One of my research areas that I write about often is curiosity and how it manifests in infosec education and practice. A topic that relates to curiosity is Boredom, which I've done some recent reading on. I thought I'd share a bit about that. 1/
First, what is Boredom? A consensus definition is that boredom is the uncomfortable feeling of wanting to engage in satisfying activity without being able to do so. 2/
When you're bored, two things happen:
1. You want to do something but don't want to do anything.
2. You are not mentally occupied in a way that leverages your capacities or skills.

**these things feed each other** 3/
What are the signs of boredom?

1. Time drags on
2. We can't concentrate
3. Our activities feel pointless
4. We feel restless or tired

No surprises here. Most of us can relate to all these things. 4/
Danckert & Eastwood describe the Boredom Conundrum: "Boredom presents as a thorny dilemma. We want to do something, we have a desire to be engaged, but nothing we see on the horizon seems like a viable option to satisfy." 5/
There are lots of causes of boredom, both external (monotony, lack of purpose, etc) and internal (inability to apply attention, our situational emotions, self-control, etc.) It's usually a combination of many things. 6/
We mostly think about boredom in terms of a state, but some people are likely more prone to boredom for biological reasons. For example, folks with concentration/attention deficits report being bored more often. 7/
Now let's talk about how boredom relates to curiosity. There are a lot of ways! Most significant to me here is that both are described in terms of deprivation. That is, both are "signals" from which we desire to take action (not unlike pain). We seek relief from both. 8/
To avoid boredom, we seek things that are a good signal to noise balance. A situation is boring if it can only be understood in one way or we know everything about it. It can also be boring if we don't understand any of it and it's overly complex. 9/
A great example (again, Danckert and Eastwood), is playing Tetris. You would find boredom quickly if you only played at lvl 1 (always winning) or lvl 100 (always losing). The balance is somewhere in the middle and may vary per person. 10/
Similarly, curiosity flourishes in situations where we are equally likely to know or not know something. We need to know enough to be engaged, but not know so much that there is no information gap. 11/
When you consider that boredom and curiosity are "signals", you also have to consider that they may not inherently be good or bad on their own, but it is our response to them that defines their value. 12/
People who report more boredom are more likely to perform worse on job tasks, use harmful substances, and eat more. Boredom doesn't make folks do these things, but people often describe their choices as a product of boredom still. 13/
In a similar way, curiosity can lead to poor choices absent other mitigating instincts (like fear). Curiosity killed the cat, being the common phrase here. 14/
Of course, boredom and curiosity can both lead to all sorts of other positive things... both learning and action. 15/
People are likely to be bored more often adapt to their environment more easily than others in some cases and crave novelty. Curious people crave a similarly novelty to satisfy their desire to know more. 16/
A notable difference between the two... learning as a response to curiosity tends to leverage better strategies, whereas learning as a response to boredom lacks that. Motivation source probably comes into play here. 17/
While there isn't a ton of research on boredom and curiosity together, some indicates that they may be negatively correlated -- less bored/more curious and the opposite. I think there is a tremendous amount more work to be done here. 18/
All told, while we associate being bored with lots of negative things, the capacity to be bored presents opportunity to respond in productive ways. There's something to that. 19/
Danckert & Eastwood: "This is boredom’s irony. On the one hand it highlights the inherent meaninglessness of existence while on the other it propels us forward in a never-ending search for something fresh and meaningful—something we hope will satisfy." 20/
The relationship between boredom and curiosity is a fascinating one. Are they opposites? Does one lead to the other? What traits does each correlate to and how? A lot of great opportunity for exploration here. 21/
I used to get bored as a kid often. I hated it. I eventually came to fear boredom in some ways. I did not like an idle mind and sometimes felt trapped in it. That never really went away, although I feel more power over it as an adult with more agency. A lot to unpack there. 22/
This thread pulls from many sources, but if you want an accessible entry point into learning abt the psych boredom, start w/ Danckert & Eastwood's "Out of My Skull". A lot of science with sources, mostly clear distinction between observation and opinion, some philosophy. 23/23
If this thread bored you then at least maybe you understand why now. 😂 24/23

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Chris Sanders 🍯

Chris Sanders 🍯 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @chrissanders88

13 Sep
Let's talk about some lessons gathered from how a student over the weekend quickly went from struggling on an investigation lab and...

"I'm stuck"

to finished and...

"I don’t know if you just Yoda’d the hell out of me or what"

1/x
This particular student emailed and said they were stuck and gave me some misc facts they had discovered. I responded and asked them to lay out a timeline of what they knew already so that we could work together to spot the gaps. 2/
The truth is that when this inquiry is taken seriously, it doesn't often result in us having to spot those gaps together at all because the student figures it out on their own. Why does this happen? Two main reasons... 3/
Read 12 tweets
19 Aug
One of the things I absolutely love about our new @sigma_hq course is that a final challenges includes building your own new rule (we provide a bunch of ideas) with the option of actually submitting it to the public repo. Folks learn and contribute community detection value.
@sigma_hq As part of that, @DefensiveDepth walks students through the process, even if they've never used git before. The Sigma community also does a great job of providing input and additional testing.
It's awesome to watch it all come together. I'm looking at a rule in the public repo now written by a student who didn't know anything about Sigma a month ago. It's been tested, vetted, and now it'll help folks find some evil.
Read 4 tweets
18 Aug
I don't know who needs to hear this today but cyber security work is really hard. Even at the entry level, it's difficult work.

People around you too easily forget that because of the curse of knowledge -- we can't remember what it was like to not know something we know.
Prevalence of incomplete information, lots of inputs, tons of tacit knowledge, an ill-defined domain, high working memory demands, poor tooling and UX, lack of best practices, interpersonal challenges... I could go on. It's really hard.
Even if everybody around you seems to make it look easy -- it isn't. This stuff is complex, difficult, and mentally demanding.
Read 4 tweets
21 Jul
One of the more helpful things new analysts can do is to read about different sorts of attacks and understand the timeline of events that occurred in them. This enables something called forecasting, which is an essential skill. Let's talk about that. 1/
Any alert or finding that launches an investigation represents a point on a potential attack timeline. That timeline already exists, but the analyst has to discover its remaining elements to decide if it's malicious and if action should be taken. 2/
Good analysts look at an event and consider what sort of other events could have led to it or followed it that would help them make a judgement about the sequences disposition. 3/
Read 20 tweets
24 Jun
While we're doing a Detection Engineering AMA, how do you build these sorta skills if you want to do that job for a living? Big question, but I'd focus on three areas for early career folks...
Investigative Experience -- Tuning detection involves investigating alerts from signatures so you need to be able to do that at some level. A year or two of SOC experience is a good way to start.
Detection Syntax -- You have to be able to express detection logic. Suricata for network traffic, Sigma for logs, YARA for files. Learn those and you can detect a lot of evil. They translate well to vendor-specific stuff.
Read 8 tweets
24 Jun
This relates to my 4th and 5th reasons why these decisions happen -- AV company tactics and giving folks what they need to tune rules. That actually means GIVING analysts the rule logic. I could go on and on about this.
Most companies don't want to give out their rule logic because they see it as a sensitive trade secret. This is nonsense. A rule set isn't a detection companies most valuable intellectual property, it's their processes for creating those rules and the staff that do the work.
Limiting access to detection logic makes it harder for your customer. It is MUCH more difficult to investigate alerts when you don't know what they are actually detecting and how they're doing it.
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(