Podcast: Chasing Certainty Is A Fool’s Errand with Foundations by Chris Decker
Tenacity's CTO, Nick Lumsden, joined the Foundations podcast to talk about how there is no way to completely get rid of risk... only to reduce it. And the only way to reduce your risk is to take action. Check out our recap of the conversation!
Last week, our CTO and Co-Founder, Nick Lumsden, had the opportunity to join Chris Decker on the Foundations podcast series, where they interview guests whose story can help pave the way to a stronger foundation in life, business, and beyond. Needless to say, we were excited for Nick to be one of the voices in this series of conversations.
Here is a quick recap of some of our favorite moments of the episode — but be sure to check out the full conversation with Nick and Chris below for even more great takeaways:
Chris: Two weeks ago, you posted something on LinkedIn that got a considerable amount of attention. You asked, “Why do people say, ‘in these uncertain times.’ It’s never made sense to me? All times are uncertain. Chasing certainty is a fool's errand.” What inspired this post?
Nick: It's been a long train of thought in my career around this idea of certainty and seeking it. What triggered the post was that I had received an email which was trying to grab my attention by saying “in these uncertain times,” and it just got me on the track of there's no such thing as certainty in life. There are no absolutes. I think this is misunderstood often in business, especially in early founders or early entrepreneurs. They spend a lot of time trying to validate or seek certainty around an idea, rather than just taking action and trying — and that's oftentimes more dangerous than taking action and failing really quickly. Finding out if you're right or wrong through the action, that's really where growth comes from. The experience in my career of seeing folks who jump maybe a little too quick or take a little more risk due to uncertainty in what they’re doing, they tend to be a lot more successful in the long run, because they get to the answer a whole lot faster.
Certainty is a perfect state. You can't always get there. But, there's degrees of uncertainty. In order to reduce uncertainty, you have to take a little bit of risk, you have to get out of your comfort zone. And I see this happen all the time, especially for startup, early entrepreneurs. Don't be afraid to take that risk and find out.
Chris: Could you speak to this concept of risk in cybersecurity, because I have a feeling there's no way to guarantee that you're 100% secure?
Nick: Here's the problem… you can never have perfect knowledge. You can never be certain that you're 100% secure, because you'd have to have perfect knowledge of the state that something is in. So, knowing that, what do we do? The danger in technology or the danger in cloud security is inaction or standing still. So many organizations actually get stuck in analysis paralysis, where they're trying to understand what is the thing that they should actually go and do. They get stuck by all this noise and they don't take action, which actually makes them more susceptible. Whereas if they would just take action towards where they think is the best place to go, they'll start to reduce their risk a whole lot faster than trying to find the perfect solution or the perfect place to apply their time.
Chris: You've learned a lot of lessons that have gotten you to where you are today at Tenacity. But can you talk about your very first business and a few lessons that you learned the hard way?
Nick: I could talk all day about the sort of lessons I've learned in my first business. I mean, I failed at my first business six years into it. That was hard… to pour your soul into something for that long, and not be able to achieve what you wanted to achieve.
That journey started while I was in college, and I was sitting in the lab one night and I was frustrated. I had a bunch of work that was due for class and a customer, and I remember saying to the lab, “Hey, does anybody want to get paid to code for me?” and a couple of hands shot up. And, lo and behold, a software development team was born and we had a business. I made all the mistakes that 22 year olds make. I learned a lot of things the hard way. I had a chance to exit in probably about the fifth year of business, about a year and a half before the business failed, and I just kind of shunned that soft offer immediately. That was probably the first lesson I learned. I didn't welcome the conversation.
I think I was a little scared at the moment of what an exit would look like. I had built this business that was kind of rickety and wasn't running smoothly and wasn't the perfect thing I wanted it to be. I don't think I wanted anyone else to take a look at the books and realize that it was so rickety. It was a good business — we did a lot, we had good revenue, we had lots of customers — but I think I had in my head this kind of perfect vision. Now I realize that all businesses are messy like that, just in different ways. Nothing's perfect. And I think the second thing is that I really thought I was going to build something much bigger. I mean, it wasn't the kind of offer that was going to make me retire for the rest of my life, but it was an offer that would have fundamentally changed my life at 25 years old. If I had realized at the time that I had sort of reached my limit, and I just needed to go learn from someone, which that entrepreneur would have been, I think it would have been a really interesting journey.
Chris:Another recent LinkedIn post that you published was also about failure lessons. “There is an aphorism about conflict: Generals always fight the last war. Meaning, the time between conflicts is spent learning from previous conflict. The same is true in cybersecurity.” Reading into that, it sounds like you’re saying it’s not will another cyberattack happen, it's when. And what did we learn from the last one to help us when the next one happens?
Nick: Yeah, it's really important to understand that you shouldn’t only be focused on what you’ve learned from the last attack, but also be prepared for the next one. That whole aphorism of generals are always fighting the last war they're in is really to say, well, you have to be careful that you're not falling victim to recency bias. Make sure you're only studying the thing that happened to you last. You really want to consider whether you have the fundamentals. Do you have the foundation right? Are you thinking about the way that a future war will be fought? What would those technological changes be? That is definitely true in technology and in cybersecurity. You want to learn your lesson from what happened, but will make sure you haven't broken your fundamentals. Make sure you’re still marching, still training your troops, and anticipating what my enemies are going to be bringing against me in the next conflict. That's very much the analogy for cybersecurity — what are they going to bring next? So, if you're not leveraging tools like AI or big data analytics to help you in that battle, then you're already stuck fighting the last war… you're not yet fighting the one that's to come.