Easy vs Hard

What is Easy?

This is just one post in a series of posts, ultimately building up to how I think about Cybersecurity Operations.

If you missed the first or second post in this series, the following will have a little more context if you take a few minutes to go check them out!

Unattributed block quotes in this post belong to Rich Hickey, and are from his talk, “Simple Made Easy”.

Let’s Review

To recap from the first post in this series:

Easy

The other word we frequently use interchangeably with simple is the word easy. And the derivation there is to a French word[. … The] last step of this derivation is actually speculative. [… It] is from the Latin word that is the root of adjacent, which means to lie near and to be nearby.

From Rich Hickey’s “Simple Made Easy”

Hard

And the opposite [of easy] is hard. Of course, the root of hard has nothing to do with lying near. It doesn’t mean lie far away. It actually means like strong or tortuously so.

Easy in Depth

[Obviously] there’s many ways in which something can be near.

First Notion of Easy: Physically Near (at hand)

There’s sort of the physical notion of being near. […] Is something […] right there? And I think that’s where the root of the word came from. […] This is easy to obtain because it’s nearby. It’s not in the next town. I don’t have to take a horse or whatever to go get to it.

Second Notion of Easy: Near Our Understanding/Skill Set (Familiar)

The second notion of nearness is something being near to our understanding […] or in our current skill set. And I don’t mean in this case near to our understanding meaning a capability. I mean literally near something that we already know. So the word in this case is about being familiar.

I think that, collectively, we are infatuated with these two notions of easy. We are just so self-involved in these two aspects; it’s hurting us tremendously. […] All we care about is […] can I get this instantly and start running it in five seconds? It could be this giant hairball that you got, but all you care is, you know, can you get it. […]

In particular, if you want everything to be familiar, you will never learn anything new because it can’t be significantly different from what you already know and not drift away from the familiarity.

Third Notion of Easy: Near Our Capabilities

There’s a third aspect of being easy that I don’t think we think enough about […which is] being near to our capabilities. [… We] don’t like to talk about this because it makes us uncomfortable. Because…what kind of capabilities are we talking about?

If we’re talking about easy in the case of violin playing or piano playing or mountain climbing or something like that, well, you know, I don’t personally feel bad if I don’t play the violin well because I don’t play the violin at all.

But [Cybersecurity Operations] is conceptual work, so when we start talking about something being outside of our capability, […] it really starts trampling on our egos in a big way. And so […] due to a combination of hubris and insecurity, we never really talk about whether or not something is outside of our capabilities.

It ends up that it’s not so embarrassing after all because we don’t have tremendously divergent abilities in that area.

In this last remark, Hickey foreshadows his upcoming remarks about Limits, which will talk about in a future post.

Easy is Relative

The last thing I want to say about easy and the critical thing to distinguish it from simple is that easy is relative. […]

Playing the violin and reading German are really hard for me. They’re easy for […] certain other people.

So unlike simple where we can go and look for interleavings, look for braiding, easy is always going to be [a question of] easy for whom, or hard for whom? It’s a relative term. […]

[We] throw these things around sort of casually saying, “Oh, I like to use that technology because it’s simple; and when I’m saying simple, I mean easy; and when I am saying easy, I mean because I already know something that looks very much like that.”

It’s how this whole thing degrades and we can never have an objective discussion about the qualities that matter to us in our [Cybersecurity Operations].

So, what does any of this have to do with Cybersecurity Operations and Network Defense?

We’re almost there…so stay tuned!

• On Monday, July 22, we’ll explore the word complect, which will help us have a more precise discussion about network defense later on.
• On Wednesday, July 24, we’ll finally start to tie some of these ideas together and talk about what Cybersecurity Operations looks like from 30,000 feet.