrench in all of this is that some non-competitive folks underperform in the presence of outwardly competitive folks. So, making everything a competition can really undercut progress depending on the makeup of the personalities on a team.
There's a lot of movement to gamify things in security education and I think that definitely helps some folks, but it actively hurts others when the only option includes a leaderboard. You won't hear this from these folks many times bc they aren't likely to speak up about it.
This is one reason why I don't do CTFs or other competitions in my classes, btw. I don't fault folks who do incorporate these things, I just take a different approach with individualized. feedback-driven, deliberate practice labs.
Unlike lots of personality traits, folks are usually pretty decent at rating whether they think they are competitive or not. In security, you can often get at this by asking directly. You can also ask if folks like to do things like CTFs, etc.
I think, regardless, it's helpful to know which of your teammates are competitive and which ones aren't. Chances are that you already know if you sit down and think through it. This speaks to a level of emotional intelligence and empathy which is useful in work and life.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
One of the things I do in my Investigation Theory course, for those willing, is work with students individually to help them learn to ask better investigative questions. For example, one student started with this Suricata rule:
1/
The task here is to start by asking a couple of investigative questions, assuming you have access to any evidence you might want. This student posed these two:
1. How long as this machine been infected? 2. How many beacons has the machine sent?
2/
In this case, the student is making some assumptions that the machine is already infected, but we don’t really know that for certain yet. The first goal should be proving or disproving the infection.
I mentioned that the idea for Intrusion Detection Honeypots #idhbook was floating around in my head for a long time. Something I didn't mention in the book, is that it was my time as a pen tester many years back that crystaized some key parts of the concept for me. 🍯 1/
As the attacker, it's all about iterative discovery. You access something, look around, and leverage your access to move on to the next thing. You do this until you reach a goal, whatever it may be. 2/
Good attackers exhibit some common traits -- seeking to decrease ambiguity, adaptability, and curiosity are big ones. You have to take what the network gives you and manipulate it. I really learned the value of these things in the offensive context at @inguardians. 3/
Let's talk about the differences between novices and experts. But, instead of cyber security, we'll use airport baggage screeners as an example. These are the folks who use the scanner screens to find forbidden items in luggage 1/
We all expect that experts are faster than novices. That's often correct, but WHY? 2/
Experts go through a few steps when looking at a bag image. First, they perceive the whole image quickly, looking for something to draw their attention. Maybe a dark spot or an unknown pattern. This holistic analysis is nearly automatic. 3/
The most frequent mistake inexperienced analysts make when asking investigative questions is not being specific enough. For example, "Is this external IP bad?". That's a fine question, but it's not answerable without asking more questions. 1/
A deeper question might be, "Does this IP appear on any reputation lists?" or "Is it found in malware sandbox executions in public repos?" or "Have we encountered this IP in any other investigations?" . 2/
Another example, "Is this system infected?". We definitely want to know that, but it's more specific questions that get us there. 3/
A lot of how adults learn relates to motivation, and for good reason! Adults have agency to choose what they learn. One interesting facet here is the role goal setting plays in learning and what it reveals about your motivation. 1/
First, let's consider expectancy-value theory. If you expect you might not do well in something, you're likely to devalue it, thereby avoiding it. If you expect to do well, you may value something and set goals related to it. 2/
There are several types of goals, but two common types are mastery-driven and performance-driven goals. The different between the two can help you recognize where your motivation lies and what barriers might be limiting you. 3/
We often say that we want to develop critical thinking skills in ourselves and others. But, how do we recognize when someone has those skills? What does that look like? Three ideas... 1/
First, people who have critically examined topics rarely speak in absolutes because supporting evidence is rarely absolute and there are often gaps. Words like "most of the time", "all things being equal", "possibly" and other estimative language pepper the conversation. 2/
Second, people who think critically are sometimes less likely to interject opinions at all unless specifically prompted. That's because they know that these discussion require nuance that not every forum (like Twitter) invites. 3/