Enterprise Security Leadership: Conflict Resolution for Cyber Leaders
1 hour 1 minute
good afternoon, everyone. Today's topic. Conflict management, powered by Cyber A for teams, is one of the many assets security leaders must have to be proactive in their approach to addressing skill, gaps, risks and security. Today, cyber for teams helps organizations build a cybersecurity enabled workforce
to tackle new challenges,
handle security incidents and prevent data breaches. If you'd like to learn more about cyber A for teams, you can schedule a free demo and the link we're going to be sharing out in the chat
for a limited time. Only anyone who schedules a demo in June or July will be invited to join an a m A session with Ed right after the Siri's. And without further ado, I'm gonna hand it over to Ed.
Oh, thank you very much. That all sounds great. And I wanna welcome everybody to our second session. If you miss first. When I'm pretty sure you get the read the replay. Um, and I want to give you a couple things. We've written a series of case studies that kind of go with the six lectures, the successions.
I didn't make a big fuss about it last week cause you wouldn't have had a chance to read it.
But what we'll do is in the chap will make the link available. You can download the case studies, they match up with each of the sessions, and you should read them. It's this fictional kind of scenario that that we invented, and it includes some discussion questions that you can take back with your own team and use during Ah,
you know, either town halls or team meetings. I always
I'm looking for interesting things to do a team meeting, so this might be something that you can use. So take a look. What I'd ask you to do is, if you plan to come back for the next session, read the 1st 2
between now and the next time we get together and and we'll spend a few minutes discussing next week, just they vanity thoughts or comments or questions you might have about the case studies. Now we're gonna go about 40 45 minutes or so that my good friend Chris Ca Becca from hyper seconds on, and we're gonna
here a little bit about her.
Her journey to cybersecurity and she's got always has some good stories, so we'll ask her to share a little bit. I think you'll enjoy hearing from Chris, but it means the topic. Today's air in conflict resolution for those of you who are new to the sessions, maybe didn't do
are our course last year and didn't sit in for the basic idea here is that my presumption is those of you listening here would like to move into a position of management, government, governance, leadership. It's on in the area enterprise security.
So you may be an individual contributor Now. You may be a man you're now, or you may just be getting started. But in all of the cases I mentioned, I'm assuming that you'd like to develop some leadership skills. If you are the world's greatest pen tester and you don't like dealing with human beings and you just want a pen test,
this probably isn't the course for you, because all really better interpersonal skills.
And the reason I'm doing this is because there are a lot of courses on this, but none that I think talk to the specifics of what it is to do. Cybersecurity were an odd bunch,
and sometimes just speaking in a language that you understand and using examples that you understand will bring some of the leadership concepts delight. But if you if you know if you've taken leadership courses before, you'll see a lot of similarity
in the in the key messages here and and this week we're going to focus on conflict resolution, and I've got some nice examples and give mobile jar examples from Enterprise Security. But as we always do,
I like to start with just a basic statement of belief here. And that's that You'd better figure out how to develop some conflict resolution skills if you want to manage in this area. Sadly, what we do
is pretty well set up to create conflict. You know, the joke is that when you do cybersecurity of the department of no, you don't wanna be that. But yeah, I mean, that's kind of the idea here that at times
it's your responsibility as the senior or one of the senior enterprise security leaders
to make sure that if something's going left and it should be going right, that you speak up
and that's going to create conflicts, you are gonna have to develop some skills on hopefully our our session today. We'll give you some ideas. Well, the way you should listen to these is not to absorb everything and take notes and get every little idea.
But listen and be somewhat promiscuous around the things that sound like they match your situation. If it
if every time we get together for an hour, you get one or two ideas, then that's so worth it. That's why I do Webinars, you know, like when I'm home and taking a break, you know where somebody else might go out for Iran Pretty healthy than to dio. I tend Teoh
to listen to Webinars and listen to podcasts. And I'm always looking for an idea, a thought. Something connects. The great ideas are infectious, aren't they? Like if you want to influence people
that have good ideas and share them in a clear way, be sort of engaging, and you'll have some influence. So So we'll go through that now, on this topic of conflict resolution, I'm going to jump right to sort of the last thing here. In a minute. I'll fill the sin with something,
but this is, I think, a grid that most of you can understand
so that when you're dealing with a conflict, when you're viewing another individual there, these X and y access here,
where access where cooperation is along the horizontal axis but being assertive in a sense, you know, which is not the opposite of cooperation. But it's, ah, positive
kind of Ah, now that you can use that is like, you know, non cooperation, you know, in one right that but it's serving. Assertive is important, but also cooperating is important. And you can see the four elements here always like this. I think that there's a time for all four.
If you're gonna sort of memorize something
to uses your crib sheet
conflict resolution, you're gonna be living in one of these four boxes like there is a time to avoid conflict. You know, it doesn't you're not gonna cooperate, and I could be assertive. You're going to step away. We can all think of 1000 times when that makes sense.
You know, I've been married for 35 years. There's a reason for that. I've learned to avoid conflicts of their times. When that makes sense. There's also a time just moving from left to right to be accommodating right where
you know, you want to be assertive, but, you know, there's times when it just doesn't make sense. You know, anybody who's involved in politics knows how that works.
