Author: Andrew Hay
Andrew Dreams of Security
Yesterday, I watched a pretty incredible documentary, which you’ve undoubtedly heard of, called Jiro Dreams of Sushi. To sum it up, the documentary is about an 85-year-old sushi master Jiro Ono, his business in the basement of a Tokyo office building, and his relationship with his son and eventual heir, Yoshikazu.
In the movie, the concept of shokunin is introduced to the viewer. I couldn’t remember how the term was defined in the documentary so I took to the Internet. The best definition of shokunin I was able to find was by Tasio Odate:
“The Japanese word shokunin is defined by both Japanese and Japanese-English dictionaries as ‘craftsman’ or ‘artisan,’ but such a literal description does not fully express the deeper meaning. The Japanese apprentice is taught that shokunin means not only having technical skills, but also implies an attitude and social consciousness. … The shokunin has a social obligation to work his/her best for the general welfare of the people. This obligation is both spiritual and material, in that no matter what it is, the shokunin’s responsibility is to fulfill the requirement.” – Tasio Odate
Now how does this relate to security? Well think about this, how many of us can say that we’ve become ‘craftsmen’, ‘artisans’, or ‘shokunin’ in a single aspect of information security? I cannot think of a single friend, colleague, or acquaintance that I would consider shokunin. Please, don’t be offended by the previous statement. I know quite a few people who I consider very good at what they do, but none of them have the dedication to be shokunin.
I argue that the information security field does not have shokunin, nor will we ever if we keep flip-flopping between requiring individuals to be specialized one minute and have a wide breadth of skill the next. In the documentary, Jiro (or maybe it was Yoshikazu) mentions that an apprenticeship lasts for a minimum of 10 years. I, for one, have not worked a single job for more than 3.5 years, let alone 10. The dedication to become shokunin simply does not exist in our field.
When I posed the question to Twitter this morning, Andrew (@azwilsong) suggested that our field was simply not as mature as that of sushi. Kevin Johnson (@secureideas) agreed, but wondered what we could do to change it:
So which is it? Serious passion to perfect a single skill or a wide variety of knowledge across various disciplines? Do we even need security shokunin? I’d be curious to hear what you think.
While you ponder your response, I’ll leave you with this. The documentary includes quite a bit of commentary from Japanese food critic Yamamoto, who lists “the five attributes of a great chef” – all of which, he asserts, Jiro possesses in spades. These attributes are:
- Take your work seriously.
- Aspire to improve.
- Maintain cleanliness.
- Be a better leader than a collaborator.
- Be passionate about your work.
How many of us strive to live by the above attributes…ALL of the above attributes? Time to look inward, methinks 🙂
If you do not have anything intelligent to say…
My mother always told me that if I “didn’t have anything nice to say” that it was better to say nothing at all. The same can be said about outlandish and unintelligent claims.
Case in point, Kim Schmitz (whom I refuse to refer to as Kim Dotcom because, frankly, it’s stupid) on his launch of “Mega”:
Really? It doesn’t use “existing technology”? There is “no way that they can be exploited”?
Sorry mom, I couldn’t help myself.
Book Review: The Phoenix Project
I was sent an advanced review copy of The The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win by co-author Gene Kim and I can honestly say that it was one of the most enjoyable books I’ve read in a long time. The novel, written by Gene Kim, Kevin Behr, and George Spafford, not only combines an interesting story with sound business practices, it also teaches the reader about risk evaluation, critical thinking, and how manufacturing processes can translate to IT operations, development, and, of course, DevOps.
The characters in the book were easy to relate to and I suspect that if you have not yet worked for or with an individual depicted in the book in your career, you likely will at some point. Both the heroes and protagonists were easy to spot and I found myself genuinely rooting for the heroes throughout the course of the book.
If I have one criticism about the combined work, it’s that throughout the book the characters had very negative views towards developers and the historic disconnect between IT ops, security, developers, and the senior decision makers. This was something that I had hopped would evolve into, at the very least, a sense of mutual respect and appreciation for their skills, talents, and issues by the end of the novel. Part of me would like to see a parallell sequel written that depicted the same story from the view of the software people.
I recommend that anyone involved in any line of business read this book. Similarly, any person working within an organization will be able to learn something new about how their business operates. It shows the inner workings of how business decisions are prioritized and will help people relate to the decisions made in their own company.
Business leaders will almost certainly find a gem or two to help them optimize their existing business practices and perhaps even streamline their IT operations and product deliverables. I wouldn’t be surprised to see this book as the basis for future MBA or executive education tracks as I think, though the individual concepts may currently be presented, the combined work presents itself as a seminal case study into optimizing business by automating IT.