The Mind Has Its Limits

To date, I’ve published a series of short posts that heavily borrowed ideas from a talk Rich Hickey gave, back in 2011, called “Simple Made Easy”. The point to those short posts was to ultimately weave them together in posts like my last post, What Is Cybersecurity Operations and Why Is It So Complex?

At the end of that last post, I promised:

Despite the fact that Cybersecurity Operations is hard work, the work gets done as a part of some of the coolest jobs available right now.

And there is good news. With a little bit of mindfulness about what makes Cybersecurity Operations complex, it is possible to start working towards making it simple. I have ideas on how to do just that, and hope to cover some of them in future posts.

In order to deliver on that promise, I’d like to borrow yet another set of ideas from “Simple Made Easy”, before I move forward.

And so, without further ado, I give you four additional axioms from Rich Hickey that we will lean on later.

We can only hope to make reliable those things we can understand

How can we possibly make things that are reliable that we don’t understand? It’s very, very difficult. […]

— Rich Hickey, from “Simple Made Easy”

Remember that:

Simplicity is the prerequisite for reliability.

— Edsger W. Dikstra

To put this all another way: simplicity is the attribute we ought to desire to describe the inputs into our processes; reliability is the attribute we desire to describe our processes and their outputs.

We can only consider a few things at a time

And our understanding is very limited. […] There’s the whole notion of […] how many balls can you keep in the air at the time, or how many things can you keep in mind at a time? It’s a limited number, and it’s a very small number. […] So we can only consider a few things and, when things are intertwined together, we lose the ability to take them in isolation.

— Rich Hickey, from “Simple Made Easy”

Intertwined things must be considered together

So if every time I think I pull out a new part of the software I need to comprehend, and it’s attached to another thing, I had to pull that other thing into my mind because I can’t think about the one without the other. That’s the nature of them being intertwined. So every intertwining is adding this burden, and the burden is kind of combinatorial as to the number of things that we can consider.

— Rich Hickey, from “Simple Made Easy”

Here, Rich Hickey is talking about software and software development. But the exact same concept applies to cybersecurity engineering and analysis work.

Complexity undermines understanding

So, fundamentally, this complexity, and by complexity I mean this braiding together of things, is going to limit our ability to understand our systems.

— Rich Hickey, from “Simple Made Easy”