Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Strengths and weaknesses

Strengths and weaknesses

Rate This
  • Comments 9

From time to time, I like to reflect upon my own personal strengths and weaknesses.  I may be a spam fighter, but I'm also a professional working within Microsoft and I want grow my entire asset base of skills, not just in spam analysis.

You know how on interview coaching, they say to you "If you're ever asked one of your weaknesses, give one of your strengths that if overdone, could be a weakness"?  For example, you could say "Sometimes I work too hard" which is overdoing dedication to the job.  It's kind of a way of weaseling out of the question.

Well, in my case, one of my weaknesses truly is one of my strengths.  I've been analyzing and fighting spam for 4 years and I'm very familiar with our own processes.  I've evaluated blocklists, regular expressions, fingerprinting engines and some Bayesian filters.  Because of this, I have a real knack for knowing what will work and what won't without having to do any analysis.  Much of the time, additional analysis confirms what I already knew.

The problem is I tend to get very irritated when I get pushback from people on antispam strategies who don't have my level of expertise.  If I think it will work, then it will probably work.  I can usually see the end points pretty clearly in my head even if all the details aren't there.  For example, for the past two weeks I have been trying to get a new spam filter in place.  I have personally done all the back end work and also evaluated the potential spam catch rate and false positive rate.  Yet when it comes time to get it deployed, I get pushback because we need to do more false positive evaluation.

"Dudes," I say, "we've done all reasonable evaluation.  Doing more will confirm what I already know -- FPs will be minimal and the preliminary analysis that I have already done suggests this!"  But it's not good enough, we have to do more just to be safe.

Safety is a real concern.  Nobody champions false positive evasion within our spam filtering service more than me.  No one.  For me, one FP is too many.  But when I personally research a new filter, do all the work to get it up and running and do what I think is a very reasonable FP analysis (we can't analyze 200,000 mails per day, but we can look at IP history and reverse DNS entries), requiring more annoys me.  I may be taking things too personally, I suppose, but in my view we are wasting about a week's time to do analysis that I strongly believe will not change our minds or add anything of significant value.  There's a whole lot of spam we could be stopping in that interim period.

<sigh>... I also think this illustrates one of my other weaknesses -- the inability to get people to jump on board to my solutions.

Leave a Comment
  • Please add 7 and 8 and type the answer here:
  • Post
  • PingBack from http://informationsfunnywallpaper.cn/?p=1383

  • Ditto - same here apart from the fact I've been doing it longer :-p

    Great post Sir.

  • As a fellow spam fighter I understand your pain.... new spam filters and/or methods are VERY time critical.  Good spammers are changing their tactics on an hourly basis and its only getting worse.  

  • Ah Terry, we all go through it.  I struggle with frustration at times when I am asked to justify, in 30 words or less, a theory, advice or opinion that have been reached by distilling knowledge gleaned over years and a well honed "gut instinct" because, like you, I sometimes can't give them sufficient detail or a sufficiently comprehensive diagnostic flowchart - and although I am right more often than not, I am also wrong sometimes - wrong just often enough that I also face struggles to get people to jump on board at times.

    Sandi

  • I'm glad to see that there are others who feel my pain.

  • As a follow up from my previous post, I've calmed down a bit and started to regain my calm, Zen-like

  • Late on a Friday, the kids are finally in bed and I just burned through the rest of my mail and feeds

  • real world bites and people always think that their process is the magic bullet there is no 'best' way only a combination and only in certain circumstances does anything make a big difference so knowing the environment has a bigger effect on  knowing if something is going or work or not... history... doomed... goto 10

    regards

    John Jones

    http://www.johnjones.me.uk

  • Some career advice that I once got from an old timer:

    For your first few years at Microsoft, the hard part is being right.  

    After that, the hard part is being right AND convincing others that you are right.

Page 1 of 1 (9 items)