Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

More on spam analyst performance

More on spam analyst performance

  • Comments 1

In my last post, I mentioned that I was reading Dr. Steenbarger's blog on trader performance.  Dr. Steenbarger has done a lot of research in studying what makes top performers the experts in their fields.  One of the things that separates the experts from the amateurs and average performers is the way that they process information.

Average performers and amateurs may understand the basic mechanics of the game, but experts can process new information quicker and adapt their techniques to account for this new information.  In a football game, a quarterback might react to a strong blitz defense by getting rid of the football quicker.  A trader sees tops and bottoms emerging much faster as he has seen the pattern before and has a feel for the market.  Because they understand their fields so well, top performers literally learn to see the field in new ways that amateurs and average performers do not.  They are able to process that information much quicker and see different ways of applying that information.

I think this holds true for spam analysts. In my last post, I mentioned that the rate at which I can process spam has rapidly increased from when I first started.  I don't find it all that difficult to see a list of messages and go through them quickly.  However, the advantage I have over new analysts is that when a new spam outbreak hits I can predict the consequences of my actions and of the actions of spammers. I know that hitting on certain patterns of single words can cause false positives if you are not careful enough (porn spam is a great example).  We recently received some hashbuster spam containing nothing but random text; I knew almost instantly that we were going to be hit with another spam wave within 48 hours and I was proven correct.

I think that this is a good selling point of anti-spam services.  Sure, system administrators can handle this task themselves, but our selling point is that it takes up too much time and too many resources.  This, of course, is correct.  However, I think another selling point is that system administrators are not experts in the anti-spam field.  They cannot react quickly enough to new spam threats because they don't have the experience.  Spammers have the advantage over them in this regards and system admins do not process new information and apply that information as quickly as anti-spam experts.  And, let the record show that the spam team here are experts when it comes to spam.

The game is changing quickly, 2006 has shown that.  It will continue to change just as fast in the future and companies now, more than ever, need the expertise of people who have a lot of experience in the field.

Leave a Comment
  • Please add 1 and 3 and type the answer here:
  • Post