There have been tons of articles done on this, particularly in terns of terrorism and counter terrorism since terrorism is recognized as an asymmetric threat. It’s a threat that is unpredictable and unconventional.

A good example was much like the Vietcong were in Vietnam. So much so in fact that people think the Vietnam war was entirely unconventional when it actually was both conventional and unconventional.

But at least units like the Green Berets back then were promoted to fight them on the same asymmetric terms and turn the tide due to their improved asymmetry which became counter-asymmetry or what they coined COIN (counterinsurgency) or counter-irregular warfare.

To do this the Green Berets followed one precept: Know thy enemy. Understand how they eat, sleep, walk, talk, shoot, how they think, why they think it, what they conclude, what they do, habits, traits, characteristics, and everything else down to a science…become them, in a sense, to know how to counter them that is EXACTLY my point here with why we need to learn to think asymmetrically and unconventionally.

Asymmetry in Thought

Conventional thought stifles creativity and effectiveness against anything asymmetric and unconventional. We must think asymmetrical. This requires re-learning or unlearning some of the rules we were once taught in order to achieve the possibility even, of thinking asymmetrically.

No, this is not brainwashing. It is actually thinking more freely and with an open mind, and therefore not as likely to be brainwashed.

In part two I’ll discuss how we can be More Asymmetrical.

Stay tuned for Thinking and Acting Asymmetrically Part 3

I’m not the first to write on this, but the subject fits my current series of articles. I have been focusing on irregular, unconventional, out-of-the-box thinking lately because it is over-hyped but truly under-done by many.

Symmetry vs Asymmetry - Characteristics To Better Understand This Discussion

It is important to understand what defines both of these concepts in order to better grasp the importance of understanding asymmetry, dealing with it, and even adopting it in order to achieve desired results and/or counter undesired results, and perhaps even predict the otherwise unpredictable.

Symmetry is characterized by these qualities

• To be by regular, predictable
• Apparent or obvious patterns
• Usually not difficult to figure out or anticipate
• Intuitive - common sense
• Conventional - where 80% or more of people are

Asymmetry is characterized by these qualities

• To be irregular, unpredictable
• Unapparent, not obvious, random, no pattern apparent
• Difficult to figure out or anticipate
• Counter-intuitive - uncommon sense
• Unconventional - where 20% or less of people are

Stay tuned for Thinking and Acting Asymmetrically Part 2

Unconventional is synonymous with unorthodox, or a break from the norm. It’s a break from the mainstream and is unique or special, not something to be despised necessarily.

Unconventional thinkers are not ordinary people, they are extraordinary. It was usually an unconventional thinker who became an inventor or who revolutionized a thought or concept.

Examples of Unconventional Thinkers

• Martin Luther
• William Tyndale
• Albert Einstein
• Thomas Edison
• Abraham Lincoln
• Bruce Lee
• Martin Luther King
• Green Berets
• Rosa Parks
• Morpheus and Neo

What it Means to Think Unconventionally

Unconventional thinking means being able to break free from the constraints of set rules and parameters or conditions. It means to not be caught up or constrained by rules, especially our own.

We follow things pertaining to regs and right and wrong but we are not ruled by them. Instead we master them. They become tools not obstacles. They become second nature or automatic. We change things that are just not right. We pave the way.

In part 2 of Unconventional Thinking Means Thinking Outside The Box…

I’ll talk about who our worst enemy probably is, and what we can do about it, so stay tuned!

Read. Read plenty. Read the right material. Familiarize yourself with the concepts of strategy by reading the following

• Read Sun-Tzu’s book The Art of War by Thomas Cleary, by far the best translation of this work

• Read the Bible. There are many accounts of strategy and points of wisdom that you can find, and many famous sayings of today originated in the Bible

• Read compilations of wise quotes and words of wisdom from sources such as the website above and from books such as the books of quotations

• Read Confucius (The Analects) and his wisdom and sayings

Also, talk to those who know strategy based on personal experience so you are not just looking for book knowledge. Talk to those who have “been and done”…volunteer at the veterans groups to find some military strategists like at the VFW or American Legion

Avoid those who are only poseurs and “all talk”

Your Own Experience is Important

In end effect, learning strategy is valuable only if it’s applied to your life in a useful and meaningful way. Book knowledge and learning from others teaches you somewhat but real learning comes only from your personal experiences.

You Must Start Somewhere

Start by reading as mentioned, it’s a very necessary first step to learning strategy.

Or give me an organization with poor configuration management. Then I’ll give you the keys to the kingdom. That’s because poor configuration management means lack of overall control and compliance. It’s a security vulnerability just waiting to be exploited.

A Configuration Manager’s Job

A configuration manager is the one who ensures that all changes to networks and systems are not only documented but that there is a process to re-assess and ensure security controls are in place to the level they should be after the configuration changes are made.

Without configuration management, the network and systems become the wild wild west and all sorts of holes and vulnerabilities in the network open up. The configuration manager is usually the gatekeeper of the network and of systems, of changes and of architectures that create or introduce new vulnerabilities. This is a very necessary control you can’t risk not having in your organization.

