Kevin Beaver's Security Blog

My health story is a reminder that we need to rely on the right experts

I’m back! After quite the hiatus dealing with a rare health condition, I’m coming back to life and getting better every day!

My story is quite complicated…I’m currently writing a book on the whole situation and I will share that here once it’s out. Briefly…I’ve been dealing with debilitating neck issues, namely something called cervical instability that led to a rare condition called Eagle syndrome. My surgeon did a documentary on my Eagle syndrome story you can check out here. Check out my comment in the Comments section of the video to see all of the symptoms I have been experiencing. Essentially, cervical instability is an unstable neck due to weak ligaments that can create literally dozens of symptoms, mostly neurological in nature. This problem came about from a lifetime of head and neck traumas combined with a heads down lifestyle working on computers with poor posture for over 30 years.  I have had a ton of dental work throughout my life as well as a tonsillectomy when I was one year old  – all of which can contribute to cervical instability. To top it off, I went to the wrong chiropractor – a legacy doc who does not specialize in upper cervical treatment – who wrenched on my neck for 11 months trying to fix the issue but, instead, ended up making me WAY worse. [Never, ever let a non-upper cervical chiropractor forcefully adjust your neck!]

A couple of decades ago, I noticed weird stuff going on with my neck. It started with pain and it ended up with debilitating neurological symptoms. Over the years, I would self diagnose and self treat. Thanks to YouTube, I was able to find rehabilitation exercises that brought me some relief, at least at first. But then I plateaued and wasn’t getting anywhere.  After that, I ended up on a path that required me seeing nine different doctors until we could figure out what was going on. During my recent 10-month tenure of physical therapy for my neck, I had an epiphany. I realized that I was being stubborn and downright stupid for thinking that I could just go online and find random and generic exercises to treat an otherwise very complicated neck issue. So much wasted time and effort! Had I gone to a physical therapist from the get go, earlier on – like four years ago – I probably would have ended up in the right place much more quickly. But no, I was trying to save time and money. That and the reality that I have been screwed over by the healthcare industrial complex in the past – I just didn’t want to continue being a part of that system if I could help it.

Early on in physical therapy, I realized that I was finally on the right track. Thankfully, my physical therapist was very savvy with neck issues. She was able to see how I was presenting and knew exactly what I needed in order to address my instability. Dozens and dozens of unique exercises tailored just for me…and, guess what? They worked! It’s absolutely fascinating what can start happening when you bring in an expert to evaluate a situation. There’s no guessing. There’s no wasted time and money. Just findings and recommendations and tangible solutions brought about by a trained eye and a heavy dose of expertise.

What does this have to do with information security? Everything!  When I had this epiphany during my physical therapy sessions, I realized what I was doing originally (trying to do everything myself) is what so many businesses do with security, specifically security assessments. In order to save time and (especially) money, many businesses will perform their own “internal” vulnerability and penetration testing. I’m confident that in most cases, IT staff mean well. They have a limited budget. They download free tools. They run basic scans. They look around to find the vulnerabilities that are presumably creating problems on their networks. It’s a noble cause but here’s the problem: many of the IT professionals doing this work have never attended a conference or even taken a course in information security. Many of them have not been on the receiving end of a proper vulnerability and penetration testing project/deliverables so they have no idea what it’s supposed to look like. They are literally flying blindly through the process…hoping they are using the right tools, the right hacking techniques, and finding the impactful vulnerabilities that matter.

It’s not that simple.

Given the complexities of the human body along with the myriad of unique health conditions people face, it’s too risky to rely on your own expertise and that of others you might stumble across on YouTube or elsewhere online. The experts you come across online don’t know your situation. They’re not evaluating your case. The same goes for today’s networks along with all the threats and vulnerabilities at play. It’s too risky to rely on your own expertise and the knowledge you might stumble across online. What if you miss something? What if you don’t have the proper tools? What if you could be doing things completely differently to save time and money? What if you could rely on the expertise of an outsider to point you in the right direction so that you (and your business) don’t get burned? Healthcare…information security…same story. There’s a lot to lose when it comes to our health. There’s quite a bit to lose as well when it comes to security too, especially if what you’re doing would not be considered a defensible approach to security.

Don’t get me wrong with this…I don’t want to leave the impressoin that YouTube and other online resources are without merit. They absolutely are! I’ve gained a TON of knowledge through all of this by way of extensive research. In fact, I’ve had to figure most of these things out and manage them all on my own simply because they are so complicated and most doctors know nothing about them. My point is that for complex, non-cookie cutter issues like what I’ve been experiencing, you need to get outside advice from a *qualified* professional. Not just someone who does the work but someone who actually *understands* it and, ideally, is one of the best in the business. That’s why I chose to fly across the country to Los Angeles two different times to go to the surgeon I went to (see documentary video link above).

Bottom line: knowledge matters. Experience matters. Don’t do what I did when addressing my neck issues….thinking “I’ve got this!”.  That approach cost me WAY more than it saved me and I can assure you I’ll never go down that path again, especially for something so complicated.  I encourage you to take the same approach when it comes to security, especially vulnerability and penetration testing and determining where your highest payoff areas are. There’s just too much at stake. You can learn more about how I can help – along with what my clients are saying about my work – on my website here.

Thanks for reading…Cheers to health and prosperity in 2023 and beyond!