On April 1st of this year, I received 2 emails in my inbox from an apparent “hacker” who was bragging about the fact that he or she had taken over my email, my Amazon account and one of my bank accounts. In the following weeks, and despite immediate cancellation all my credit and bank cards, the hacker made several purchases and money transfers totaling over $2000.
In my venting, I went on to ask him why cybersecurity could not prevent this. From the OPM breach to Equifax, Target, Capital One, and countless others, is there anyone who does not have my “confidential” information? Who is protecting my information? What exactly are cyber professionals doing? What decisions are they making? What guarantees and assurances are they providing?
Along with a little victim-blaming by my friend (e.g., how easy was your password), he said the cause of my distress had very little to do with the alleged protection provided by the cybersecurity professionals at Amazon or my bank. He said that cyber professionals were not responsible for my “bad luck”.
Where is accountability in the cyber world? Who were the accountable parties when I was hacked? Who exercised the control, and decision-making power that resulted in a major disruption in my life?
What artwork are cyber professionals creating? Where are they accountable?
I was livid, and do you know who I partially blamed? My friend who is a cybersecurity specialist. My question to him was, “Why are you here?! Of what use is cybersecurity if I'm going through this!"
Along with a little victim-blaming by my friend (e.g., how easy was your password), he said the cause of my distress had very little to do with the alleged protection provided by the cybersecurity professionals at Amazon or my bank. He said that cyber professionals were not responsible for my “bad luck”.
He was right...and wrong.
As horrible as this experience was, I learned something from it. First, I learned that there was no one to blame, but there was an awful lot of accountability to go around.
According to 'moi' (me), Accountability is an innate characteristic and basic human skill. It's being answerable for our actions. Just as we're born with the innate desire and ability to explore, create, play, and relate, we're born with the desire and ability to be answerable (accountable) for our decisions and actions.
As horrible as this experience was, I learned something from it. First, I learned that there was no one to blame, but there was an awful lot of accountability to go around.
What is Accountability?
Accountability also has a very important and seamless relationship with control and decision-making. Where ever you find one, you'll find the other two. Think of the last time you made a purchase or the last time you ate something. In both cases, you made the decision, you had the control, and you were (and continue to be) answerable for that decision and action...and the subsequent result.
Accountability is power. Decision-making is power. Control is power.
Who doesn't want to have power? Who doesn't want to be accountable?
NOTE: Now, of course, we do not live in a vacuum and every decision is a "systemic" decision meaning a lot of other things come together to enable our decisions but let's keep it simple and consciously ignore those other parts for now.
We constantly exercise and express our desire to be accountable/answerable. We do this by making decisions. Every decision is a demonstration of our power.
Let me quickly address a business term..." holding others accountable". That's balderdash!! We cannot hold another person accountable. We can only recognize, acknowledge, and respect and encourage another's right to be answerable for their decisions and actions.
Where is accountability in the cyber world? Who were the accountable parties when I was hacked? Who exercised the control, and decision-making power that resulted in a major disruption in my life?
Typically we say, "follow the money", but here the saying is "follow the decision".
Accountability as a Cybersecurity Strategy
NOTE: In value engineering, 'Why?' is the same question as 'How?'. "Why" is just a very abstract "how". You can view a F.A.S.T diagram (above) to see this in action.
I’m convinced that Cyber professionals (me included) don't feel accountable for their role in security because they don’t understand the "why" behind what they are doing --which compromises the confidence they have in doing it.
Accountability as a Cybersecurity Strategy
According to some research, we make about 35,000 remotely conscious decisions per day. This means we flex our power thousands of times per day. We answer the impulse to be answerable all day long.
NOTE: I speak in my "life without a witness" YouTube channel about decisions. You can see one of those videos here https://www.youtube.com/watch?v=MBQIsUiOaeY
Simon Sinek is a speaker and author known for his book "Find Your Why". His book is about finding your purpose and using that as a "North Star" for your decisions and actions. "Why" is a big deal. It's important here because "why" (as an adverb) means "an accounting". "Why" is the answer or the reason behind a present situation. If you can find the "why" you find the root...the cause.
However, "why" is not just about knowing the cause, it's about experiencing the cause, which makes accountability easier to see and exercise.
For example, I joined the Army in 1993. My basic training was in Fort Leonard Wood, Missouri. One part of the training that I will never forget was my Nuclear, Biological, Chemical (NBC) training. My drill sergeants told us why we should use our gas masks and we practiced how to use them. The training did not end there. We had to experience the “why” not just hear it.
What I discovered was that the "why" was not the gas mask, the why was the tear gas. We had to go through the gas chamber to experience an environment filled with tear gas, with and without the mask. It was a miserable environment without the mask!!
NBC training was not just about learning how to fit and clear our mask, the training was to help us develop confidence in our equipment. I know WHY I should practice and perfect the use of my NBC mask. Because they work! I know that NBC masks work because I tried it in an environment where it was needed. I believe in the NBC mask! I had confidence in my equipment and in my ability to use it correctly.
I'm accountable when it comes to using (or not using) my mask in situations that call for its use.
I’m convinced that Cyber professionals (me included) don't feel accountable for their role in security because they don’t understand the "why" behind what they are doing --which compromises the confidence they have in doing it.
My NBC equipment would still work without me experiencing the "why", but my confidence in my ability to use it when and where needed would be on very shaky ground as would my control, decision-making and accountability.
Finally, cyber professionals who can exercise accountability would focus on creating value, not solely on satisfying customer needs. The work they do would be “person-centered” …regardless of the organizational structure or strategy. Value creation happens when needs are satisfied AND the trade off to achieve satisfaction is acceptable.
Value creation starts with the cyber professional. What value have you created for yourself? Then you can ask what value have you created for the organization
Now What?
The ancient Greek word for art also happens to be the root word for technology. That word is techne, which (like the Latin art) means skill or technique. Technology, in this sense, is not separate from art.
Now What?
The ancient Greek word for art also happens to be the root word for technology. That word is techne, which (like the Latin art) means skill or technique. Technology, in this sense, is not separate from art.
Artistic technique is what goes into creating or using technology. Artists are accountable for their work. Their art is an expression of themselves.
The hacker that contacted me was seeking recognition for his/her artwork.
What artwork are cyber professionals creating? Where are they accountable?
Comments
Post a Comment