[BreachExchange] 3 security career lessons from 'Back to the Future'

[Destry Winant]

https://www.csoonline.com/article/3602753/3-security-career-lessons-from-i-back-to-the-future-i.html?upd=1610546722806

The security industry had a terrible year in 2020—some even think the
worst ever. You can point to failures in working from home after
COVID-19 struck, various election narratives, the SolarWinds breach,
foreign nation-state cyberattacks, new ransomware, the global lack of
cybertalent, government leader mistakes or a long list of other items.

My favorite quote that captures this “good riddance” sentiment is from
Back to the Future when Doc warns Marty: “Whatever happens, don’t ever
go to 2020!”  (Note: Avid Back to the Future fans, you can get the
T-shirt here.)

Regardless of who you blame (or not) for 2020 failures, Bruce Schneier
now thinks the best path forward after the SolarWinds breach is for
the majority of Fortune 500 companies to burn down their networks and
rebuild from scratch.

But even if this radical approach is followed by public- and
private-sector organizations, this advice begs many questions. Do we
rebuild the same network architecture? Will the same people,
processes, and technology (presumably with known vulnerabilities
patched) keep the bad actors out in the future? Can we keep doing the
same things and expect a different result? Bottom line, have we
learned anything from the past decade—or even the past year?

Career lessons from Back to the Future

Which brings me back to my second favorite trilogy of all time. There
are several great lists of life lessons we can learn from the Back to
the Future movies, and here are some of my favorite articles on this
topic:

As I pondered this topic over the recent holidays, and watched the
three fun movies one more time, I came up with my top three career
lessons that cyber pros (and other tech enthusiasts) can learn from
that masterful movie series that features a DeLorean time machine.

1. Surround yourself with experts who you trust and who believe in you.


I love the multi-generational aspects of Back the Future, with both
the Doc/Marty relationship and how the parents' and grandparents'
character traits are passed down through the generations—even as their
surroundings were very different in Hill Valley. No matter what
circumstances arise in the trilogy, those trusted relationships are
key.

Understanding our past can help us understand the present and the
future. It is easy to make assumptions about others and think that
they made decisions because of who they are rather than the
circumstances they experienced. When we learn more about the past, it
can put their actions into context and enlighten us about how things
came to be in the current situation. Knowing history well can also
help us avoid making the same mistakes over and over.

Tip: Ask trusted colleagues about the key decisions (good or bad) that
they made, and how those decisions impacted their current situation.

2. Believe in yourself; don’t sweat it if people call you “chicken.”

Throughout the trilogy, Marty McFly reacts strongly whenever anyone
calls him “chicken.” However, at the end of the third movie, when it
becomes clear that he could die from a duel with Buford “Mad Dog”
Tannen, Marty realizes it doesn’t matter what Tannen (or his other
adversaries) say about him.

After Marty learns this lesson, he refuses to enter a car race in
1985. This decision saves him from getting into a car accident. We
learned in the second movie that this car accident would have injured
his wrist, stopped him from playing guitar, and get him fired from his
job in the future (2015).

The questions that we all need to ask ourselves on a regular basis is:
What are our career goals? Who are you trying to please? Why?

As cyber pros, we need to believe in ourselves rather than focus on
negative comments that are sure to come from industry competitors. As
Mark Victor Hansen recommends, “By recording your dreams and goals on
paper, you set in motion the process of becoming the person you most
want to be. Put your future in good hands—your own.”

Tip:  Go over your goals and plans on a regular basis with a trusted
mentor who can support your action plans. Also, becoming a life-long
learner who is constantly reinventing your career and growing
skillsets in different situations will enable you to succeed no matter
what cyberspace throws at you.

3. Don’t stop thinking about tomorrow, because past trends can teach
us about tomorrow’s reality—especially in security.

Predicting the future is hard in any area of life, but it's especially
difficult when it comes to technology and cybersecurity. That doesn’t
mean we don’t try to our best to connect the dots regarding cyber
trends, which is why I spend many hours digesting and writing about
security industry predictions each year.  (You can see my latest
security industry prediction report about 2021 here.)

True, no one saw a global COVID-19 pandemic coming in 2019, so our
view of 2020 was fundamentally flawed in many respects. Nevertheless,
the prognosticators still got many things right.

Five years ago, I wrote this article for CSO Magazine entitled: Why
more security predictions and how can you benefit? I ended by saying:

Bottom line, the more the security and technology industries grow, the
more predictions we will have. From the Internet of Things, to new
technologies to robots to self-driving cars, do you really think we
will be talking about security and privacy less in 2020? I don’t.

Predictions are not new, and they are not going away. In fact, they
are just getting started.

Congratulations security industry, and welcome to center ring in this
three-ring circus. Yes, it is a very big circus, but that’s where all
the action is.

It turned-out that I was right, and we now have more new security
predictions than ever before.

Tip: Take time to think about the future career in your area of
expertise. Thinking about the movie trilogy, when we project ourselves
into the future and consider all of our goals, it can help us gain
perspective on the present situation and what to do next. Considering
future options will open doors to insights about your present
situation and what your current decisions might actually mean.

One final thought: As Bill Gates said, "We always overestimate the
change that will occur in the next two years and underestimate the
change that will occur in the next ten." Don't let yourself be lulled
into inaction.