Decision Making In Information Security, A Preface
Our brains are big prediction engines. Sometimes this is good, sometimes this is bad.
Everyday we as humans have to make a decision. Whether or when to cross a street, shake hands or fist-bump someone, or whether to open an email or not. Inside our brain there are thousands if not millions of other decisions that need to be made. The takeaway here though is that we are not making these decisions consciously, it’s a little deeper than that.
I first stumbled onto this concept in the book Blink, by Malcolm Gladwell. In the book the author talks about how our brain makes decisions and calculations by what seems to be our “gut” or instinct. In other times, culture may have an influence.
This notion got a little deeper when reading the book How Emotions Are Made, by Lisa Feldman. In the book, Lisa goes over some cutting edge neuroscience, psychology, and social science research that illustrates how we actually see the world around us is based on predictions the brain makes from past experiences and concepts formed. This translates into different people seeing the same world around us… differently. It can literally affect your vision1.
So how does this relate to Information Security? Well, everyday in infosec we make decisions based on our past experiences and patterns . Whether it’s during Incident Response, Threat Hunting, Hiring, or speaking to the board… it’s based on our knowledge and experience.
However, how do we improvise when it’s something outside our experience? Or more importantly, what about when there are patterns right in front of us we are not seeing that are contrary to our predication patterns?
In future articles, I’ll provide some details and insights into these questions and scenarios.
If you have an interest for neuroscience, psychology, and/or information security and want to collaborate, feel free to get in touch.