Now go from jumping from avoiding, you know, North one box two competing. That's where you really are going head to head. And most people, when they think of conflict avoidance, immediately jumped to that right. You jump too. Well, we're gonna We're conflict resolution. We're gonna we're gonna compete you against may resolve this thing.
And, you know, whoever stands up first,
um, is the winner. So that top left boxes what most people think of, But I think you'd probably agree that the top right box is the best place to bay, right? That's where you're being both accommodating and assertive. You're collaborating. It's it's That's when everything sort of firing on all cylinders.
So good thing to memorize, you know, as you're about to go into a negotiation,
you know, maybe you're upset with your pay, and you want to go talk to your boss. Maybe it's the head of infrastructure, CIA, whoever, and you're gonna go sit down and tell her that
Hey, um You know, I'm not happy with my, uh, my compensation.
And here's my case. You should be thinking, Where am I going to be in this? Like if you decide not to do that, you've avoided the issue. If you go in and your boss says, forget it, hit the road and you say okay and you run out, you're being accommodating.
If your boss says no, forget it. You fall drums and say, I'm not leaving until you sign on the dotted line. You're being competing.
But if you decide to engage in an intelligent conversation, you're being collaborating. And what this all amounts to is compromised. So that's the idea. Compromising has elements of all four of these. So I think that through, I think it's a powerful
kind of thing in, You know, look, we're all a bunch of gearheads. That's why draw these diagrams because I think that's the way most of us think.
Now there's this book that was popular a long time ago, and I alluded to this last
last week. This one, this book called Getting T s very, very popular, you know, a couple of decades or so ago. But I like the title. I don't like the subtitle, frankly, negotiating agreement without giving in. I don't agree with that at all,
but I do agree with getting to yes, like that's another thing to memorize, because the whole idea is to get your whoever it is you're working with rather say partner than adversary. But whoever it is you're negotiating with an and feeling conflict with the goal is to get to some sort of yes, and
we'll go through some examples here. We used against some cybersecurity scenarios, but I'm sure a couple just from sort of politics and life,
these two guys are about as different as you could imagine from on the political spectrum. Ronald Reagan and Tip O Neill Tip is a Boston politician, you know, hard nosed Democrat and Reagan on the opposite end of the spectrum in old Barry Goldwater style Republican. Both of these
in some sense or sort of fossils. Now I'm not sure either of those
parties really exist, but here's what I love about this
you, everyone on this call. Everyone listening right now has an adversary at work somewhere we all do. There's somebody who manages to pull your chain um,
don't know who it is,
but I would advise that if it's somebody is sort of a pier and kind of pulls your chain a little bit,
take a lesson from Reagan and O Neill and go make friends with that person. I don't care how you do it,
but you should write it down is the goal from now until December 31st 2020 there's somebody pulls your chain and really makes you just constant conflict and always causing problems.
Then find that person, I guess nowadays with Caroni. Kick what the dinner, but find some way
the break bread. And that's what these two guys did
like. They used that cartoon when I was a kid, where these two cartoon characters would try to kill each other all day, and then they get their lunch pails and walk home at the end of the day of the Best buddies. The next day, go back to work and beat up on each other again. I think it's an amazing way to think about conflict between individuals and
and even group,
so I want you to do that. I know that there's somebody I hope it's not. 10 people. By the way, if if you find yourself, you diagram all your conflicts and it looks like you sit as the center node on this big, complex structure
of conflict that maybe you're the problem.
So you shouldn't have more than a couple of these. If you do, then you go look in the mirror and think, you know, my being a little bit too barbed and everything that I dio. But but this is I like this picture because you should try to find a way
to get that person
individual. You know, get her or him get a hold of them and say, Hey, listen,
you know way tend to, uh, have a lot of conflict of work. Let's talk a little bit. Bridge grow up.
They were. How'd you come to this job?
You kids do you have how many kids do not have? You know? What do you like? What? Your what? Your hobbies. What do you enjoy? And I guarantee you're gonna find some things that you'll have in spectacular common.
And then that's the thing that will provide that connection between you and that person and you'll find that you're gonna be way better resolving conflict Moving forward. Here's a famous picture came through a little blurry here, but this is the Camp David accords,
you know, which amazingly is 42 years ago. He was like, This was just I was in high school,
but it was Jimmy Carter reason I like the picture Here is not so much about the politics or anything, but this was the result of these folks getting together for 12 days
in sort of secret negotiation.
Think about that. You got a couple of adversaries
and somebody arbitrating in a President Carter
and they sat for 12 days of negotiations.
Camp David. I love that image because I think
they're going to be times when you and your team are you on a customer or you in a sponsoring organization or you and whomever.
Probably not a militias adversary like to nation state adversaries. Probably get up, sit down for 12 days of negotiation. I wish they would.
But the idea that you plan, ah, structured negotiation to come to some agreement
that product doesn't happen that much of business, does it. I think about your own career. Have you ever had a moment like this
where you're in the middle or you're on either side.
Have you ever had one where there was a problem?
You set out to solve it?
You took the time to fix it.
And then at the end, everybody was smiling and against funding with Corona virus. It looks like they're sharing, you know, Covad 19 doing that. But you get the point.
If you've never had a moment like this. What a shame, right? I mean,
I always have all these stray comments, but I'd ask that at some point you and your team think through was your best moment at work. What was the best day you ever had at work?
