- Cyb3rSyn Labs - Newsletter, Library & Community
- Posts
- The Cyb3rSyn Kaleidoscope - Episode 2
We are going to cover a diverse set of topics in the 2nd edition of the Cyb3rSyn Kaleidoscope… Let’s dive in.
Table of Contents
The zero-sum game of security vs productivity!
Travis McPeak (Co-founder and CEO of Resourcely) posted about what he called as the “security poverty line”:
This means their security teams are underwater because of budget, political capital, executive support, or other factors.
I’m sympathetic to where Travis is coming from and to be honest I’ve also heard this from so many different cybersecurity professionals (even in “cash-cow” Silicon Valley firms) over the years…
Here’s is my take:
We as an industry know “WHAT” to do to solve security problems. For example, we know that FIDO keys are effective for mitigating phishing attacks.
But, the real challenge is not the “WHAT” but the “HOW”.
How do I get it implemented and rolled out in MY organization - with all of our “legacy” apps, “proprietary” frameworks, budget “constraints”, prioritization conflicts, etc.
You see, there are no security problems in any organization!
For example, if the CISO of a company says that Vulnerability Mgmt. is broken in an organization, that’s just the perspective from the cybersecurity organization.
When you start peeling the proverbial onion, you’ll notice that what’s really “broken” (or non-existent) is one or more of the following: Asset Mgmt. (Inventory), Config Mgmt., OS Image Mgmt., Automation, etc. in a complex web of interdependencies with so many other variables like budget, profit, promotions, headcount, etc.
Typically, there’d be many leaders individually chasing their own local efficiencies without any insight into global effectiveness and the long-term implications.
Security vs Productivity!
Security vs Innovation!
Security vs Velocity!
They play many such zero-sum games…
In a way, leadership is about achieving seemingly opposing or paradoxical goals.
But such problems are only abstractions - they exist only inside our heads.
You see, we can’t fix software security in isolation without fixing the underlying software development practices.
And that in turn depends on many things but a powerful factor is the underlying management systems in place.
Changing those management systems can’t happen without the existing leaders changing their minds, unlearning and relearning new ways of working.
The “𝘋𝑖𝘯𝑔 𝑎𝘯 𝘴𝑖𝘤ℎ”
In Kantian philosophy, the Ding an sich (German for “thing-in-itself”) is the status of objects as they are, independent of representation and observation. It was met with controversy among later philosophers.
Can there be any observation without an observer? How can one discount the role of the observer?
Let’s consider the “physical reality” we all know… Colors and sounds don’t really exist in the universe. Colors only exist inside our brains - that’s how your brain perceives photons of various frequencies.
Whether you are inside your home or office or out on a mountain, the entire “reality” your see is constructed by your brain. Sounds are just vibrations of air molecules.
Your qualia is yours and my qualia is mine - there is no way to independently prove that the way I perceive sky’s blue color is the same as you do.
Now, let’s consider “social reality”. John Cutler (I’m a subscriber to his newsletter - highly recommend it!) recently made a very insightful post about a seductive trap that many leaders fall for in a corporate setting. He rightly says:
One of the most seductive traps in management/leadership is the idea that there is one "reality" that, once discovered, will unlock progress.
Yes, there are facts, but ten people looking at those facts will have different interpretations. Those interpretations guide actions and relationships.
In the social realm, what is truly missing is a pluralistic/multi-perspective approach. Systems Thinking can help here… As the systems thinker C. West Churchman put it,
The systems approach begins when first you see the world through the eyes of another.
But, here is the irony. Even the institutions/consultants that claim to teach Systems Thinking, actually end up teaching Systems Dynamics and Causal Loop Diagrams (CLD) which are not very pertinent here.
Instead of CLD, you’d be better off learning about Strategic Options Development and Analysis (SODA) which uses interview and cognitive mapping to capture multiple perspectives of an issue. The implications of Second Order Cybernetics is still underrated in the mainstream. More about that in a future post…
Let me end this section with a pertinent quote from Heinz von Foerster
𝘐 𝘴𝘦𝘦 𝘵𝘩𝘦 𝘯𝘰𝘵𝘪𝘰𝘯 𝘰𝘧 𝘢𝘯 𝘰𝘣𝘴𝘦𝘳𝘷𝘦𝘳-𝘪𝘯𝘥𝘦𝘱𝘦𝘯𝘥𝘦𝘯𝘵 “𝘖𝘶𝘵 𝘛𝘩𝘦𝘳𝘦”, 𝘰𝘧 “𝘛𝘩𝘦 𝘙𝘦𝘢𝘭𝘪𝘵𝘺” 𝘧𝘢𝘥𝘪𝘯𝘨 𝘢𝘸𝘢𝘺 𝘷𝘦𝘳𝘺 𝘮𝘶𝘤𝘩 𝘭𝘪𝘬𝘦 𝘰𝘵𝘩𝘦𝘳 𝘦𝘳𝘴𝘵𝘸𝘩𝘪𝘭𝘦 𝘯𝘰𝘵𝘪𝘰𝘯𝘴, “𝘵𝘩𝘦 𝘱𝘩𝘰𝘭𝘰𝘨𝘪𝘴𝘵𝘰𝘯”, “𝘵𝘩𝘦 𝘪𝘮𝘱𝘰𝘯𝘥𝘦𝘳𝘢𝘣𝘭𝘦 𝘤𝘢𝘭𝘰𝘳𝘪𝘤 𝘧𝘭𝘶𝘪𝘥”, “𝘵𝘩𝘦 𝘥𝘪𝘯𝘨-𝘢𝘯-𝘴𝘪𝘤𝘩”, “𝘵𝘩𝘦 𝘦𝘵𝘩𝘦𝘳”, 𝘦𝘵𝘤., 𝘸𝘩𝘰𝘴𝘦 𝘯𝘢𝘮𝘦𝘴 𝘮𝘢𝘺 𝘣𝘦 𝘳𝘦𝘮𝘦𝘮𝘣𝘦𝘳𝘦𝘥, 𝘣𝘶𝘵 𝘸𝘩𝘰𝘴𝘦 𝘮𝘦𝘢𝘯𝘪𝘯𝘨𝘴 𝘩𝘢𝘷𝘦 𝘣𝘦𝘦𝘯 𝘭𝘰𝘴𝘵.
One more new feature update to the subscribers of the Cyb3rSyn newsletter!
If you are logged in as a subscriber you can set your preferences now. On the “Manage Subscriptions” page, you can now easily update your preferences. The brand-new preference center allows you to:
Change you email address
Edit your name
Review previous receipts
Downgrade or unsubscribe
Update your preferences
I’m curious to learn more about your persona so that I can customize content appropriately. Of course, you can always hit reply to the newsletter email and send me a note directly.
Subscribe to "I'm Serious" to read the rest.
Explore and experiment with multidisciplinary ideas from the frontier and escape the mainstream!
Already a paying subscriber? Sign In.
A subscription gets you:
- • 👩💻 Online access to the premium content archive!
- • 🤩 Unlock ability to interact with Comments, Surveys, etc.
- • 💡 Multidisciplinary insights for passionate human-centric 𝗲𝗻𝘁𝗿𝗲𝗽𝗿𝗲𝗻𝗲𝘂𝗿𝘀!
- • 💸 Survive-and-thrive guidance for post-ZIRP era 𝗺𝗮𝗻𝗮𝗴𝗲𝗿𝘀!
- • 🎉 A new way to think and lead organizations for "systems" aware 𝐞𝐱𝐞𝐜𝐮𝐭𝐢𝐯𝐞𝐬!
Reply