My favorite phrase in the English language is “the devil is in the details”. Simple, to the point, but what does it mean? It means, quite simply, the small things are the things that will cause you problems down the road. It’s an argument I have quite often with some of my colleagues and customers, “oh you worry too much, of course I remembered to plug in that extra power supply” or “that’s silly, who needs to test failover every month?” Contrary to popular belief, you should absolutely sweat the small stuff.

I often argue that something like 90% of security problems could be avoided if people just paid attention to the details. Of course you should validate input, of course you should know how your network actually works! How many people do? Sadly, not that many. This is why I’m so hard on my guys about spelling and updating tickets. I don’t care that they may not think it’s important if they mess up spelling the word “to” when they meant “too” - how can I rely on them to deal with a large scale network design? Simple answer is I can’t. (small disclaimer: MOST of my guys can actually spell :-) ).

This problem is seen in larger doses as you move up in complexity. It manifests itself in websites when they rely on simple client side technologies (Javascript) to validate data input. Why is this a detail problem? If you check the client side and not the server side, how do you know the data you got is the data you expected? You don’t, you don’t control the client side. The same goes for SQL injection style attacks on down the line. They are fundamentally detail problems.

Moving to the network side, detail problems are seen when dealing with even small networks. How many times have I been onsite with a network admin and asked “why is traffic X flowing across your network?” The response is “well I don’t actually know, I noticed it before but didn’t think it was my problem.” It almost always turns out to be the problem. This is a detail problem because your network should only be passing what you allow and you shouldn’t be allowing bad stuff to pass. It’s the “wild west”, as one network admin put it, only because you allow it to be.

As you can see, a lot of issues can be avoided when you pay attention to details and provide concrete justifications for things. This philosophy can and will save you time and energy as you build applications, networks or even companies. Ever heard the expression “cover all your bases”? Yeah, that’s my second favorite phrase in the English language and I don’t even like baseball. :-)