And we'll come back to that in a future session. But give that some thought. If you've never had a moment like this,
then why don't you go create one?
You know where there's some conflict that teams together, fix it and then celebrate The resolution of that conflict doesn't happen often, but when it doesn't could be very powerful. Now I want to take you through, you know are typical. We always have eight rules here and a bunch of examples and stories and so on. then what? I want to believe some time here that we can talk to Chris.
But let's go through some of the basic rules here, and these are ones that you can cherry pick. Which ones resonate with you. Someone,
Um, but the 1st 1 has to do with empathy.
Here's Here's what I think you should recognize
is a major difference between individual contributors
managers meeting, meaning your supervising, the work of others. And and they're people who rely on you
for both management leadership and also performance review, single raise and paycheck. They're trying to impress you.
An individual contributor
is does not have a lot of eyeballs on her or him during their work. We want to see the output of the work. I want to see the output of your tests. I want to see the code you've written. I want to see the document you created,
but the way you got to that is probably not as important, right. If you want somebody to write security policies for you
and they like to do it in bed with a crayon, India care, Probably not if it's good,
but managers in the other hand leaders, executives who are guiding a team along. People are watching you,
and I've found in four decades
you know kind of anger and resentment or maybe the worst emotions to feel more on that when we get to roll ***.
I've always felt empathy is the best one toe have not smart.
You know, we all like all of us, if any three or four of us air in a bar somewhere, talking, we're on enterprise Security.
You know, we're talking about, you know, vendors and AI machine learning and hacking an endpoint Security. That's what we all like.
And we're all evaluating each other as peers based on her technical competence. So you're gonna hear from Crescent little big and smart presses, and you're going to say what? Chris is awesome and don't know anything about actress managers or doesn't manage, But your man you're observing the technical competence as a manager.
The technical competence is a relevant,
and I found that if you condemn in straight empathy, what empathy means is being able to climb into the other person's shoes,
you know, like the spy recruitment example that a reference here about a few cases, tough cases
where spies have been identified in some context that I'd rather not get into right now.
when I when I would go to sort of dig into afterwards what the scenario might be
worst furious, like I cases where you just absolutely furious that some individual that maybe had some connection to turns out to be working for saying a country that you know a lot crazy about Remember one case where I wanted to be furious, but I dug in a little bit. I asked the government to share a little bit of the detail,
and they told me that this individual
basically gotten a call from the home country saying,
We just moved your mom into a better place
and and this individual knew what that meant.
It meant you better do what we say,
and I remember just sort of stealing on that for a little bit thinking about that. And while I don't condone the activity, it gave me a least a little bit of empathy because I kind of understood. I get it from often some kooky countries somewhere,
you know, and they call me, say, the United States calls and says, Hey, listen, we got your mother here.
Well, what do you supposed to do? You know what I mean? So again doesn't condone it, but it helps. You sort of developed the habit of empathy,
and I think is a manager. It's something that I strongly urged that you you build some sort of a
a facility with so that you do understand what it means to be empathetic. Let's go to the next one.
This is a conflict and wisdom. Recognize that when you, when you do have conflict,
that's progress, right? If you can work your way through conflict, that's progress. I don't think you can measure progress
in units that include no friction, no friction, no growth. That's just way worse.
So think of conflict as an investment. That's a weird kind of thing, right? Like it's time there's conflict. Instead of being furious
and throwing your briefcase down and saying What is going on here?
I don't need this.
Well, why don't you think it a different way and think of it as an opportunity? You know, when you pull a Q and Scrabble a lot of power, do you don't say ah *** am I going to use this thing usually pretty happy, because, you know, there's some some punch to that letter
and you pretty happy what conflict has punched, too. So I'd ask that as you work your way through these things on a day to day basis, that you remember
that that conflict brings and wisdom allows you to make progress. Now there's a good one, because this is
this is something that I think resonates with cybersecurity individuals. I am using the phrase reset reboot. But here's what. Here's what this means.
This means that you can be certain
that there will be misunderstandings once you are a manager like one thing that
I've often recommended
when you put a management team together,
you should kind of melt together personalities
that that are different, meaning you should program the conflict in If you've ever read Doris Kearns Goodwin, the book about the Reagan era I'm sorry, the Abraham Lincoln
Cabinet team of rivals. I think it's called,
um, going by memory, but I think that's what the book was called.
It's amazing story of putting together a group of recent Bring That Up Is
that at some point the leader leaves
and a new group has to be put together. I think that's in some sense, a reset or reboot like always reminds me that there times when it's a good idea to just kind of reboot and start over.
I can't tell you how many times
there been conflict situations for me that have festered.
Where we both there. Sometimes it's more than one or two in the group agreed. Hey, it's time to just reset this thing. So think about your own situation right now.
When you're driving home, we don't drive home anymore. We walk from their desk to the kitchen home now, but in a couple months would be driving home again.
And you're really, really thinking about that thing. That problem, that individual that everybody listening can fill in the details on that.
