This is a post is in the Useful Ideas series.

You’ve likely heard some version of this joke/story:

A policeman sees a drunk man searching for something under a streetlight and asks what the drunk has lost. He says he lost his keys and they both look under the streetlight together. After a few minutes the policeman asks if he is sure he lost them here, and the drunk replies, no, and that he lost them in the park. The policeman asks why he is searching here, and the drunk replies, “this is where the light is.”

This metaphor has intriguing applications in various domains, but I’ve repeatedly encountered this phenomenon inΒ technologyΒ andΒ cybersecurity. A common pattern I observe goes like this:

A: “I’m deeply concerned about X

B: “X is indeed a problem, but is it our most significant problem?”

A: “Yes, we encounter it all the time.”

B: “Y is a similar problem to X, but we lack sufficient visibility into it.”

A: “But we often see X.”

B: “…”

I’m not suggesting you shouldn’t go after quick wins. (Creating momentum is often important.)

I’m also not suggesting you wait until you have complete knowledge before you take action. (That can lead to analysis paralysis.)

But I am saying to check whether your perspective is being skewed by your current visibility.