I Lied to You…

Written By Kris French

In my article A Dental Routine So Much Better It’s Stupid, I said the following:

And as I went through, the best method of prevention became more and more obvious to me and I was shocked that it wasn’t just the standard advice from the dental industry.

I was talking about the fact that I, a non-expert, had managed to build a better routine than your dentist has been recommending to you for your whole life. But what does “better” mean here? And here’s the truth: I wasn’t shocked.

I wasn’t shocked because as a security leader I see the exact behavior from my contemporaries that you see from your dentist: abandoning a strong plan that takes the human element into account for one of academic purity.

You SHOULD brush your teeth at least twice a day. Your dentist is not wrong for recommending that, it’s better. You SHOULD prevent concurrent user logon. Your security team is not wrong for recommending that, it’s better.

A driving mantra behind my career has been that security is first, foremost, and ought at all times to be treated as a problem of people and not of technology. Anyone can read the books, take the certification exams, learn the best practices, memorize the requirements, but I believe that in order to be truly effective in this field, you must learn to take those cold academic facts and learn how to apply them in the messy human world.

Do you want to be like your dentist? Telling people to stop drinking coffee and juice in the morning? Telling them to brush twice a day? You can. It’s academically sound. But I’ll tell you what’s going to happen - they’ll brush twice a day. That’s a positive behavior they can feel good about. But they’re not gonna stop drinking coffee and juice - those are also positive behaviors they feel good about. So what’s going to happen? They’re going to brush their teeth in the morning, abrading them, leaving them in a vulnerable state, then wash them in the acids of the coffee and juice, leaving them worse off than when they started. Then they come to you, no idea why their dental health is worse. After all, they followed your advice!

Learn to take the human into account. Learn to take the needs of the business and your customers into account. Stop recommending behaviors and practices that are counter to the desires and needs of these stakeholders. If you don’t, you’re creating more work for yourself. Setting yourself up for daily battles instead of collaboration. And even if you succeed, you’re likely to leave them worse than when you started.

Don’t recommend less coffee and brushing when a little mouthwash will do just fine.

Kris French