What were the harsh and hopefully applied lessons learned that you would never forget and, more importantly, vowed never to repeat? Especially those of you who have been in information security for many years and perhaps a member of several different teams. Consider yourself encouraged to remember those “from now on I will Always and I will Never again” lessons learned at your $OldJob.

I remember all too well when I decided to perform a network scan from a new laptop. I was so eager to use the latest equipment that I failed to record this shiny new device’s MAC and IP address. I tested it out, and everything seemed great – until the following day, when an enormous amount of scan traffic was detected inside a sensitive network. Our teams went into full incident response mode to determine what happened. After learning “who did it,” the team responded graciously to me, and none of us made that mistake again.

The following are a few ideas to consider to motivate you to action.

1 – Never settle for “we have always done it that way”. Assume nothing by asking many questions, such as “When was the last time we compared the GPO to the written security policy”?

2 – Share regularly within your trusted communities in a way that does not put your organization at risk but demonstrates you are still learning and remain willing to contribute. Don’t think you need to share all the gory details to make a difference with this approach. You will be much better off by leaving those out entirely.

By leaning into this approach, you can not only get wisdom as cheaply as you can but also and also help make our world a better place. What lessons are you actively trying to avoid learning over and over again?

I recently posted this on the SANS Internet Storm Center website.

Subscribe to our email list to get more cybersecurity content delivered to your Inbox!