In this entry we introduce a discussion about the evolution of security concepts, comparing it with the evolution of atomic theory.
In this video we argue about the need for operational definitions in information security. From Wikipedia: "An '''operational definition''' is the application of operationalisation used in defining the terms of a process needed to determine the nature of an item or phenomenon and its properties such as duration, quantity, extension in space, chemical composition, etc. The procedures included in definitions should be repeatable by anyone or at least by peers. An example of operational definition of the term ''weight'' of an object, operationalised to a degree, would be the following: "weight is the numbers that appear when that object is placed on a weighing scale. According to it, the weight can be any of the numbers shown on the scale after, including the very moment the object is put on it. Clearly, the inclusion of the moment when one can start reading the numbers on the scale would make it more fully an operational definition. Nonetheless, it is still in contrast to those purely theoretical definitions.
In my vlog I started talking about books that influenced the way I think about information security, like "The Black Swan", "Irrationality, the Enemy within" and "How to Measure Anything".
Note: Original author unknown this was collected around 15 years ago.
Popular as it is, the web is not the most-used Internet application by transaction volume. Email is. It's also the most misused. Since it's such an important and often overlooked component of our online lives, I'm going to step away from preaching about the web for a moment and focus on simple steps to make your email discussions more effective.
If you grew up like I did, you were taught how to write a letter. You learned how to write business and casual headings and salutations, state your purpose, make a request, set expectations for a response, and wrap it up with a Very Truly Yours.
But an email is not a letter, and you're not typing at a Selectric II typewriter. You may look at the days of formal graces in written communication with some sadness, but rest assured that they are as dead as Dillinger. If your purpose is to solicit information or action from another person via email, you must make that clear to them at the earliest possible point in the message.
I get hundreds of emails a day, not counting spam. I know I'm not alone. Email overload is a problem, and it will probably only get worse.
It's tempting for geeks like me to propose some kind of microformat as a solution: begin subjects with these words, format the first line like that. But email is too widely distributed to corral into a any kind of structure now. All we can do is focus on quick, concise, effective communication.
People differ in how they manage their inboxes, but attention to a few details can help make your messages more usable for everyone. These are the factors I've identified that will help you get a quick and valid response:
It's the soul of wit, you know.
Short emails rule. When I get an email that's several pages long, I have to make some decisions: do I have time to handle this now? Is it important enough to come back to? Can I pass it on to someone else? If I can't say yes to any of these, I will probably never get back to it.
You may have lots of information to share, but in email you are in a long list of others competing for your recipient's attention. Keeping it brief is a sign of respect, and it's less likely to cause added stress to your reader.
Supporting material or other important info can be attached, but keep it separate from who you are, what your issue is, and what you want from me.
If you're passing a thread along, trim what isn't needed. Why make the email look longer than it really is?
If I don't know you by name, tell me how you came to contact me. We talked about mixers at a podcasting meetup. You saw a panel I was on last year. You divorced me and married my best friend from high school. Something I would remember. I don't need or want a resume, but I do need to know where you're coming from.
Getting a lot of responses asking, "What do you mean?" Context is your problem. When you're asking a question, anticipate any missing details that could cause an extended back-and-forth. Each time someone sends you a reply, you've gone to the back of that person's line. Do what you can to make your emails count the first time.
And for god's sake, have a subject line. One that makes sense. Some of the most important emails I've received didn't have a subject, and they almost fell through as a result. Don't waste that space with words like "Important" or "Re: Re: Re: Re: Re:". If the topic changes, change the subject line to match it. Remember that on recipients' screens, your subject competes with a large number of others for their attention.
Something to act on
Make your requests clear.
You should set them apart from the rest of the message by paring them down to one sentence, with white space before and after. Make lists with dashes, asterisks, or bullets if you use HTML email. Closed-ended (yes or no, this or that) questions are preferred; open-ended questions can get long and involved, reducing their overall relevancy and the likelihood that you'll get the response you desire.
Don't give people an excuse to misread you. If you've written a request at the end of a long paragraph, or been passive ("it'd be nice if somebody could..."), it's likely to have been missed on the receiver's end. If you sent an email, you have a point. Get to it.
- Can I call you tomorrow morning at 10am PT?
- Here is my contact info for your address book.
- Would you send me any links you have where I can read more about x?
- Would you forward this to person y?
- I need your travel itinerary by end of day.
Given that most of us have several current projects to keep up on, it's not very likely that we're be able to spend more than 10 minutes at a time helping someone who is emailing me out of the blue. My ability to draft my famous page-scrolling expositions of a given issue is limited. If I've already written something that covers it, I might just send you a link. Otherwise, if you can frame the question such that a lengthy answer isn't required, you're apt to get a quicker response.
There comes a time when the response you seek is no longer useful. If you know when that is, tell your recipient. This can be a good way both to prompt a speedy turnaround, and to let people off the hook in the long term. When someone sees that, for example, you need a proposal in a timeframe they can't make, they will probably bow out, rather than leaving you hanging. Everybody wins. Especially whoever it is you end up choosing in their place.
You can't win them all. If you need to send a single reminder, do so, but if that doesn't do the trick, pick up a phone. If it's not important enough to call the person directly, then let it go.
Daily reminders suggest to recipients that they're being bossed around, and that's not the best way to manage people, and certainly no way to treat casual contacts. They may be too busy, or away from the computer, or actually working on your last request. If you're forcing the issue, you don't improve your chances of success with that person in the long term.