Threat Level: green Handler on Duty: Russ McRee

SANS ISC: The Value a "Fresh Set Of Eyes" (FSOE) - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
The Value a "Fresh Set Of Eyes" (FSOE)

Ever notice that being close to a particular problem has an inherent disadvantage? Often working on a problem for a long time, combined with being very close to the problem leads to less than holistic perspective. You think about the problem as you go to bed at night and again when you wake up in the morning, but you find yourself stuck and need a dose of fresh thinking. I have found a strategy to account for this “syndrome" and want to share what works and also learn from your experience as well.
 
As a new team member, we are conditioned to sit back, open our ears and close our mouths in order to understand the current environment. Often times questioning things, with a healthy dose of respect for the work that has already occurred, can be quite beneficial to the team. Brutal honesty and crystal clarity is needed during this exercise. As mentioned in The Best Medicine for Your Business: A Fresh Set of Eyes “Odds are, an easy solution will be staring you in the face, but you just can’t see it”.
 
Every time I have been the “new guy” on a project, team or organization I have been uniquely qualified to provided a fresh perspective. I was not burdened with the baggage or the bias of how it had always been done and often was able to bring some clarity to problems that have existed for a very long time. Another approach I found effective is to ask others who are not on the team to review the project status report and share with you their unfiltered impressions. Can they arrive at the intended conclusion without a lengthy briefing? A great question to seek the answer to is - How much ramp up time do they need in order to understand your message and make a decision? Armed with a “new guy or gal”, your team may find they are surprisingly equipped to get past a current challenge and move on to a higher priority problem, such as delivering effective security metrics or making your security dashboard add business value. 
 
What is an example of a time that you were able to offer a fresh set of eyes? Use our comments area below to share what works.
 
Follow me on twitter @RussellEubanks
I will be teaching next: Implementing and Auditing the Critical Security Controls - In-Depth - SANS Paris September 2019

Russell

97 Posts
ISC Handler
I see this all the time. I work as an independent consultant on safety critical real-time embedded systems in aerospace, medical devices, and industrial safety controllers.

As the new guy, and also a senior consultant who has been around the block a few times myself, I frequently see teams who are tackling a new aspect of their project make the same mistakes as other teams I have worked with, so I am rather adept at that "I've seen this kind of thing before" feeling.

A project I am working on now has started to make several of the classical (to me, but new to them) mistakes, but I have seen them coming. Frequently it is hard for a team that has been working on a project for 2 years to understand what I am saying, but if I let them get closer to the problem, they start to understand what I was talking about and usually thank me for the early warning. It has saved them from big headaches several times already.

I am the fresh set of eyes. They are the legacy team with the way they have always done it before. I have to give high credit to the technical management team of this project for recognizing that they are treading on new ground, as they have retained not only myself, but also three other senior consultants with prior experience in the stuff that is new to the original team. If only all projects had such foresight and humility to recognize that there were areas where they needed more expertise.
Moriah

133 Posts
Interesting perspective, Moriah and I agree that consultants are often in this role as well. Thanks for pointing that out.

-Russell
Russell

97 Posts
ISC Handler
In a previous life as a programmer, we used to see this all the time. It wasn't unusual to be stuck figuring out a bug and after having spent all day on it, show it to someone else who spotted the bug in short order. It wasn't necessarily that one person's debugging skills were any better than someone else's, just they haven't been down in the weeds with you banging out the code and they look at the code with a fresh perspective (missing all the history of how you got to where you are).

In IT, it's usually just a matter of being diplomatic as the FNG offering a new idea or as the old-hat, being open to any idea proffered by the FNG. Don't be too quick to blow off the FNG's idea with a "no, you haven't been here long enough to understand the problem".
Brent

120 Posts
Indeed a fresh set of eyes is always important. I work as SOC team lead and always prefer to review the contents going out to customer. Another person reviewing a content can always make sure information that going out is indeed correct. At many instances have found out that responsible person acts in haste and sometimes provide incorrect or confusing information.

Another pair of eyes always acts as a failsafe to ensure the quality of output.
makflwana

17 Posts

Sign Up for Free or Log In to start participating in the conversation!