I have been (slowly) reading Atomic Habits by James Clear. It’s a great read and I’ll probably write up some of my notes once I’m finished.
If you’re not familiar with the book, I do recommend it, or at least subscribing to his weekly newsletter 3-2-1.
It was in the most recent newsletter in which James shared a 5-step process for nearly anything:
1) Explore widely. Find out what is possible.
2) Test cheaply. Run small, quick experiments. Sample things.
3) Edit ruthlessly. Focus on the best. Cut everything else.
4) Repeat what works. Don’t quit on a good idea.
5) Return to 1.
I have been thinking about this and it makes so much sense to apply this to many things. Especially in infosec. Many times people try to boil the ocean, but really there’s no need. In particular with point 2, virtualisation has made it incredibly cheap to run small quick experiments to see what works and what doesn’t.
Like many things in life, simple things tend to work. Many times, we know how to overcome a challenge, sometimes we’re just not prepared or willing, or disciplined to put in the effort that’s needed.