As usual, I’ll cover a diverse set of topics in the 4th edition of the Cyb3rSyn Kaleidoscope while acknowledging the role of the observer that I’m playing… Let’s dive in.
Table of Contents
On Entrepreneurship
Starting a company is like eating glass and staring into the abyss.
This well-known saying in Silicon Valley was the first thing that came to mind as I was listening to Santhosh, the Founder and Managing Director of Succeed Technologies Pvt. Ltd. talk about his journey at the 10th anniversary of the company.
I was invited to do a talk at the celebrations (at Leela Palace, Bengaluru) a couple of weeks ago. My talk was centered around surviving and thriving in uncertainty.
A few thoughts come to mind after reflecting on it the past few days...
✅ Most successful startups lose their pace of innovation as they grow. The "grown-up" executives who takeover the company see their people as just a means to an end, a cog in the wheel. But Santhosh isn't like that - he wants all of his employees to develop and become entrepreneurs when they choose to do so.
✅ While I talk to many founders (top of the funnel), the ones that continue to talk to me and open up their wallets for an engagement (bottom of the funnel) have one thing in common: Skin in the game! They own the company - it is their baby and are not funded by outside money.
✅ This in turn gives them optionality. Optionality allows them to pivot as needed. They can diversify and choose to work on things that matter to them. They are not driven by the next quarter's profit margins but play the long game and know what to say to "NO" to.
✅ I've written in the past about the exploit-explore dynamics and how one can use that as a lens to stay viable. Succeed is the perfect case study for it - Santhosh talked about how they pivoted the company from a purely services business into a services+products business. Product-based revenue has now grown to an extent where they simply don't have single points of failure.
✅ But, they haven't stopped yet and are continuing to build newer products and features and gaining market share in India and abroad.
✅ All of this was made possible by employees whose benefits and compensation have only improved. It was remarkable to see ex-employees (some even travelled from out of state to attend) come and participate in the celebrations and also get recognized for their contributions that they did years ago.
✅ The journey was not all smooth! There were times when the water was so rough that it could sink the ship. As the saying goes, "Rough waters are truer tests of leadership. In calm water, every ship has a good captain." and I'm glad Santhosh was at the helm!
✅ Also, for passionate entrepreneurs work-life balance is a myth. The margins get blurred & they merge. It was awesome to see his family join the celebrations - one can tell that Santhosh didn't do all of this alone. He knows that this is a team-sport and appreciates it both at home and in the office.
Santhosh is a great inspiration to budding entrepreneurs and I've been lucky to have known him for a long time & to get the opportunity to participate in this journey!
My Observations from India
During my India trip last month (way before the current conflict with Pakistan), I travelled to four different states and spoke with a wide variety of people. One fascinating perspective I gleaned from those conversations is that for a few folks, the most expensive purchase was not their home or car - it was their smartphone.
The conversations also made me wonder if “financialization” and “tokenization” of assets using technology is a net positive for the society. What are stocks? They represent partial ownership of a company.
Publicly available stocks was (& still is) the best way for the common man to build and preserve wealth over time. But, just because it is now easily available to “trade” online using mobile phones has made millions of people gamble on whether it’ll go up or down in a particular day or even hour of the day.
India accounted for a staggering 78% of equity options contracts traded worldwide in 2023! 95% of those were only held for less than 30 minutes with only 10% of them making some money. This reminded me of another quote from Buffet from this year’s annual meeting about capitalism in the USA.
“… it's a combination of this magnificent cathedral which has produced an economy like nothing the world's ever seen and then it's got this massive casino attached. So, you got the cathedral and the casino and in the casino everybody's having a good time and there's lots of money changing hands... you’ve got to make sure the cathedral gets fed too.”
Only a small percentage of India is actually playing this zero-sum game. But, it is the cross-section of the population that has the biggest potential, income and education to build something productive.
That smart phone that they purchased for just Rs. 25,000 ended up costing them tens of millions of rupees (aka “crores” in India), pushed some into bankruptcy and others into taking on too much debt. For some, it even cost their life (suicide).
Gambling is a form of addiction. I hope more people snap out of it and seek better ways to cure their boredom.
But, the environment may not be conducive… While watching the IPL Cricket series in India, I was shocked that the most repeated ads were all some forms of addition:
Sugar (Cola, Biscuit, Chocolate, etc.)
Tobacco & Alcohol (masquerading as Indian spices promoted by Bollywood actors)
Gambling (masquerading as fantasy sports or trading apps)
It is ironic that the lessons of The Mahabharata are lost on the country.
