Fresh Thoughts #79: There's a Time and Place for Detail

Walking boots in snow

Details. Details. So many details...

There's a Time and Place for Detail

One of the results of my misspent youth was becoming a Summer Mountain Leader.
At 18, I was qualified - and paid - to take groups safely into the mountains of the UK.

While it's easy to say - “But the UK doesn't have any real mountains...”
Helvellyn was at the end of my garden. And I walked the path to the summit daily.

Wrangling groups three times my age... with dodgy knees on ridge scrambles is tricky.
Details matter.
Where are we - exactly?
What are the escape routes?
What is the terrain for the next 10 meters?

And then there were the night ascents.
Inevitable cloud cover, with no stars to help.
Pitch black - but for the circle of light coming off my head torch.

The cliffs were still there.
The falls - just as dangerous.
But - you couldn't see them.

Night navigation is incredibly detailed.
The slightest inflection of a contour can tell you exactly where you are within 5 meters.
Decisions are made by counting steps.

But then comes the winter - and the snow.
A different set of challenges.
Short days.
And the crisp details of summer become broad brushstrokes of lumps and dips.

In winter, less is more.
Don't use a detailed map.
Focus on the outcome and the next milestone.
Move it broad sweeps - rather than on intricate paths.

Step back.
Look at the bigger picture.
That's all that matters.
The wind will change the details by the time you've finished your hot chocolate.

Conditional Access

This week, the idea of tuning out the detail popped into my head while reviewing Microsoft 365 Conditional Access policies.

Unlike writing firewall rules - they aren't sequential. Instead, they operate in parallel - creating a mesh of permissions.

As I battled ever-increasing levels of detail and nuance - I started to lose the bigger picture.
How did Rule 23 fit into the bigger picture?

By stepping back, tuning out the detail, and looking to move in broad sweeps - I had...
Attack surface reduction - to limit the scope.
Managing emergency access.
Data protection.
General best practices.
And special cases.

By reducing the scope of what was required - the gaps and the intent of the rules became clearer.
When reviewing security controls - sometimes - details are problematic, and less is more.

August 14, 2023
2 Minutes Read

Fresh Thoughts to Your Inbox

Fresh perspectives on cybersecurity every Tuesday. Real stories, analytical insights, and a slash through buzzwords.

We'll never share your email.

Related Reads

motion blur of people walking in an underground station

Fresh Thoughts #29: Security Should Be Shaker, Not Silk

The minimal elegance of Shaker furniture doesn't always come to mind when thinking of security... but when security is done right, it should.

Subscribe to Fresh Thoughts

Our weekly newsletter brings you cybersecurity stories and insights. The insights that help you cut through the bull.

We'll never share your email.


Fresh Security Support

Your Questions


Fresh Sec Limited

Call: +44 (0)203 9255868