Configuration Management - What Duties and Functions Should it Include?

Configuration Management should include the following:

• Management of the architecture and changes to systems and devices

• Backup processes configured and running properly from a compliance standpoint

• Scanning processes are running regularly and kept up with

• Life cycle management takes place at the proper intervals and in the right places (prioritized)

• Configurations are as turn key and pre-done before deployed as possible

• Audit logs are being audited as related to network/enterprise changes and change monitoring

• Ports, protocols and services are managed, justified, approved and documented

• Chairs the configuration management board for an organization

• Chairs the Network and Systems Admin/User Admin working groups

• Has a seat on the IT procurement group and ensures CM is part of the process

• Ensures a proper baseline of systems and viability of procurement sources occurs from the get-go and does not allow unauthorized systems

• Has a handle on change management process oversight and audits it

• Has a handle on testing audit compliance for new systems before they’re added

• Ensures only accredited systems are on the network or added

• Ensures a timely sundown of all old systems and devices including their proper disposal as needed, for security, viability and life cycle management

• Ensures data remanence security after devices/systems are removed before disposal

• Ensures risk creep is prevented and compiles stats, trends and reports about configuration weaknesses and key items of concern

• Knows critical dependencies of infrastructure/systems and ensures they are reported

• Works with all operational IT and security personnel

• Works for the Chief Technology Officer in an organization

What to do if the CM is Overwhelmed and Overworked

If a configuration manager is this bogged down, consider having a team of configuration managers, or at least 2. One sole configuration manager is sure to get overworked and burn out. Remember, lack of a configuration manager or a burnt out configuration manager is a vulnerability.

Duty Creep

Just be sure your certification and accreditation team does not become your configuration manager because you need probably 2 full time configuration managers as is, and then a C & A team depending how large your organization is.

This is called duty creep…where people in an organization start to do work on something as a favor and later because they’re good at it, and because its needed, it gets added to the list of duties.

The bad thing about duty creep is it takes people out of their primary rile and makes them do things that they should not be focusing on much if at all, since they were hired for a different job,

Finally, any organization that does not have a configuration manager is really taking a huge risk with the security of its network. It should not do this because it’s the configuration manager who keeps things in check from getting out of hand with networks and systems.

1. What are my greatest weaknesses and vulnerabilities and have I addressed them all? Why not if not, and when will I?

2. What are we currently not monitoring or not tracking or have no situational awareness of (what don’t we know)

3. What issues do we have in our

• Security Philosophy first and foremost
• Security Goals second
• Security Models third
• Security methods fourth

4. What ensures the inherent integrity of things we so truly rely on, and how good is that integrity?

• Our hardware
• Our software and patches
• Our personnel
• Our processes
• Our methods

5. Where do we move slowest?

6. What are we not doing right or what must we change that we hate to admit?

7. If we were CEO or president for a day and had all the money, power and authority, what would we do?

And there you have the 7 Security Questions Organizations Must Ask Themselves!

1. By learning from history, since history repeats itself
2. By learning from the older, wiser and more experienced people
3. By reading texts and quotes from other wise persons and strategists
4. By applying knowledge and lessons learned, and improving the process
5. By participating in strategy building games and exercises

Learning strategy is fun, and these are ways to learn both wisdom and strategy in order to stay secure because the person who is strategic is also typically secure in what they do and how they do things!

• You must be well-read

• You must be a good listener

• You must be observant and perceptive

• You must be dedicated to the path of wisdom and knowledge

• You must have an excellent understanding of cause and effect

• You must be humble and willing to “empty your cup” as Bruce Lee used to say (more on that later!)

Holidays are probably the best time for the adversary after your money or resources to find easy prey. Unfortunately, during a time of increased threats and viruses, burglaries, etc…most people probably 80% will be less vigilant and alert.

Don’t Let Your Guard Down

I know it’s the Holidays and you may not like to hear this but…stay on your guard! Yes truly enjoy the holidays but also build security, alertness and vigilance into it as well. If you do you’ll stay more secure.

Stay On Your Guard Smartly

I’m not saying be paranoid nor let anything ruin your holiday…if you do that then the enemy has won! Instead, just keep an awareness and a security part of your holiday routine and you will be doing more than most people, and will probably reduce your risk and also make the adversary pick an easier target.

Things you can do to stay vigilant, secure and deter criminals:

• Stay alert to suspicious people and events or things out of place

• When in doubt, ask for law enforcement to check it out

• Don’t be flashy or flash money around

• Lock it up in your trunk (presents or purchases and such)

• Make sure you use lights to deter would-be burglars and park under lights

• If you take a vacation, make sure someone you trust watches after things regularly and at unpredictable times (their pattern to check on things should be random)

Stay secure during the holidays and don’t let your guard down! Happy Holidays!

Learning strategy is important for many reasons:

• To survive and minimize negative effects or threats (to stay secure!)

• To prosper, come out ahead, beat the competition or adversary and win!

• To stay wise, well-learned and thereby prevent problems/avoid trouble

• To avoid learning the hard way

• To avoid letting history repeat itself

This can apply to any strategy, whether one for relationships, communicating and of course in staying secure.