Vacations are good for you. You get a chance to decompress, experience new things and sometimes look at things in a new way or make a connection between things that at first glance may not seem connected at all. When I go on vacation I try to let my mind wander. Usually, I get rewarded with an epiphany or two that I take back to work when the vacation is done.
This vacation I read Imagine: How Creativity Works, by Jonah Lehreh, 2011 published by Canongate London. At 253 pages, it wasn’t very long read but as a former security practitioner it got me thinking a lot about the role of imagination and creativity in a security practice. Science has been able to decipher the connection between creativity and the brain and the results of these studies are really very exciting. I also remembered one of the key findings in the 9/11 report: that one of the main reasons those attacks were successful was a deficit of creativity and imagination in our intelligence agencies.
As we take steps to defend our data from attackers and malicious insiders who continue to become more creative and only have to be right once, it seems logical for all of us to think more creatively ourselves. How do we do that? Well first, read the book. I highly recommend it. But I will give you a few highlights. According to Lehreh there are two types of creativity:
- The Aha moment / Spontaneous epiphany
- Remote associative processes
- Pattern-based thinking
This is the kind of thinking that happens when your mind is relaxed, when you daydream, maybe in the shower or during a vacation.
- About analysis and attention
- The act of ‘un-concealing’ – chiseling away at a problem
- Write a symphony / poem / solve an algebraic equation
- Stick with a problem till it ‘cries uncle’
This kind of thinking is more of a relentless focus on a particular problem–one where you don’t give up. You hit a wall and then come back after a break and push through it.
If these are the two types of creativity, then what tool or solutions are out there to support the security professional and these types of thinking? When looking to procure a new data management or log management solution, vendors have today’s security professionals trained to ask, “…what will it do for me out of the box?” or “…what answers will the solution provide?” Again, according to Lehreh, if you are given the solution or the ‘easy button’ you’ll quickly settle for it and eventually it will dumb you down and you’ll stop thinking creatively.
For me, this is what makes Splunk’s big-data solution interesting. Splunk’s analytics and statistical analysis search language allows me to take my epiphanies and pattern-based thinking (Divergent Thinking) and put them straight into the product as queries of massive data sets and add automation and alerting. I can pose that question I think of in the shower to Splunk. However, it also supports the act of un-concealing a problem (Convergent Thinking) by allowing you to quickly and relentlessly data mine your way through terabytes of data down to that needle in a haystack of needles. Splunk facilitates creativity for the security team.
We’ve all been told to look for solutions that automate and provide the answers for us. But that’s not going to help you develop and maintain the kind of thinking you need to keep up with the newest threats and most advanced attack types and over time the muscle called ‘your brain’ will atrophy. While some automation is a good thing, it shouldn’t create a dependency. In the RFP process for new solutions, we need to start asking, “how will this solution foster and facilitate the security team’s creativity?” Solutions need to equally support IT risk scenario based thinking and the relentless data dive. Splunk’s big data solution does both extremely well.
One more thing–the book says after age 30 our creativity levels drop on a steady slope till we’re, well, dead. Yikes! However, there are a few things you can do to change this: move into a different career or change jobs, move to a different city, fall in love, or take a vacation.