Critical thinking is a key part of working in cybersecurity. Every situation is unique even though there's always things to learn from situations past. There are numerous resources out on the internet and countless books on developing critical thinking skills. Synthesizing some of these down, there are several key habits of those who excel in this area:
- Welcoming of diverse opinions and perspectives
- Systematic in their organization and problem solving style
- A balance of analytical and creative in thinking style
- Open minded and conscious of their own biases
- Confident yet skeptical
In many ways critical thinking is closely tied to decision making, but it's bigger than that.
There are numerous factors that work against cybersecurity professionals. Hackers (or other adversaries) actively trying to attack us. Users that may be trying to work around the rules because it's more convenient or perhaps they just don't know. Complexity in IT environments that make it hard for us to know what actually exists and where.
The problems we face as an industry are constantly changing. Doing the same old thing the same old way is not typically the optimal way to guard an organization against adversaries that are exercising an almost constant flow of creativity. Critical thinking helps to find the optimal solutions to the problems or opportunities ahead of us. This can be applied in many settings:
- Process change
- Creating policy
- Conducting a penetration test
- Analyzing logs or forensic evidence
- Writing code to harden an application