2. whatʼs all this...?
-Tyson - Everybody has a plan until they get punched in the face
-Humans aren’t wired to deal with risks and uncertainty well...
-Newtonian...our brains evolved (well, some of us) from peanuts aimed at
keeping us alive...
-We see evidence of the same mistakes in some very disparate unrelated
-We’re doomed to forever repeat the cycle unless we recognize this
-People fear getting hit
-Natural inclination is to cover up / turn away - gets you hurt even more!
-The better you get, the more you have to entice the bastard to hit you, so
you can hit him!
-Over-defensive and over-aggressive are not good...
6. brazilian jiu-jitsu
-When you think you’re screwing them...
-Again, natural inclination is to lock up, use strength, stay still in a “safe
-Fluidity, speed, mercurial moves are the key...get into bad positions
purposely to force errors
-Think 3 moves ahead...umoplata -> triangle -> armbar == pwned
7. remember kids...
-Once again, getting shot hurts, so put your head down! Natural, but totally
-Shooting left handed throws everyone...
-Snap shots! Can’t adjust fast enough..
-The big moves bust the game wide open...and instill permanent fear (6
balls in the face)
-Why not sacriﬁce a runner?
-Winning too much too early can be a bad thing...
-Get onto a hot streak...
11. -Mistake 1 - Betting “the house’s” money..
-Mistake 2 - “I’ve called it twice...I’m all in this time...”
-Mistake 3 - Poor money management...forgetting the house has the edge
-Losing is equally bad...
-We sulk, we drink, we pout, we lose more...
13. -Mistake 1 - Paralyzed by fear...irrational...
-Mistake 2 - Want to break even...or even worse, get back at the
-Mistake 3 - Money management (again)
-We make stupid conclusions:
-Coin toss...50/50...even if it’s come up 70 heads in row...the next toss can be
heads or tails
-”This machine paid out, it’s hot!” ... right...
-Roulette, anyone? Or the lottery...you picked 36 and 35 came up..
-Card games, however, are not independent events...
-Need to understand Expected Value...
what the player can expect to win or lose if they were to play many times with the same bet
-The house has positive EV in many games...
15. trading / investing
16. system du jour
-Tons of holy grails...
-Lots of gurus
-Fundamental, technical, ﬁbonacci, elliot wave, bollinger bands...
Wait? Lunar Cycles???
-Yeah, read the fundamentals in that one, mofos...
-Analyst Recommendations - MUST BUY
-The devils in the detail...(or in the footnotes to ﬁnancial statements...) but
you gotta look!
-Value investors bought all the way down...hey, it was getting cheaper!
-If you’d followed price....
19. but why?
- A bird in hand beats two in the bush?
- Totally natural to lock in proﬁts and hold onto losses hoping they’ll
turn...but totally wrong
- We’re driven by fear and greed...look anywhere and it’s clear...we live by
- Kahneman and Tversky - Prospect Theory
How people make choices between alternatives that involve risk (usually
Given alternatives :sure win of 500 vs possible win of 1000 :sure loss at
20. weʼre so smart...
-We explain everything after the fact
-We look for logical explanations, reasons and patterns (coin toss) where
there really are none
-We make a call and stick to it adamantly, tying our ego to it...then we fear
being wrong, which makes us hold on even when we know we’re wrong...
-It takes major testicular fortitude to kill your idea (and your ego) and
switch based on what’s actually happening...but that’s the hallmark of the
22. we suck
-We suck at infosec
-Ownage fast and furious
-10 years of webapps and we’re worse then ever
23. overconﬁdence kills
-But there is a clear issue, we know this...clearly it’s endemic however...
-Even the professionals overestimate their skills / underestimate the risks
-The password choosing scheme of a 6-year old...when you’re a
24. no, not just dan...
-Ok, so using your www as *anything* but a www is an abysmal idea...
-But come on...customer details...keys...creds...source to your products?!
-WTF happened to security 101...
-Would you trust a lawyer with a criminal record?
25. play it again sam!
-We make silly decisions...
-We don’t base our decisions on accurate / relevant data...or we read what
we want into it
-Recent events - availability theory
-We underestimate risks / overestimate our skills
-SQLi 10 years ago...who’da thunk it...?
26. and so?
27. where to from here?
-We need to think, think objectively, and look at things empirically, not emotionally
-We need to constantly re-check what’s *actually* going on, and adjust without emotion
-A dose of realism
-We need to get out of our comfort zone and think about things carefully...eg Threat Model
-We take tons of risks and make tons of decisions every day, almost unconsciously...make
-Zero-sum - I’m more than happy to keep owning you...
-Common thread...clearly the problem isn’t in each domain...it’s an issue with *us*