Modern Security Podcast
I had the amazing opportunity to be a guest on the modern security podcast hosted by Clint Gibler. Please check it out and let me know your feedback - here is a quick post that adds more background/context for the podcast:
“𝙔𝙚𝙖𝙧 𝙖𝙛𝙩𝙚𝙧 𝙮𝙚𝙖𝙧, 𝙞𝙩 𝙞𝙨 𝙩𝙝𝙚 𝙨𝙖𝙢𝙚 𝙙𝙖𝙢𝙣 𝙫𝙪𝙡𝙣𝙚𝙧𝙖𝙗𝙞𝙡𝙞𝙩𝙞𝙚𝙨 🤯
𝘠𝘰𝘶 𝘬𝘯𝘰𝘸, 𝘪𝘵 𝘪𝘴 𝘵𝘩𝘦 𝘴𝘢𝘮𝘦 𝘟𝘚𝘚, 𝘊𝘙𝘚𝘍, 𝘦𝘵𝘤 - 𝘪𝘯 𝘥𝘪𝘧𝘧𝘦𝘳𝘦𝘯𝘵 𝘤𝘰𝘮𝘱𝘢𝘯𝘪𝘦𝘴 𝘢𝘯𝘥 𝘢𝘱𝘱𝘴 - 𝘪𝘵 𝘪𝘴 𝘭𝘪𝘬𝘦 𝘴𝘩𝘰𝘰𝘵𝘪𝘯𝘨 𝘴𝘪𝘵𝘵𝘪𝘯𝘨 𝘥𝘶𝘤𝘬𝘴.”
You often hear this from the security consultants that specialize in penetration testing.
When I was a security consultant, I was intrigued by this phenomenon:
While I was working with some of the smartest security experts individually, collectively somehow they were ineffective in achieving their security goals. They couldn’t do what they said they were going to do the previous year…
Technically, the WHAT (to do to fix XSS vulnerability) was clear. The sustainable HOW was mysterious. The HOW was also very much a social phenomenon. Politics, Turf war, emotions. Different people use different words to describe their understanding. Organizational psychology is a fascinating field.
I realized that I can’t be effective at my job by ignoring the “socio” part of a socio-technical system… Naturally, I became intrigued by the social aspects of organizations and its impact on software development and software security.
"𝘞𝘩𝘦𝘯 𝘢 𝘴𝘵𝘢𝘳𝘵𝘶𝘱 𝘧𝘢𝘪𝘭𝘴, 𝘸𝘦 𝘰𝘧𝘵𝘦𝘯 𝘪𝘮𝘢𝘨𝘪𝘯𝘦 𝘪𝘵 𝘴𝘶𝘤𝘤𝘶𝘮𝘣𝘪𝘯𝘨 𝘵𝘰 𝘱𝘳𝘦𝘥𝘢𝘵𝘰𝘳𝘺 𝘳𝘪𝘷𝘢𝘭𝘴 𝘪𝘯 𝘢 𝘤𝘰𝘮𝘱𝘦𝘵𝘪𝘵𝘪𝘷𝘦 𝘦𝘤𝘰𝘴𝘺𝘴𝘵𝘦𝘮.
𝘉𝘶𝘵 𝘦𝘷𝘦𝘳𝘺 𝘤𝘰𝘮𝘱𝘢𝘯𝘺 𝘪𝘴 𝘢𝘭𝘴𝘰 𝘪𝘵𝘴 𝘰𝘸𝘯 𝘦𝘤𝘰𝘴𝘺𝘴𝘵𝘦𝘮, 𝘢𝘯𝘥 𝘧𝘢𝘤𝘵𝘪𝘰𝘯𝘢𝘭 𝘴𝘵𝘳𝘪𝘧𝘦 𝘮𝘢𝘬𝘦𝘴 𝘪𝘵 𝘷𝘶𝘭𝘯𝘦𝘳𝘢𝘣𝘭𝘦 𝘵𝘰 𝘰𝘶𝘵𝘴𝘪𝘥𝘦 𝘵𝘩𝘳𝘦𝘢𝘵𝘴.