So I think, for a moment what it would mean
to reboot that relationship because it me,
does it mean
visiting with them and symbolically ripping up a piece of paper and saying That's our old relationship? Let's start over, or does it mean you've got Mary in charge of the relationship and now you're gonna marry? Is good at a bunch of things. Hey, let's move. Marry out. I'm gonna provide. You know, Alice is now going to come in and be your
new layers are
We're just going to start over with the new couple of folks here that can just kind of reset, rebuild and reboot. That's a really powerful concept,
and I'm guessing some of you listening right now have that situation. And it would be my advice that if you do have that situation, consider this rule number three. I've found it to be very powerful
before this is related,
and that's great. Relationships
often start with conflict. Really Dio.
That's why I really believe that I should putting a team together.
You should never, ever pick people to work for you or just like you.
Eso There's another question for you. Let's say you are a C cell or let's say you manage of urine Enterprise security manager, and you've got no that's your vulnerability management or
pen testing vendor selection or something, and you've got a handful people working for you. If those people working for you,
our direct reflection of you, meaning you finish each other's sentences, you act the same. You look the same. You have the same kind of personality and approach that I would consider that a weak team. I don't even have to ask you what you dio. It's week. I know right off the bat. It's weak
builds more robustness in a team than diversity. And, you know, we talk a lot about diversity in a social context, and that's part of it. But what I'm talking about his diversity here in the way you actually deal with issues in the way your instinct leads you to solve problems.
So for me personally,
I've always been a conflict avoider,
and I've also been someone who
I would rather just give up and let somebody
take the win the argument just so I can get back to something I think is important. And I knew I had a tendency have always had the tendency.
So what kinds of people do I like? Toe have reporting to me,
people who are just the opposite,
who are gonna dig their heels in
who actually in some sense are comfortable with a little bit of conflict
and would be the 1st 1 to pull me back and say it. Hold on a second. We're not walking away from this.
This is There's an injustice here. If you're not willing to stand up, I'll do it times you know, me being the week negotiator that I often am. I dio I say, Dude, it's yours.
And usually more often than not, the result is better than if I had had somebody of the same instinct. That's why when you have, that's the concept of a yes man and apologize for the referent of. It's just that yes, went women, I'm sure have them too. But the
colloquial phrase reviews for years is, yes, men. And that's having a team around you
that just says, Oh, they're so great. You know what a great answer that was. Bossom G. It's so great to work for you and your so And if you're in that situation, then you are a a weak leader. Be. You've got a week organization and see You shouldn't even be in a position of leadership,
because if you need that kind of stroking May because Mom didn't hold you enough when your kid or something,
then you should not be leading an organization. So you need to be mature enough to recognize the great relationships. Start with conflict. I've retired from my full time position is a seaside. You know,
I'm an analyst now. I teach, but
But back when I was sort of more active in a day to day role, there were people who had very different opinions than may. I gotta tell you that the people that I sort of cherish reconnecting with
enjoy it. I always felt like they were the most honest ones. They were willing to go right toe to toe with me
and make me better. Make all of us better. So recognize that if you have conflict with somebody at work, for God's sakes, don't book that on the on the liability side of alleged. That's an asset,
if you if you If you have a conflict with somebody about what you treat problems put, book that on the asset side of your ledger. That's a good thing,
something you should be proud of. You should display it and you can display. There's a lot of symbols. You'll know that the little symbols that we throw out see during meetings.
The way we respond to comments the way. We allow people to speak first where people sit. You know who we sort of nod? Teoh. Umm, those little symbols are important. And if somebody's let you have it during a meeting and then afterwards everyone sees you over joking with that person.
That's a symbol that demonstrates what you value that you value people not being afraid
to step up with conflict. So don't be a wimp here. This is important. Conflict can produce great relationships now, no Contra positive here is sometimes refusing to engage is really effective,
you know? And I don't mean refusing to engage in some sort of ah, passive aggressive or away. I mean, sometimes it's just not the right,
um, situation that the right context
um, the right, the right time to to engage, comes walking away is really important. And the high road is important too,
I guess some things getting a little bit ridiculous. There's a discussion. You're in a meeting and things were going awry. I've been in some meetings recently where
the discussion has been around, C, C, p A and GDP are, and how intently
organizations should be really paying attention to
privacy. And there been times when I heard the conversation just going way in the wrong direction. You know, around had a quote unquote get around those kinds of things,
and and I wanted to say, Come on 100. But people by a bunch of jerks, those regulations where they hate or love regulations, privacy rules and rites like the rights that CCP offer
that there for a reason. And it's not these arbitrary things that are there torture, security teams,
you know, with the locating data. And it's your job to get quote unquote get around it. So I've been in those meetings and I remember just wanting to say something
and then saying, Ed,
now is not the time.
It's not the time. And I blogged recently about what a bad board member I am like. I've sat on some boards, some pretty high profile boards, and I was always that guy and still kind of am. I says, One of my weaknesses is that I don't follow Rule five,
and a lot of times I can't stand it. Something is said that stupid
and I'm waiting and then a heave a sigh and I say all right, and then I have to engage, and sometimes it embarrasses someone. Sometimes it infuriates
whoever is leading the discussion. In my case, it's and I've infuriated many a major CEO that just wanted to kill me.
And I remember coming out of a couple of very high profile meetings where I did this and I called my wife
and I was started chocolate. But she was, And she's like, you know, probably said something like
they had refusing to engage is often effective. She said something like that. You know, just there's a time and a place for conflict.
