Fresh Thoughts #79: There's a Time and Place for Detail

Newsletter

Details. Details. So many details...

There's a Time and Place for Detail

One of the results of my misspent youth was becoming a Summer Mountain Leader.
At 18, I was qualified - and paid - to take groups safely into the mountains of the UK.

While it's easy to say - “But the UK doesn't have any real mountains...”
Helvellyn was at the end of my garden. And I walked the path to the summit daily.

https://youtu.be/9UaqSqqO8aI

Wrangling groups three times my age... with dodgy knees on ridge scrambles is tricky.
Details matter.
Where are we - exactly?
What are the escape routes?
What is the terrain for the next 10 meters?

And then there were the night ascents.
Inevitable cloud cover, with no stars to help.
Pitch black - but for the circle of light coming off my head torch.

The cliffs were still there.
The falls - just as dangerous.
But - you couldn't see them.

Night navigation is incredibly detailed.
The slightest inflection of a contour can tell you exactly where you are within 5 meters.
Decisions are made by counting steps.

But then comes the winter - and the snow.
A different set of challenges.
Hypothermia.
Short days.
And the crisp details of summer become broad brushstrokes of lumps and dips.

In winter, less is more.
Don't use a detailed map.
Focus on the outcome and the next milestone.
Move it broad sweeps - rather than on intricate paths.

Step back.
Look at the bigger picture.
That's all that matters.
The wind will change the details by the time you've finished your hot chocolate.

Conditional Access

This week, the idea of tuning out the detail popped into my head while reviewing Microsoft 365 Conditional Access policies.

Unlike writing firewall rules - they aren't sequential. Instead, they operate in parallel - creating a mesh of permissions.

As I battled ever-increasing levels of detail and nuance - I started to lose the bigger picture.
How did Rule 23 fit into the bigger picture?

By stepping back, tuning out the detail, and looking to move in broad sweeps - I had...
Attack surface reduction - to limit the scope.
Managing emergency access.
Data protection.
General best practices.
And special cases.

By reducing the scope of what was required - the gaps and the intent of the rules became clearer.
When reviewing security controls - sometimes - details are problematic, and less is more.

August 14, 2023

2 Minutes Read

Related Reads

motion blur of people walking in an underground station

Fresh Thoughts #29: Security Should Be Shaker, Not Silk

The minimal elegance of Shaker furniture doesn't always come to mind when thinking of security... but when security is done right, it should.

Fresh Thoughts #23: The Time a Teenage Girl Broke Her Back

In Incident Response, “doing anything” can sometimes make things much, much worse. And it always burns time. Did I ever tell you about the time when doing nothing meant a 13-year-old girl wasn’t paralysed for life?

Fresh Thoughts #15: Vulnerability Zero Is A Terrible Idea & Consistent Secure Configuration

Vulnerability Zero is the idea that you should fix every vulnerability. Vulnerability Zero is a terrible idea. Here are seven reasons why...