“It is stupid to be categorically against technology. It is not stupid to be suspicious of technology.”
—Neil Postman

※ “Quantum” Doesn’t Solve Anything for Cybersecurity

What security problem is “quantum” trying to solve? Would quantum solve Solarwinds? Heartbleed? Log4Shell? The 2016 DNC compromise? Any number of the social engineering-based attacks we see month after month? No, no, no, no, and no.

“Quantum” is specifically solving the problem of cryptographic primitives: that some of the fancy math problems we use to keep other humans from guessing how to unscramble our data eventually might be solvable by superscale quantum computers.

The argument you’ll often hear from quantum zealots is: “imagine if the primitives that were beneath your feet just vanished.” I don’t have to imagine, bro, that happens in software security every fucking day.

Via Kelly Shortridge.

Quantum falls in that void of things CISOs wave vaguely at when they ask consultants, “What should I do?” Other things that qualify are blockchain, AI, and any number of buzzword bits the CEO or Board members read about in the Wall Street Journal that morning and asked the CISO for the organization’s readiness/position/point of view. Effort is expended, focus changed, and attention redirected to formulate a response.

Meanwhile, and I am hitting my favorite drum again, things that could improve the organization’s current security posture, threat management, and organizational risk are being given short shrift or put off.

The Work One-on-One

Sasha Dichter writes on their blog about one-on-one meetings one has with their supervisor/manager/boss:

… I think the tools only work if we show up with the right mindset to these meetings.

This mindset isn’t: it’s my job to update my boss on what I’m up to.

This mindset is: it’s helpful to have a counterpart who helps me stay on track; helps me ensure that I’m prioritizing the right things; and who can help me troubleshoot when I’m stuck.


I disagree on a number of counts.

First, it implies that the boss (the term I’ll use from here on in) isn’t doing their job. Bosses should be prioritizing, troubleshooting, and setting the direction. If one has to tell the boss to do that, waiting for a one-on-one is not the way to do it.

Second, it implies the boss knows what one is doing. A good sign of a boss not having a handle on what’s happening is to ask for weekly/every-other-week/monthly one-on-one meetings. That says more about the boss than the employee, unless the employee is on some kind of an action plan.

Third, it places the onus on the employee. The boss should be coaching and advising when appropriate. When the employee is cranking along, one effective way of slowing progress is to ask about the progress.

Forth, it assumes the boss is focused on the right things, has skills and experience to offer, and isn’t checking a box their boss wants checked. In the post, that’s even brought up: “Hopefully, your boss has some perspective and experience that you don’t have …” It’s not a given.

Fifth, it assumes the boss is open to employee feedback. If the boss has a fragile ego, if they’re exhausted, if they’re stressed, and/or if they’re unfocused they may not react as one would hope and expect.

Sasha Dichter ends the post with “The meeting is for you, not for your boss.” I find that rarely to be true. When it has been true, it’s the boss who asks “What do you need from me and how can I help?”

Well meaning posts like that one assume an ideal that doesn’t universally exist. If one is in a bad organization, has a bad boss, is in a bad work situation, or doesn’t buy into the hustle culture narrative then advice like this falls on deaf ears. To be clear, I’ve written similar posts to Dichter’s on this site.

There is no one-size-fits-all approach to one’s relationship with their boss. But falling into the trap of thinking of work as “family”, bosses as confidants and collaborators and counterparts in one’s career, and that anyone who shows the corporation loyalty is safe from “resource action” puts one at a significant disadvantage.

However, when one has to do a one-on-one with their boss, Dichter’s advice about what questions one should consider are a good starting point.

Your mileage may vary.

Presume and profess less

Hyperbole wrecks understanding.

Instead of assigning genius, visionary, peerless, or pioneering to folk lets dial down the rhetoric.

“Genius” is a high bar only measured by history. For example, buying an innovative company does not make one a genius per se.

“Visionary” is marketing.

“Peerless” means one who hasn’t been open to peer review.

“Pioneering” is someone repackaging what is known.