I’ve written about information security for more than a decade, but I’ve never pulled the levers, so to speak, until this past week. It’s both terrifying and awesome.
People in my industry assume I know how to conduct a penetration test, process software vulnerabilities and manage compliance operations. Truth is, I know how to write about this stuff, but I’ve never actually done these things. I never claimed that I had, but since my writing has veered unashamedly toward the side of security advocacy, I can see where people might make the assumption.
One reason I took my current job is because I felt the need to be part of a security operation rather than simply writing about it.
In recent weeks, I’ve started the training. I attended a session on how to be an threat incident response manager and processed my first three vulnerabilities. I still can’t say I know what I’m doing, and I expect to screw up plenty when my time comes to jump into the fire. But the mechanics aren’t so alien to me now, and that’s a quantum leap.
But there’s a much bigger point for me to make: Getting this type of training is a watershed moment.
A few years ago, the terror of the unknown and fear of failure would have kept me from doing any of this stuff. Training can seem like routine to some follks, but when you live with things like fear, anxiety, depression and OCD, the wall to climb looks much higher than it really is.
That’s not to say I’m going about all these things in a carefree manner. I still have my episodes of self-doubt. I still experience stress when thinking about how best to manage the new skills in tandem with the editorial and writing skills that encompass 90 percent of my job.
But unlike the old me, I know I can do it. I’m at peace with the mistakes I know I’ll make. I’m prepared to be the guy people talk about in meetings when the subject turns to who fucked what up during an incident. These days, I can show up.
All this training a gift. So is the fact that I can accept the gift. And even though mistakes are inevitable, I can accept that as part of the learning process.