So if you're like me and listen cybersecurity people, we are so prone to that. You know where we are.
We're prone to logic on. And, you know, if you hear somebody say something, stupid times, I just can't stand it. I have to say something, and it's a real weakness from me. So work on that. If you're also that person,
then thank you probably have had some amusing times. You know where you win the argument? Probably. You know, you end up losing the war, so don't
don't allow that to be habit. That's a really, really dangerous Have it. Make sure you're willing to
to walk right now. The real six, I think maybe the most important one here. And I want to spend a little time with us.
in a career,
that span, you know, for decades for me
I can almost categorize everyone that I've ever worked for
into two camps, the ones who are get angry all the time and the ones who don't. So you can't change who you are,
you know, And I do. I have tend tohave on anger streak. I hide it.
My mother and father joke that,
you know, my Amoroso is a Sicilian name and we joked that maybe there's, Ah, a little strain of anger that comes through
from my great great grandfather to my grandfather. Like my anger streak there
that I don't know, that there's much I could do about it. Um, you can't make it go away,
but what I can do is I could learn to manage it. Now if you are a person who has a very calm nature,
that's good. I mean, sometimes little anger is good. Give you a kick in the butt, but, um, if you're if anger is not a problem for you, then Rule six is not all important. But if you're like me,
I'm gonna guess. You know, we've got almost almost 300 people here listening only gets half of you.
I have problems with anger where something just infuriate you.
Here's what I want you to dio. And this is what This is one thing. My my dad recommended it
and I'll give you a couple of examples. But what he recommended was, don't make decisions when you're angry, period.
Just don't make don't don't engage decisions when you're angry.
So here's the way I've translated that I've been teaching over its Stevens for 32 years now. And while you know, for the last four and when I pass out exams that I mean the graded exams
and give it out to the class, I would say the following. I say I read in the Dale Carnegie
how to win friends and influence people that apparently the German army,
you know, through all the wars that they fought,
had this rule. That said, if you have a complaint,
you can make complaint anybody to make a complaint.
but you have to wait 24 hours before your complaint is engaged.
So that means you can say I have a complaint. Fine clock starts now. You can't tell me the complaint,
but 24 hours from now you can see what I hand out exams. I always say I will listen to anything you have if you're angry, your grade. If you think I was unfair, I'll listen to anything. But not now. We're gonna talk next week.
I see. So people come up to go and I say, Listen,
next week, we talk. Not now. Next week you come next week, we talk 100%. I'll sit here for three hours if every one of your angry will talk all and what? I found this since doing that, something like 90% of the complaints go away
because that moment of anger somehow travels something softer and eventually gets to a position that's much more rooted in fact. And there are times when the anger is justified. Somebody didn't add the numbers, right? And it's wrong. Hey,
Professor, You gave me in 82 here,
but I got 40 on this section and 52 on that section. I think it's a 92 where this 82 come from? Obviously, I I added. Wrong. Obviously you're going to get justice. You're furious right now.
You're not gonna let that go? Next week, you're gonna come to look, and I said OK, you're right. I guess I'm really sorry. Boom. You get justice.
But if you just think Hey, what did you think? Look at this great answer that I gave.
You know, I wrote 10 pages of this stuff is really great. What's going on. And then I say, I'll talk to you next week and you go home and you think about it. You think? Well, it really waas He did say answer briefly. And I did write 10 pages. And the truth is, I really didn't know the answer. And well,
let's let that go. The anger goes down fact to enter, and you think more clearly.
So look, cybersecurity, folks,
I think our maybe even a little prone to this one a little bit. Um
because again, for a lot of us, there's a frustration that comes when something logical is not being followed. That that's what always gets me angry like. For me, the rub is always
I see something clearly and what do you an idiot? Don't you see this?
And when they don't, I want to get furious.
I've learned not to.
I've learned there's just these famous things. I remember Harry Truman had the buck stops here on his desk,
and I think Thomas Watson had the word think on his desk. In the middle of these different things that people put for me, it's don't make decisions when you're angry. Um, I don't have anything on my desk that says that, but I If I did, it's what it would say.
So so that's an important one. I hope you internalize that. For those of you have a problem with that,
that's a big one. Let's do Number seven
now. This is a math problem. Let's start with the 24 hours you have every day,
so your brain and is theoretically engaged for 24 hours a day, be probably gonna sleep about eight of those
and those of you who sleep less than eight hours don't brag about that. If you if you're somebody, goes Hey, I get by and 34 hours a day, then you're working sub optimally. I don't care who you are, but whether you're a president or a
or ah golfer or a baseball player or a CEO or whatever. If you're saying you get by in three hours a day,
then that's not something to brag about. But let's say you get
24 minus eight. Lived here 16 hours.
You're probably gonna eat a little bit too. Maybe two hours. It's 14 hours.
Then you may have some things you'd like to do that, or leisure to three hours. That's about 11 left, maybe working to nine hours and nine. So you basically have two hours per day that you can think about stuff. Okay,
if you if you're thinking, equals stewing on conflict,
then you are wasting some of the most important hours of your life.
So let's let's go over that again.
You gotta eat work, go to meetings, commute all this *** you're doing and yeah, commute could be thought time to is for May.
