Skip to Main Content

Approximately 400 Marines, Sailors, Coast Guardsmen, New York police and firefighters ran through downtown Manhattan, June 1, 2010, in honor of the victims of 9/11 and America's fallen heros. Official Marine Corps photo illustration by Corporal Patrick Evenson.You may have heard of the book "All I Really Need to Know I learned in Kindergarten" by Robert Fulghum, but, you probably have not heard of the lesser know book "Corps Values, Everything You need to Know I learned in the Marines" by Governor Zell Miller.

From experience I have found in my career that much of what I learned in the Marine Corps applies not only to my personal life but also my career. Countless times, my training in the Marine Corps has served as either inspiration or guidance in difficult situations.

Alexander Pope once said "To err is human; to forgive, divine." The Marine Corps has a twist on this maxim as well, "To err is human, to forgive divine, neither of which is Marine Corps policy."

I will never forget that quote. In a way it rings true. You can't go back and fix the past. What is done, is done. This quote is especially true in Information Technology (IT). The expectation from technology is perfection and that things shouldn't go wrong. However, we forget the technology was designed by people, deployed by people and used by people. The truth is people make mistakes; “To err is human.”

There is another saying in IT security, "people are the weakest link.” We are our own worst enemy! People often make honest mistakes. They accidently click to download a virus thinking it was some cool picture or game from someone they must know because “who else would send them something cool.”

Next thing you know they are calling tech support crying because they lost that really important document or spreadsheet and wondering why the IT guys gave them this operating system or this internet browser. Then they tell tech support they want a new computer because their friend, who is a self proclaimed security expert, tells them they need a new operating system or internet browser. In reality their friend was talking to some 'genius' at the mall who gave him a marketing presentation.

Not all people make honest mistakes; some people intentionally cause malicious mayhem. What, never! Yes, it is true. Some people actually intend to cause damage and mayhem. We security pros, the real ones not the 'geniuses' at the mall, call these people the “bad guys.” Yes, they want to steal your identity, break into your computer, use your computer to perpetrate crimes and steal data.

You may wonder how these “bad guys” are always causing so many problems. Here is the secret: They hide out in the dark corners of the Internet and lay in wait. They wait for one or more of us to make an honest mistake, a turn down the wrong, dark, Internet alley. Maybe the problem is compounded by the browser they are cruising the Internet with. Maybe, someone didn't lock the “doors” to your computer. Either way, they see an opening and they break in.

Am I saying most of the crimes on the Internet are crimes of opportunity? Most assuredly, they are. Now this is where the second part of the quote comes in. Once a user feels like they have been betrayed by a company, tech support or the IT guys, they have a tendency not to forgive.

I have to admit it is difficult to forgive my bank if they lost my information in a data breach, especially if they didn't have the proper security in place, even if it was an honest mistake of one of their network administrators or Web developers.

I guess we can use the old maxim, “no harm, no foul.” We could forgive them because it was an honest mistake. Then what do we do when another “mistake” leads to a bigger problem. What if the whole campus network is taken down for three weeks during registration?

I guess we are down to the question of, do we flog or forgive those who make a mistake that leads to a major catastrophe? I really don't think it is that simple. We still have not addressed who should be flogged or forgiven. Is the network technician who did not install a new firewall or is it management who cut the funding for the new firewall? Well since the network technician or IT manager is on the front lines they typically get the brunt of the indignation.

Getting back to the Marine Corps maxim, if you don't make the mistake in the first place you won't have to worry about needing forgiveness. If only it were that easy.

What do you think? Flog or forgive? Who is really to blame? <>

U.S. Marine Corps logo.