Grey bar Blue bar
Share this:

Sat, 29 Sep 2007

The myth of the expert

Something we preach very strongly in our training is the importance of an understanding of the underlying technology / application / issues, and being able to dig into the core of an issue, not just try a trick or two and move on. Sadly, most people don't see it this way.

It's also somewhere between sad and frustrating for me that there seems to be an over-abundance of so-called "experts" in our field. While this isn't an issue for those who have a deep understanding, the fact of the matter is that for many of our customers, their key competence is their respective industry, and not information security.

Of course, this leads to much snake-oil and other uglyness...and to increased frustration for those of us who actually *are* trying to help our customers and add value. Let it be said right now that I don't by any measure regard myself as an expert on all things information security, but I'm more than happy to tell people when something is outside of my field of expertise.

I found an interesting piece in a book I'm currently reading called "Way of the Turtle" by Curtis M Faith - this is in the context of traders and the markets, but is more than applicable to our industry, practically verbatim. The snippet, from a sidebar in the book titles "The Myth of the Expert" follows.

-snip-

The "don't optimize" counsel is an effect of what my friends and I like to call the myth of the expert. Unfortunately, in most fields the number of people who really understand what's going on is very limited. For every true expert, there are scores of *pseudo-experts* who are able to perform in the field, have assembled loads of loads of knowledge, and in the eyes of those who are not experts are indistinguishable from the true experts. These pseudo-experts can function but do not really *understand* the area in which they claim expertise.

True experts do not have rigid rules; they *understand* what's going on, and so they do not need rigid rules.

Pseudo-experts, however, *don't understand*, and so they tend to look at what the experts are doing and copy it. They know *what to do* but not *why it should be done*. Therefore, they listen to the true experts and create rigid rules where none were intended.

One sure sign of a pseudo-expert is writing that is unclear and difficult to follow. Unclear writing comes from unclear thinking. A true expert will be able to explain complicated ideas in ways that are clear and easy to understand.

Another common characteristic of pseudo-experts is that they know how to apply complex processes and techniques and have been well trained but do not understand the limits of those techniques.

In trading, a good example would be someone who can perform complex statistical analyses of trades, runs a simulation that generates 1 000 trades, and then assumes that she can draw conclusions from those trades without regard for the fact that they might have been drawn from only two weeks of short-term data. These people can do the math but do not understand that the math does not matter if next week is radically different from the last two weeks.

Don't confuse experience with expertise or knowledge with wisdom.

-snip-

This rocks...I couldn't have said it better myself :>

** CRM114 Whitelisted by: From nick@sensepost.com **

Thu, 27 Sep 2007

Feedback on our courses in Switzerland

We just finished presenting an HBN Bootcamp and an HBN Combat Edition in Lausanne, Switzerland. A lot of people don't know that we do this format - small courses on location worldwide. Its a different vibe to the big courses we do at Black Hat and the like, but it has some real advantages. Here's the feedback we received - I especially like the nice things they say about me...

On the Bootcamp Edition:

  • "Amazing and excellent!! Great teaching."
  • "Excellent and very very interesting."
  • "Very interesting ! Makes me want to know more."
  • "Cool, crazy, sexy and very rich !!"
  • "It was my first time in a training where the goal is to succeed without following the book!! And it's fun."
  • "Impressionnant!"
  • "This is seriously the most interesting course I have been to for a long time."
  • "A complete overview of the basis of hacking and security. I liked most the experience of the teacher and his knowledge. "
  • "The instructor is Very very good. Competent, knows what he is talking about and can share his knowledge."
  • "I liked most the demonstrations of what hackers do. Learned how to use applications like wikto, burn, etc."
  • "I liked most all exercises and the mix between theory and practise. "
  • "Yes. I liked most the labs, because it's a very good way to learn and to detect if the understanding is correct. "
  • "The instructor was Very good and highly knowledgeable."
  • "Really good !! It's the first time I stayed awake until 7pm :-)"
  • "I liked most the demos and explanations from Charl."
  • "Super instructor!"
  • "Very interesting course, very technical. The teacher knows what he's talking about."
  • "If 10 is the best rate, I'd say 9.5 (just so as not to be too nice ;-)"
And on Combat:
  • "Fun and too short !!"
  • "A good way to test our skills or to develop out-of-the-box thinking."
  • "A must-have ! Great teacher."
  • "Un moment parfait pour se confronter aux circonstances de la sécurité quotidienne."
  • "A conseiller à tous ceux qui pensent être bons dans le domaine de la sécurité informatique. Ce cours rend modeste :-)"
  • "I've been able to see the spirit of some attack technics. "
  • "What I liked most: everything. The time imparted was a little short."
  • "Good match with Bootcamp. Interesting approach, but still fun and of very good quality. What I liked most: The begninning, the middle and the end ;-)The course could be longer, like 3 days or even more."
  • "I liked the way the course is delivered, in an interactive and challenging way"
  • "The way Charl explains the concepts, he makes it really easy to catch the "essence" of the things. Great labs and demos too."
  • "Cours de haut niveau donné avec beaucoup de pédagogie. Ce que j'ai préféré: des exemples, des exemples et des démonstrations… Rien de tel que de pratiquer."
  • "Excellent instructeur. Ce que j'ai préféré: le hands-on est vraiment très bon pour retenir les solutions: de la pratique."
  • "Approche pratique, permet d'apprendre beaucoup plus en pratiquant qu'en étant simple auditeur. Varié et bien rythmé, le cours est captivant. Toutes les situations présentées étaient intéressantes.. Un jour supplémentaire serait un plus.
  • "Charl is great. His explanations are clear and often linked with real-life examples."
  • "Very good, made the subject very interesting."
  • "Excellent, he knows the job and how to capture the audience."
  • "Excellent !"

reddit: exploit publisher?

saw this in my RSS reader, the null poison byte makes a comeback!

poison.png
"

Until it gets fixed, you can view here.

Tue, 25 Sep 2007

Is that a robots.txt in your pocket or are you just ahppy to see me?

This will probably get cleaned up soon, but thats a huuuuuuuge robots.txt [ http://www.whitehouse.gov/robots.txt]

Sat, 22 Sep 2007

I have always tried to keep this blog politics-free

but the last Scott Adams posting on the Iranian presidents US visit has to be the best piece i have read in a long long time..