Ever wondered what is the most challenging aspect to security? It's not understanding the evolving threats and actors. Certainly those are important, but people smarter than me do a fine job of tracking and reporting on emerging threats.
It's not the constant evolution of tools and blinky boxes. Sure, tools are part of the mix, and knowing what tools will benefit in what situations is a must, but a tool is a tool. Given the right tool with a suitable understanding of the problem, the right people can figure out the right way to use it.
It's not understanding the technologies and solutions I'm tasked with defending. Of course that is crucial, but 20 years in the field have taught me a great bit about operating systems, applications, networking, business, and the way systems work, break, and can be fixed.
The biggest challenge? It's not threats, blinky boxes, or foundational knowledge. It's the context switching. It's being eyeball deep into a topic when something else demands attention. It's the interrupt-driven pace of work, always at the mercy of the next unscheduled threat.
What techniques do you use to carve out dedicated time for strategic work? How do you avoid the pitfall of perpetual firefighting? Comment below or join the discussion on Twitter.