No, and that's a problem in cybersecurity.
Look, a lot of you sitting there listening,
a lot of our learning community, probably think of penetration testing,
meaning doing some probes into systems,
as a pretty effective way of determining if there's a security problem.
You might be sitting in some town, or city,
or country, wherever you are, and maybe you even do some of this.
A shop owner, bank, a business, a government agency says, hey,
I see you know a little about cybersecurity.
Would you help me with my security?
And you say, of course, I'd be very happy to help you.
And perhaps very innocently and not being aware of the warning that we get from
Edsger Dijkstra, you roll in and it becomes your task or
your intent to do penetration testing.
Or to test for different types of flaws that would occur or
be existent in their system, right?
You'd roll in, you'd try this, you'd try that.
You'd try breaking in to this, you'd fuss around with that.
Maybe it's a medical device, you'd wear it, try to break it.
You'd connect it to weird stuff.
And then you'd have a breakthrough where you'd go, my gosh!
If I do this and that, it breaks, and you write it down.
And you produce a report, and you go back to your customer and say,
I did a bunch of testing.
And look, if you do this thing, wiggle the wire connected to this thing, it breaks.
Your customer is going to be very pleased.
You found a problem, they'll fix that problem, they'll pay you.
You go off, and what have you really shown?
You've proven that there's one problem, but
you've not demonstrated the absence of others.
Does that makes sense?
It's really important because so much of cybersecurity is
rooted in this idea that by penetration testing, by hacking,
by being a white-hat hacker, a benevolent hacker, by probing,
testing, and so on, that I can demonstrate the absence of security problems.
That is just not true, absolutely fundamental that you keep that in mind.
Because I think it arguably could be the biggest misconception that exists in
cybersecurity today.
And I think it plays to the enjoyment that a lot of us have in breaking into stuff.
Let's face it, it is fun to break into things.
If you're a little mischievous, then you probably find cybersecurity fascinating.
That's been experience, I've been at this for 31 years.