Learning from History

April 14, 2010

I first left the Commercial Security industry back in 1999 when I decided to create Recruitment.com. After I moved on from there, I ended up being interviewed for a directorship of a company making Intrusion Detection Systems.

They asked me a question which surprised me – It shouldn’t have but it did – “You haven’t done anything in the industry for over four years now. What makes you think that your skills are relevant?”

Maybe this is a problem with the whole concept of Commercial Security or indeed anyone who takes a wide view of security as interconnecting social and technological parts – I don’t think people know what it is. I think they are looking for ongoing training courses and certifications that give you letters after your name pronouncing that some random software company considers you to be an expert in something. I don’t have any of these and really I don’t want them. On the engineering side I am not going to mend a Cisco router myself and on the policy side, the various qualifications seem utterly meaningless and at odds with one another. The people who create these certifications are trying to push a methodology and singular methodologies are not always a good way to go.

I explained politely that very little that I do has changed much in the last few hundred years – Security is security, always has been, always will be. The methods of delivery differ but the concepts don’t. You can learn more about my type of security from sitting in the middle of a large castle and pondering why they built it the way they did. The inhabitants of the castle needed to be able to come and go and get about their daily lives, there were markets, shops and whole villages inside the larger castles and these communities needed protecting from outsiders and insiders alike. There’s nothing really new conceptually. Take the Trojan Horse – This was first deployed in name over 3,000 years ago and even then one of Troy’s very experienced voices was ignored when he said they should burn it. A fine example of management-override in action which can still teach us more real-world lessons than countless courses and certificates.

It is in the commercial interests of various corporations to have us believe that they can create expert security people by giving them a training course and a certification. They can’t, no more than military basic training can create a good soldier. Sandhurst and Westpoint teach the classics to the military officers of the future for good reasons – A firm grounding in history, an appreciation that you can learn from the past and an understanding that the last 4,000 years of human development were not just a waste of time; these are the tools that somebody needs to become a good security all-rounder. Then they need the experience of applying it, experience of where it goes wrong and experience of learning to live with the fact that most of the time, nobody will listen to them. Don’t worry – History will also teach that this was always the case as Laocoön would have pointed out if he hadn’t been silenced permanently.

2 Responses to “Learning from History”

  1. Is your book the art of war published yet? If so where can I buy it?

  2. That would be The Art of Security 🙂

    It’s not available since for copyright reasons I need to re-write a bunch of it for public release. But you have reminded me I do need to do that!


Leave a Reply