𝘐𝘯𝘵𝘦𝘳𝘯𝘢𝘭 𝘤𝘰𝘯𝘧𝘭𝘪𝘤𝘵 𝘪𝘴 𝘭𝘪𝘬𝘦 𝘢𝘯 𝘢𝘶𝘵𝘰𝘪𝘮𝘮𝘶𝘯𝘦 𝘥𝘪𝘴𝘦𝘢𝘴𝘦: 𝘵𝘩𝘦 𝘵𝘦𝘤𝘩𝘯𝘪𝘤𝘢𝘭 𝘤𝘢𝘶𝘴𝘦 𝘰𝘧 𝘥𝘦𝘢𝘵𝘩 𝘮𝘢𝘺 𝘣𝘦 𝘱𝘯𝘦𝘶𝘮𝘰𝘯𝘪𝘢, 𝘣𝘶𝘵 𝘵𝘩𝘦 𝘳𝘦𝘢𝘭 𝘤𝘢𝘶𝘴𝘦 𝘳𝘦𝘮𝘢𝘪𝘯𝘴 𝘩𝘪𝘥𝘥𝘦𝘯 𝘧𝘳𝘰𝘮 𝘱𝘭𝘢𝘪𝘯 𝘷𝘪𝘦𝘸."
Many cybersecurity experts are missing the social aspects of achieving effective security outcomes. We like to talk about major breaches as pure technical issues (for example: lack of a control, feature, tool, process, etc.).
But those technical issues don’t exist in isolation and unaffected from the organization’s employees’ and their social structures, interactions, incentives, goals, priorities and ambitions.
We can’t fix software security in isolation without fixing the underlying software development practices. And that in turn depends on many things but a powerful factor is the underlying management systems in place. Changing those management systems can’t happen without the existing leaders changing their minds, unlearning and relearning new ways of working.
Traditional management consulting is just outsourcing of thinking - it is mostly about seeking “solutions”. Seeking “solutions”, “actionable” advice, “best” practices, etc. - they are same as asking “tell me what I can copy”.
For leaders that don’t want to outsource their thinking, multidisciplinary insights from complexity, cybernetics and systems thinking can help you develop a completely different worldview about your organization and situation, which then leads to effective outcomes.
We explore these ideas with premium newsletter content, exclusive books, training, podcasts and more on the Cyb3rSyn Community. Join fellow cybersecurity professionals and executives with a 50% off Founder’s Club discount.
The end of an era!
Warren Buffett is retiring as CEO of Berkshire Hathaway at the end of this year. Buffett and his late partner Charlie Munger have been great advocates for multidisciplinary thinking and have been a great influence on me.
Last week, I took some time to listen to the entire Q&A session from their annual shareholder meeting, that pulled in record crowds.
Warren has been very humble and acknowledged how lucky he has been starting from being born in USA. In the annual meeting, he even gave credit to Tim Cook for making more money for Berkshire in the last 10 years - compared to what Buffett did in the last 55 years as its CEO.
On the professional front, out of all the “buy” decisions he made over his lifetime, he has acknowledged in the past that only 12 of his stock picks did REALLY well, the rest were “meh” or complete duds.
Here are some of the quotes from the event that stood out for me…
For Leaders who manage with only Quantified Goals:
"If you start focusing on what number you're going to produce, you will quickly get tempted... to play around with the numbers."
"I've seen people... I trust them in all kinds of other ways, but they regard playing around with numbers as perfectly okay."
For Executives who do “Quarterly Reviews”:
"I didn't want people that were sitting around having people present to them every three months and tell them what they wanted to hear."
For Executives who chase Quarterly Profits:
"We don't do anything based on its impact on quarterly and annual earnings."
"There's never been a board meeting I can remember... where I said, 'If we do this, our annual earnings will be this, and therefore we ought to."
On Market Risk:
"The more sophisticated the system gets, the more the surprises can be, out of right field."
For Anyone that is just Getting Started:
"Don't worry too much about starting salaries. Be very careful who you work for, because you will take on the habits of the people around you."
This final quote reminded me of my own journey when my first employer was struggling financially following the dotcom bubble. Excerpt from an old post:
The company was still struggling to make payroll. There were a few months when I didn’t get any salary while my peers from school and college were making 2x-3x my salary.
I stayed with my parents and packed lunch to work like a school kid, not able to afford to eat out on a daily basis. Meanwhile, my friends began buying motorcycles, cars, and making down payments on new homes.
The mimetic desire to seek what they desired was definitely there. I would be lying if I didn’t feel the pressure when I met them to hang out.
But, I didn’t fall for the temptation to switch jobs to make more money because something weird happened to me. I found a new ‘model’ in the CEO of the company.
That’s it for this week. Please reply to this email with your comments/feedback (I read all replies).