Being Pragmatic

Deriving a method is the way to derive objective knowledge

Author

Sam Benjamin Pragasam
May 14, 2025

Karl Popper - Image from Google Search

All organisms, from the simplest to the most complex, learn by trial and error. But there is a profound difference in the way this method is applied.

The difference between the amoeba and Einstein is that, although both make use of the method of trial and error elimination, the amoeba dislikes erring while Einstein is intrigued by it. The amoeba, when it makes a mistake, dies or suffers; it has no interest in its errors except to avoid them. Einstein, on the other hand, is fascinated by his mistakes: he consciously searches for them, because he knows that we learn from our errors.

This conscious critical attitude, this readiness to learn from mistakes, is what distinguishes human knowledge from that of other animals, and it is what makes science possible.

Karl Popper

i was been a pragmatic guy when i started the cybersecurity journey. Pragmatic is doing things practically without any idea or principle behind it.

Being pragmatic is just doing and not thinking about how or why we are doing it, or not thinking about the method. A method is important as it shows the way to derive objective knowledge.

To obtain knowledge, there are three ways: inductive reasoning, empirical observation, and scientific method.

  1. An inductivist relies on their own self experiences and beliefs. They start to view the world from their inductivist lens. Experiences and beliefs presupposes patterns. Seeing the sun rise daily will make you believe that tomorrow the sun rises or it never dies. Relying on your patterns is the blind spot. It is similar to having one eye opened and the remaining eye closed.

  2. Empirical observation is observing the real world through our human sensors such as eyes, mouth, ears. We believe what we see, what we speak, and what we hear. The problem with this approach is we never know all the information to decide on what is truth. Whatever we see, we speak, and we hear is just part of the truth. Without knowing the information, taking a decision or standing for what is right or wrong is not a better choice.

  3. Scientific method is the trial and error elimination. To create a trial, you create hypothesis, and to eliminate error, you have to criticise the current theories and methodologies, and create a better one.

Being pragmatic follows inductive reasoning and empirical observation. Both inductive reasoning and empirical observation does not include error elimination i.e detecting errors and eliminating them by creating a new observation, basically it does not support criticising your own beliefs and trying to attain objective truth.

Being pragmatic is to have subjective opinions and it never helps in deriving objective truth.

To convert a subjective knowledge to objective knowledge is to form a method out of your subjective experiences and criticise on the latest methods and latest knowledge known. This is the reason why experiences will make you ignorant. For example, if you see security champion program did not work in your previous company, it does not mean that it will never work in other companies. This is a generalisation formed out of experiences and we should beware of those generalisation we make because this is not how world works. In a probability thinking, just because it did not worked once , it does not mean it will not work next time. Only absolute thinkers will generalise because it is easy to do so and caught up in their own judgements thereby not ready to fail again.

Being pragmatic is being attached to your experiences and what is right rather than not accepting objective right. It will become a problem as you cannot unlearn or deattach from your experiences. Being pragmatic can make you blind and stuck.

Why do we have to choose trial and error elimination over the other 2?

One of the major reasons is that by using the scientific method, we criticise the current set of theories and create a new set of theories, thereby advancing the domain or helping the human race to reach the next stage. It is crucial for our survival. For example, Natural selection theory by Charles Darwin refutes all the previous theory, especially Lamarck's theory of evolution and we reach nearer to truth. We never achieve the truth rather we can get nearer to it. We can find ways to find errors and refute. we reach the stage of dogmatism if we think we achieved the truth.

Dogmatism

Relying on old theories because it works for you is dogmatism. Saying that “Gates, blocking, pentest methodology, waterfall testing, security review without a method” works are dogmatic approaches. Those old theories might work, it looks to you that it works. It is similar to war. War works. Winning a war also works practically, but it's not the right method to do so. Hurting the person will eliminate the problem and it works practically, rather than managing the person. Some of the new theories are “iterative testing, Threat Modeling, Supply chain Security” which we start to focus on and start to implement.

Future is the past

Most of the security vendors and influencers start to preach “Future is the past”. A company got breached due to a zero day vulnerability and hence you have to buy this product to protect you from these kinds of vulnerabilities. Security engineers try to convince the leadership to increase the budget/prioritise/invest in security efforts since some company got breached and it might happen to us. The problem with this approach is we never know.

Security events are not the way to predict what is going to happen.

Future is conjecture - You cannot prove what is going to happen in the future. You cannot predict based on the past data, rather prepare for it.

Security folks have to embrace that the future is conjecture, criticize dogmatic theories and advance security domains by forming new theories that refutes problems of old theories.

This blog post inspired from Karl Popper’s book “Objective Knowledge”

Reply

or to participate.