But there's only going to be a couple hours a day where you're not busy and you can think of stuff
I've learned and I'm getting something I learned from my dad.
you should make these do two things.
Schedule time with yourself
to use the think
that that that that real estate in your brain
for a couple of hours
to solve a problem, to fix something, to come up with something new, like I a lot of times all park in midtown Manhattan and walked into my office on Fulton Street. That's a long walk sound and 1/2. But I'll do that because I may have something that I want to figure out.
I like there's something I don't know. I've been asked to do Ah, report on blah, blah, blah five g security for this or that. I know. I know what that is
and all. Sarah, tomorrow I'm gonna drive in Park,
and for an hour and 1/2
I'm gonna solve that problem of little pad with me as I walked in my backpack on, maybe get a coffee and then walk hour and 1/2 walk, and by the time I'm getting down through Tribeca,
I've got it, and I've sketch something out, and I used my brain time to do something cool, not stewing and being angry and playing through the fight and figuring out what you'll say when you fight and how dare they do this and
come on, man. If that's what you're doing,
you're wasting so much time. I've had a lot of managers work for me over the years who sit down with me for, like, quarterly reviews.
And I want to talk about positive things. All they want to talk about is some injustice. All this bu I can never get them. Thio Thio, listen to our awareness Burger. What's going on here? Why would they do it? It's bothering me. It's It's such and such over there who just doesn't like our program. You know, they were trying to go after us. They won't want Bible. And you're thinking
Is this what you think about all day? Really? Are you stealing on that complex?
You know? Hey, why don't we turn the temperature down here? Why don't you think it's something positive? Go break bread legal. These early things they have some empathy. May be a reason for that. Recognize that your wisdom comes from that conflicts and take advantage of it. Maybe go reboot with that organization much. Go over there and rip up a piece of paper. Symbolically,
you know what?
Maybe it makes sense to go over and learn what they're about. Figure blah, blah, blah, bubble stuff we talked about.
But if you're the kind of person who stews on conflict
and just keeps chewing it in your brain and regurgitating it and then re swallowing it, I'm using these disgusting terms because that's what's doing on conflict is
if you do that,
you're gonna ruin your career. With that, I guarantee you nobody gets ahead because of anger and resentment. And yes, I know that there's some spectacular examples of something that appears to be getting ahead. But that's on my definition. Getting getting ahead means
having a mission, something you believe in that makes the world better, and then being able to act on that. If what you're doing is not making things better, you're wasting your time. And that's why cybersecurity is kind of cool, right, because we get to engage
these habits. We have
to mess around with computers and networks, reading here from crests and somebody who loves tech.
So she gets to do that. But she also knows that we're not just selling coconuts here, right? We're doing stump something to help
infrastructure and make communication better. Make the world better looking a Corona virus, and we can all still keep working. Why is that? Because we do computing. We know how to connect people. If this Corona virus and hit 30 years ago, we wouldn't be having this conversation, there's no zoom or anything like that. Then Sai Buri was just a
a little gleam in somebody's future mind
So? So we should be proud of that. But the point is
to stop the festering. If that's a habit, you have cut it out.
Let's do our last one before we get to our discussion with Chris, and this is the triangulation argument. You don't know what triangulation means. That means sort of bouncing things around without being direct.
Like if you're that person
who gets a message to someone you know to resolve a conflict by talking to someone,
then I remember when my daughters were in seventh and eighth grade messages were always sent through triangulation,
you know, originally notes. Now it's texts and social media.
So if you're 1/7 grade, you know, boys do it to boy or girl.
Then you know what triangulation is. But If you're grown up managing a team and dealing with important cybersecurity issues, then give me a break.
You know, go back and look and seeing if you're doing this. If there's a lot of go betweens when you're trying to deal with
some kind of conflict, let's say an auditor is giving you a hack about something and you're sending a message to one manager to tell the audit engagement manager to tell the auditor this thing and then get the results and they pass. It plays telephone tag.
Why she's got in the next meeting. There's nothing wrong with that.
Go there early. Meet everyone, Thank them for doing this great audit. Say we've got an issue here and here's what I think. Rather than pass it down through three levels and triangulating over, I thought I'd just come by and here's what's on my mind. What were you thinking for this?
Let's But the message that sends and how that is such a breath of fresh air for people who like me
are not very good at that triangulation. Somebody tells me something. I was managed to get it mixed up and mess stop hate
when someone a manager asked me to do it because I know that I'm not a very reliable relay of of of information. So
So this roulade, I think, is something I like. I like finishing on this with
this idea that be direct. You gonna if you're gonna engaged and go directly to just do it directly with the source, and I think you'll find out that it will give you some useful results. So these air the rules and topics that kind of help us through gonna go back here to the first page shares we engage Chris.
Um, that's it. There's 12 angry men. That's the picture. There has been re found that here is a good movie, if you haven't seen it. And it's about Here's ah, Jack Clubman. Who? What was in the odd couple that's so funny seeing him so serious there, but yeah, so take a look. Take a look at this Meet The movie is very good.
