If you’re patient, history can be a great teacher. Even in cybersecurity, where the landscape shifts constantly, it pays to balance the drive to constantly innovate with learning from the past.
Consider the Peter Principle. First published in 1969, it asserted that in a hierarchy, every employee tends to rise to their level of incompetence. Eventually every position tends to be filled by an employee who is incompetent to carry out their duties. So if you're doing a good job, congratulations—you’re on your way to eventually doing a bad one.
Frustration with mediocrity made the Peter Principle a rallying cry for change. Adjustments to organizational design, like flatter structures, smarter feedback loops, and performance-driven cultures, were born. But are we still facing the Peter Principle today? If a model is no longer taught, is it no longer relevant? And how can we tell?
The instant availability of new information online replaces things faster than they would have faded away in the past—whether it’s tools, trends, or cultural buzzwords. Something that survives over time probably did so for good reason. A Clear Mission, Strong Principles, Good Communications are all as relevant today as they were 50 years ago. And while nomenclature may change, valid underlying concepts will stand the test of time.
Yet following tradition blindly is just as risky as ignoring it. Many years ago, I was explaining digital storage and query to a highly successful attorney who had been practicing law since long before the advent of computers. His firm’s law library was full of young associates manually researching legal cases in dusty old books. I still remember the look of amazement on his face when he realized how much time a searchable online library would save, how much more thorough their work would be, and the resulting increase in client satisfaction and retention. Yet recent news stories about AI completely inventing cases and citations in a legal brief illustrates the risk of over-reliance on innovation.
Respecting the past doesn’t mean keeping business practices that have become obsolete (see books, dusty old), just as innovation doesn’t mean automatically rejecting time-tested practices (see proofreading, QA). The firewalls and antivirus tools that were once cutting-edge cybersecurity are now just one traditional part of your cybersecurity stack. So study the past – not to romanticize or to laugh at the old days but to appreciate and learn as you move more rapidly into the future.
