Leadership Moment: Communicating Uncertainty
In a recent (online) conversation about cybersecurity breaches and the sometimes self-inflicted wounds that companies suffer, I noted, “The ATM networks that went down during Slammer were mostly self-inflicted.” A colleague responded that “”Mostly” implies Slammer took down ATMs.” That’s a fair reading of the uncertainty I was trying to communicate, even if not what I aimed for. I was using “most” to hedge my knowledge – to the best of my knowledge, all of the ATM damage was self-inflicted, but a single counterexample would have rendered my assertion wrong. But in hedging, I opened an opportunity for a different miscommunication.
Precision is hard in written prose, especially when you’re balancing it against brevity, especially when you’re talking about complex systems. In this case, slightly better precision wouldn’t have taken up many more characters.
One Minute Pro Tip: Bring Your Own Touchstone
When you’re assessing “fit” – hiring, selecting a vendor, or even investing in a company – you should recognize that it can be a very adversarial engagement. Your counter-party wants to show you a version of themselves that meets your expectations, while hiding any part of themselves that might drive you away. A conversation focused on “How will this work?” will often slide past the most important question: “How might this not work?”
Before you start the conversation, identify your biggest red flags: what are the things that would cause you to decline to continue. Your early conversations should be applying these touchstones to see if this is a bad fit; once you know it isn’t, then you can proceed to find the right fit. You won’t always have time to do deep analysis on everything, but by identifying the most important things to test, you can quickly identify, and move past, the pitfalls that you need to know about.
Appearances
Future appearances
Sep 20: SANS CISO Roundtable
Sep 22: HexCon 2023, Four Dimensions of Building a Security Program
Oct 20: Triangle Infoseccon, Leadership Track
Oct 25: SIM Summit Boston, Cybersecurity Panel, Author’s Corner
Interested in having me speak at an upcoming event? Contact me via speakers@duha.co.
Chapter Cameo: The Magic of Simplicity
Any sufficiently complex system is indistinguishable from a simple system, opens Chapter 46 of 1% Leadership. You probably recognize that phrasing as a riff on Arthur C. Clarke’s Any sufficiently advanced technology is indistinguishable from magic. A challenging leadership skill is moving between the two – using the magic of simplicity when appropriate, but analyzing the complexity of technology. The challenge, of course, comes when trying to mix the two – applying complex analysis to a simplified model, or simplistic assessment to a deep technical architecture.