Now let's see. Chris, can you hear me? OK,
I can hear you. Oh, that's good. Thanks for hanging in there for 45 minutes, as I've you know, got going off. But now it's about you much more interested in hearing about you. First, I want you If you'd be OK. Just tell folks a little bit about your background and a little bit about your work at, uh,
at hyper second. Then I know you got a
couple of cool stories that you're gonna share, but first, tell us a little bit about yourself.
Well, I deal a lot with conflict, and my main areas are actually dealing with many different countries. Trading blocs,
militaries, Uh, you name it, uh, dealing with cyber warfare, which is basically, ah, way that technology can now kind of kill people in a conflict manner. And, um,
not, I would say the easiest thing to deal with when you're dealing with different countries, law enforcement and so forth. But you have to try to find a resolution and solve that puzzle to move forward and sometimes as quickly as possible. But, uh,
I like some of your points, you know, go to the direct source, for example,
because in certain situations you cannot afford your message or any other messages to be garbled.
So, yes. Have you seen that triangulation, right when people are afraid to go and they tell this person to tell that person you feel like I feel like I'm back in sixth grade here, right? Yes, yes. I'm Solyndra usually, because people are afraid to take conflict head on, right? I mean, that's the reason to do it.
You just don't want to deal with it.
So you can, in some sense, you just create the make things worse.
no, absolutely. Now tell us that you always have some interesting stuff. I know you're both a prolific technologist and also author, but there's another couple things you wanted to show its here. A couple of your juicy of your stories.
Well, I'm going to describe to, uh, short but kind of juicy stories.
One of them is In 2014 the Royal Embassy of Saudi Arabia was hacked by an insider with diplomatic immunity and tied in with a terrorist group and a nation state. So it was lots of fun.
Not really, but really, really on. And, um, there were certain reasons why I was chosen to be the liaison for the government of Saudi Arabia to deal with the matter as well as your the technical investigations
and one of those reasons was I had built trust within the country and within my company, part of the Saudi Aramco family,
and they knew that they could trust May. They also, uh, knew that I was able to talk to the precise level that I needed to talk. Teoh. So one of the ways that you can get people to understand what you need them to understand is try to look at it
both from their perspective,
remember their culture, especially in a multi national organization
and also used terminology that they're used to.
Um, describing a packet capture
to an executive is not going toe work, but they actually do understand the term exploitation
because it's also a business term.
So keep those things in mind. But also one thing to remember is, um, build that trust before an incident happens, because incidents happen
plain and simple.
And with that, when you build trust, you also can foster. But I call leadership champions. So people who can quote unquote vouch for you and also people that you can go to for advice if you are in an area that you're not used to,
and people like it when,
uh, you asked them advice.
And that really does foster a good deal of trust
and breaks through quite a bit of barriers.
So when the embassy was unfortunately hacked
because of a password of Remember this, folks don't use this password. 123456
Um, this was obviously not a great thing Toe happen. Well, they left zero out. So that yes, a little bit. Exactly. Exactly. Now, you know, at the same time, when you go into something like this,
you also have to remember that you can't just be in a kind of aggressive manner going.
What do you mean? Your password was this? I mean, this is an embassy. Come on. Ah, you have to be assed diplomatic as possible and explain the risks in situations in a way that is not at the cereal.
And you would be very, very careful with that
because, yes, some things went wrong, but at the same time, these types of things happen.
Ah, lot, uh, anyone could do something like that. Anyone can leave. Ah, default. Password up and forget to change it. Someone on the technical side can reactivate what's called the any any rule on a firewall by mistake.
Whether it's you, your team, 1/3 party who does something like that,
mistakes and things happen.
So try your very best not to chastise, because it's just going to cause more issues in a conflict situation. And that's what incidents are.
e also have to remember that many of us work for multinationals, and depending on what your company and organization does, you have to study a little bit about the geopolitics involved the cultures involved.
And remember that when you are trying Teoh
speak to other people. And also I liked what you were saying of, you know,
try to learn their perspective, try to kind of step in their shoes and remember that everyone's a human being at the end of the day when they go home, they may or may not have families. They have their own lives
Now, at the same time, since we're dealing with cybersecurity and we're dealing with, uh,
for instance, if you work for the government or you work for a big multinational that has a lot of steak in the market because of ah, certain cybersecurity incidents, this could actually lead to loss of life or limb. So you have to keep that in mind if that happens to be the situation.
The situation with the embassy.
We had threats against National Landmark and the Netherlands in The Hague, which was supposed to be those city of Peace, and the terrorist group was starting to kill over 400 people if we didn't pay up on. And so you have to, for instance,
um, negotiate and resolve certain things. Now imagine if this is a cyber crime syndicate who has locked down all of your intellectual property and your organization is about to go to market or to get investors and they've got, you know, by the throat. You have to figure out a way.
Teoh. Try to find a resolution to the conflict.
So you have to be very aware of that because obviously everyone in an incident is going to have their own agenda, and you definitely need to learn what that agenda is
and figure out how to solve that puzzle
and get through it not in an aggressive way, but in a way that is very conducive to communication.
You know, Chris, it's funny, your razor really interesting scenario here, and that's that.
A lot of the examples I gave were kind of organisational ones. But if you're the
the hired consultant,
that adds a whole new dimension, doesn't it? Because now it's your customer,
and it takes a lot of guts to show conflict with a customer. You know, maybe they're paying a a lot of money. They might have some really strange approach to something. What do you do if you're in a consultant engagement
and you really feel like something's not right and you feel like there's conflict?
