One Article Review
| Source |  Veracode |
|---|---|
| Identifiant | 2103328 |
| Date de publication | 2020-08-07 10:35:04 (vue: 2020-12-15 21:05:43) |
| Titre | Live from Black Hat: Breaking Brains, Solving Problems with Matt Wixey |
| Texte |  Solving Puzzles has been a very popular pastime for InfoSec professionals for decades. I couldn???t imagine a DefCon without the badge challenge. At Black Hat 2020 Matt Wixey, Research Lead at PwC UK, didn???t disappoint as he presented on parallels between puzzle-solving and addressing InfoSec problems.
Puzzle (and problem) solving can be taught
Solving a puzzle and a problem is very similar. They usually involve two primary functions, which may feed into each other in a circular fashion:
Understanding the problem
Searching for a solution
Problem-solving is always thought of as an innate ability that you cannot teach, but that???s not true. You can teach comfort level with ambiguity and feeling around the edges of the solution of a problem.
Problem-solving does not require expertise, but it can help in some circumstances. Experts tend to know more schema of problems and can more easily chunk problems into smaller, manageable parts, so they can recognize that a problem follows the same pattern as a problem they???ve solved before. However, assumptions can also lead you astray. Puzzle makers may even purposefully take you astray, playing with your assumptions.
In a test where experts and novices were pitted against each other, experts took about as much time to solve problems, but they made fewer mistakes than the novices.
The role of bias in problem-solving
Problem-solving is subject to the same kind of challenges as decision-making. Biases come in many forms, which can hinder a person from solving a problem. You should be aware of the following biases that may impact your thinking:
 ???
Problem-solving in InfoSec
Problems in InfoSec are often knowledge-rich and ill-defined. Practitioners range from experts and, because of chronic skill shortage, many novices. There are ample schemas for these problems.
Wixey asserts that even if you change the "cover story??? of the problem, the problem space remains the same. Not telling your colleague the full story may actually be useful in solving the problem in some cases. He encourages diversity in background and expertise, and of course, applying your experience in solving puzzles to real-world problems.
Designing the perfect puzzle
Designing a puzzle can be difficult and time-consuming. The perfect puzzle has an interesting premise but very little explanation. Hidden ???trap door??? functions, red herrings, and easter eggs are optional but can add variety to a puzzle. Interesting puzzles may ask something completely unconnected to the premise, but the puzzle should have internal logic, where the answer can be obtained just from the question. It should not require specialist knowledge beyond what you can get from a quick search.
A personal lesson learned after generating my first puzzle was to have it field-tested by a few people. I thought that there was a direct, linear path to the solution for a puzzle I created, but there were actually several paths that led to dead ends, which was frustrating to some puzzle solvers.
Let???s solve some puzzles!
At Veracode, we have regular puzzle challenges as part of the Veracode Hackathons. We have people from around the company provide their puzzles based on themes, an |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 2020 ability about actually add addressing after against also always ambiguity ample answer applying are around ask asserts assumptions astray aware background badge based because been before between beyond bias biases black brain brains breaking but can cannot cases challenge challenges change check chronic chunk circular circumstances codes colleague come comfort company completely consuming couldn course cover created curated dead decades decision defcon defined designing didn difficult dip direct disappoint diversity does door each easily easter edges eggs encourages ends even experience expertise experts explanation fashion: feed feeling fewer field first following follows forms from frustrating full functions generating get hackathons has hat hat: have help herrings hidden hinder however ill imagine impact infosec innate interesting internal involve just kind know knowledge lead learned led lesson let level like linear little live logic made makers making manageable many masters matt may mistakes more much not novices obtained often optional other out parallels part parts pastime path paths pattern people perfect person personal pitted playing popular practitioners premise presented primary problem problems professionals project provide purposefully puzzle puzzles pwc question quick range real recognize red regular remains require research rich role same schema schemas search searching several shortage should similar skill smaller solution solve solved solvers solving some something space specialist story subject take taught teach telling tend test tested than themes then these thinking: thought time took trap true two unconnected understanding useful usually variety vera veracode very what where which whole without wixey world years your |
| Tags | Guideline |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.