A healthy dose of skepticism
I am a skeptic and have always been one. I believe that a healthy dose of skepticism can do wonders when trying to balance beliefs (many of which are odd: some people do believe that unicorns are real – literally real!) and reality. While odd beliefs are nice (and somewhat amusing), I would not like to base decisions on farfetched, wrong concepts. I can see the disappointment in some soon-to-be Unicorn farmers eyes.
Not all you see is as it is.
For example, take the Barnacle Geese. Here is a picture:
And take the Goose Barnacle. Here is a picture:
The similarity in color is apparent. Early Europeans, having not observed the Barnacle Goose nest, and having been oblivious to bird migrations, assumed that the Barnacle Geese emerged from the Goose Barnacle (hence the name). Furthermore there were eyewitnesses: The Welsh monk, Giraldus Cambrensis, claimed to have seen goose barnacles in the process of turning into barnacle geese in the twelfth century.
It is easy to discount this example as “dumb early peoples who did not know”. But these types of mistakes happen routinely in every discipline.
In security it is always easy to jump to conclusions. A DOS attack might also be a misconfigured device. An employee stealing data might be a risky business practice, process or habit.
The only way I am aware of to combat these mistakes is to dig deeper with methematical rigorosity. Understand not just the What (as in: what is happening) and the How (as in: how is this attack taking place) but the Why (as in: Why is this employee sending these emails).
/al