The Curiosity Virtuous Cycle and Cybersecurity

Hey, sorry for the hiatus!

I hope you missed these posts. If not… please don’t tell me.

I’ve recently started a new role. It’s taken me a lot longer than expected to adjust to this role.

But now I’m back! Balancing my life again.

Enough about me. Well not really… since this post is about me.

I want to share the one trait I attribute most of my success too.

I promise this has at least a little to do with cybersecurity.

If you read the title you probably guessed it. The #1 trait that’s gotten me to where I’m at in my career is curiosity. It’s pushed me to find my first (and only) published vulnerability, it let me win many multi-million dollar architecture deals, and it’s forced me to be more ready in my every day interactions.

In fact, I think curiosity and courage are the best cures to one of our biggest epidemics. Procrastination.

The good news is curiosity can (probably) be trained. It won’t be easy. How could it be when we the alternative is falling back to the warm embrace of blissful ignorance?

I think the most powerful way to build up curiosity is the curiosity virtuous cycle. And yes, I came up with that phrase (I hope).

Ok, but what is the curiosity virtuous cycle. Glad you asked. I like to think of it as CLEAR:

Curiosity > Learning > Excitement > Action > Reward

Here’s each of those broken down:

Curiosity: the hero of today. Curiosity starts as an urge to explore. An itching for knowledge.

How does this relate to cybersecurity?

• A brand new error message pops up on your IDS. That’s strange…

• Your were just given access to some firewall data. Even though you’re not a threat hunter… maybe you can take a look?

• A new XDR tool just dropped. It looks kinda cool

Here you are presented with a choice, ignore it and stifle your curiosity, or take action and continue the cycle.

Learning: where the work starts. Pick up a book, open up Bing, and start learning. Here are those same scenarios above in this phase:

• You start to read vendor docs (!!) This error only pops up when a certain policy is hit.. but there is no reason that this traffic should be hitting that policy

• “How to Hunt for Threats on Firewall Data,” you start. Next thing you know it’s 2 am and you haven’t had a drink of water for hours.

• You request a demo. This tool isn’t just useful, it’s fun to use

Start asking questions. Eventually you will start to find the ones that matter. Then the emotions spike.

Excitement: maybe you actually have something here… You start to see the beginnings of something big.

• If this policy is matched when it’s not supposed to, then maybe it can also be missed. What if this can lead to a full bypass?

• There’s some weird patterns in this video that I’m seeing in our logs. What if there’s an attacker here?

• You request a demo for the XDR tool. This tool isn’t just useful, it’s fun to use

You might have seen a pattern. This is the what if phase. Now what if those what ifs became reality?

Action: magic is now happening. The results are materializing. Your curiosity has led you to directly affect the real world in a positive way. And again:

• You found a full policy bypass for your multi million $ IDS. You’re writing up the report and getting ready to earn your CVE

• You caught an attacker group lurking in your network. You’ve deactivated their accounts and fixed the gaps in your alerting.

• You did 3 projects with this new tool and are considered an SME in this emerging tech

Now that you affected the real world, you begin to reap the…

Reward: and the cycle has been completed. You get that CVE, you get a massive promotion, or you become highly sought after in the job market.

That all means nothing next to the most important benefit. You’ve reinforced your curiosity and strengthened the cycle.

Curiosity is a powerful trait, but by itself it does little.

Remember, next time you feel curious, ignore it if you want to stifle your curiosity. Otherwise, fuel the cycle and prosper!

Enjoyed the article (even a little bit)? Follow me on LinkedIn on to hear more of my rants: https://www.linkedin.com/in/nouraie/