Getting punched in the face
1 like•617 views
The document discusses human behavior in high-risk scenarios, emphasizing that people often react poorly to fear and uncertainty, leading to poor decision-making in areas like gambling, trading, and security. It highlights common misconceptions and tendencies, such as confirmation bias and overconfidence, that frequently result in losses. Finally, it advocates for a more objective and empirical approach to risk assessment and decision-making to avoid repeating past mistakes.
Getting punched in the face
- 1. getting punched in the face [email protected]
- 2. whatʼs all this...? -Tyson - Everybody has a plan until they get punched in the face -Humans aren’t wired to deal with risks and uncertainty well... -Newtonian...our brains evolved (well, some of us) from peanuts aimed at keeping us alive... -We see evidence of the same mistakes in some very disparate unrelated fields -We’re doomed to forever repeat the cycle unless we recognize this
- 3. #whoami -Don’t believe me? -Competitive boxer / MMA -World class competitive painball -Hax0r for 14 years...7 professionally -Poor trader... -Gambling step-dad...every weekend
- 5. boxing -People fear getting hit -Natural inclination is to cover up / turn away - gets you hurt even more! -The better you get, the more you have to entice the bastard to hit you, so you can hit him! -Over-defensive and over-aggressive are not good...
- 6. brazilian jiu-jitsu -When you think you’re screwing them... -Again, natural inclination is to lock up, use strength, stay still in a “safe position” -Fluidity, speed, mercurial moves are the key...get into bad positions purposely to force errors -Think 3 moves ahead...umoplata -> triangle -> armbar == pwned
- 8. paintball -Once again, getting shot hurts, so put your head down! Natural, but totally wrong... -Shooting left handed throws everyone... -Snap shots! Can’t adjust fast enough.. -The big moves bust the game wide open...and instill permanent fear (6 balls in the face) -Why not sacrifice a runner?
- 9. gambling
- 10. winners! -Winning too much too early can be a bad thing... -Get onto a hot streak...
- 11. -Mistake 1 - Betting “the house’s” money.. -Mistake 2 - “I’ve called it twice...I’m all in this time...” -Mistake 3 - Poor money management...forgetting the house has the edge
- 12. losers... -Losing is equally bad... -We sulk, we drink, we pout, we lose more...
- 13. -Mistake 1 - Paralyzed by fear...irrational... -Mistake 2 - Want to break even...or even worse, get back at the casino...lose more... -Mistake 3 - Money management (again)
- 14. misconceptions -We make stupid conclusions: -Coin toss...50/50...even if it’s come up 70 heads in row...the next toss can be heads or tails -”This machine paid out, it’s hot!” ... right... -Roulette, anyone? Or the lottery...you picked 36 and 35 came up.. -Card games, however, are not independent events... -Need to understand Expected Value... what the player can expect to win or lose if they were to play many times with the same bet -The house has positive EV in many games...
- 16. system du jour -Tons of holy grails... -Lots of gurus -Fundamental, technical, fibonacci, elliot wave, bollinger bands... -Lunar Cycles...
- 18. fundamentals... -Yeah, read the fundamentals in that one, mofos... -Analyst Recommendations - MUST BUY -The devils in the detail...(or in the footnotes to financial statements...) but you gotta look! -Value investors bought all the way down...hey, it was getting cheaper! -If you’d followed price....
- 19. but why? - A bird in hand beats two in the bush? - Totally natural to lock in profits and hold onto losses hoping they’ll turn...but totally wrong - We’re driven by fear and greed...look anywhere and it’s clear...we live by emotions - Kahneman and Tversky - Prospect Theory How people make choices between alternatives that involve risk (usually financial) Given alternatives :sure win of 500 vs possible win of 1000 :sure loss at same
- 20. weʼre so smart... -We explain everything after the fact -We look for logical explanations, reasons and patterns (coin toss) where there really are none -We make a call and stick to it adamantly, tying our ego to it...then we fear being wrong, which makes us hold on even when we know we’re wrong... -Confirmation bias... -Black Swan -It takes major testicular fortitude to kill your idea (and your ego) and switch based on what’s actually happening...but that’s the hallmark of the legends...
- 21. infosec
- 22. we suck -We suck at infosec -Ownage fast and furious -10 years of webapps and we’re worse then ever -AV? Psssht -Phishing...
- 23. overconfidence kills -But there is a clear issue, we know this...clearly it’s endemic however... -Even the professionals overestimate their skills / underestimate the risks -The password choosing scheme of a 6-year old...when you’re a target...really?
- 24. no, not just dan... -Ok, so using your www as *anything* but a www is an abysmal idea... -But come on...customer details...keys...creds...source to your products?! Come on! -WTF happened to security 101... -Would you trust a lawyer with a criminal record?
- 25. play it again sam! -We make silly decisions... -We don’t base our decisions on accurate / relevant data...or we read what we want into it -Recent events - availability theory -We underestimate risks / overestimate our skills -SQLi 10 years ago...who’da thunk it...?
- 26. and so?
- 27. where to from here? -We need to think, think objectively, and look at things empirically, not emotionally -We need to constantly re-check what’s *actually* going on, and adjust without emotion -A dose of realism -We need to get out of our comfort zone and think about things carefully...eg Threat Model -We take tons of risks and make tons of decisions every day, almost unconsciously...make more -Zero-sum - I’m more than happy to keep owning you... -Common thread...clearly the problem isn’t in each domain...it’s an issue with *us* -Think differently...