Is there a special way? You do it as a consultant versus Like If I was working for you, I'd sit Then we're both in same organization. It's a Christmas. I have an issue. We talk it through, we work together. But if if you had hired me
and you're paying me to do something, it feels like that's a weirder scenario. Have had a consultant's deal with this problem.
Well, one of the ways is think about how the outcome of the situation will affect your, um, higher ability back as a consultant. And also remember that many companies will hire a consultant to deal with conflict because suddenly this is more of an independent party,
and so you don't get wrapped up in some of the politics
and bureaucracy that might be in that organization. So to me, it actually gives me a lot of leverage because of that.
And another point is because consultants are typically paid a bit better than a person or an employee inside an organization.
Not always, but not always. But I liken it to the difference between a $12 bottle of wine in $100 bottle of wine where the taste difference might not be that much.
But people are going to go, Ah, look at that $100 bottle of wine and they're going to want it more. So there's actually some very good advantages to being that outside party.
Interesting. What? What are some other stories? And you always have some Interesting.
I won't ask you how you got involved with Saudi Arabia, but well, actually, they called me out of the blue after their hit by the world's most devastating cyber warfare attack, when the Iranians launched ah wiper malware against them and wiped out 85% of the Windows based uh,
systems list, Shamoon up Yeah, yeah. Now I've been getting more and more into trying to solve a lot of questions about cyberwarfare because there is currently no internationally defined
meaning behind that word.
You know, some countries think it's one thing some countries things. It's another I have been to seeing the chat about, You know, if I could answer certain questions about China in the USA with some of her stalemate when it comes Teoh some of these cyber attacks
Now, Um, in one particular occasion, I was helping Teoh plan and run the European Union and NATO cyber warfare exercises in Brussels and what that involved was, we get all of these member countries and NATO and also countries that don't belong
to these organizations yet.
But they have observer status,
and we gave them some very realistic scenarios,
one of which was we called it dead canary. And four reason was finally a cyber warfare attack, hit critical infrastructure and took out things like the signaling on the London Underground train during rush hour
and the trains collided, killing many, many people, hurting many, many people.
We're trying to get these countries in groups. Teoh come to a consensus on what the actions would be
and what we noticed. And I think this is also very good for conflict is if we put everyone together, they could not come to a consensus. But if we broke them up into groups,
then those smaller groups could actually come to a consensus. And then overall,
the groups could then come to a much better consensus.
There was only 11 outlier Ah, where they actually, uh decided that they were going to consider launching a nuclear weapon in the upper atmosphere of the attack in country. But that was a bit of an outlier.
But learning from that, uh,
it's one of the things that I'll be talking about. I was asked to speak in a closed session to the permanent members states of the United Nations and certain U. N missions on the second of July to represent the private sector on this particular topic of what to do
If there's a cyber malicious attack against critical infrastructure on what the joint response should pay,
and it's going to be a very interesting dialogue, you tell what you gonna tell. Well, I'm going to use Ah, good deal of the research and experience I've accumulated.
And I've been working on a side project with the European Union Union in the United States on the joint response that both of our trading blocs
should actually take if either or becomes subject Teoh something that involves loss of life or limb for cyberwarfare because it can affect both economies so much.
So I'll be trying to dispel some of the myths. But at the same time, I tried to get people to talk
and try to get a common understanding as best possible.
I hope they run that on C SPAN that be something I would certainly watch. That's my favorite thing for what It is a question here that I'm going to send you away from on on drab asking about
when you're part of a team. You think, Chris, in your experience, if you're in a team,
do you think it's the role responsibility, the leader to self conflict? That should work? Or should it be one of these things where you know Mom and Dad say to the kids, Hey, go, go work it out amongst yourselves. What what's been your experience with that?
I think it's been mixed, depending on the situation where sometimes you have to talk to the team members
and get them to try to understand the other person's perspective. Let them think about it. Don't let them fester. Come back the next day after a bit of sleep and really think about things. And in most cases, that works really well, basically direction
trying to direct the conversation. Sometimes, of course, you do have to be the leader that and decide ultimately what's going on. And unfortunately, there's not always super happy endings where everybody is happy.
But at the same time, if you act like the leader that you want to be, then many people will understand that they might
actually not be aware of the bigger picture and why certain decisions were made.
I think that's good advice, and you know, we're at the top of the hour here, but I want to make sure I give a little plug here for those of you haven't read any books. Bike. Chris Quebec. I hope you go on, Chris. I'm assuming Amazon so everybody buys just right. I think if they just type your name and I love Euros in book, I think that's a really good one,
but I hope you guys will take some time to go off.
Buy a copy one of Christmas books. And maybe if you see Chris on C SPAN two at three in the morning, you'll be glad that you
read one of her very fine books. Chris, I want to thank you for sharing your stories in your advice a little bit about yourself. With the group here. It's very much appreciated.
Well, thank you very much at night. And on behalf of the whole group here and with the cyber team, I want to thank everybody for joining. And this is Session two of six.
So hopefully you've enjoyed it and hopefully we'll see you on our next session. Um, I think it's a week from now, so everyone stay healthy and stay safe and we'll talk to you in about a week.