The Cyb3rSyn Kaleidoscope - Episode 2

The "Ding an sich"

Author

Laksh Raghavan
August 24, 2024

We are going to cover a diverse set of topics in the 2nd edition of the Cyb3rSyn Kaleidoscopeโ€ฆ Letโ€™s dive in.

Table of Contents

The zero-sum game of security vs productivity!

Travis McPeak (Co-founder and CEO of Resourcely) posted about what he called as the โ€œsecurity poverty lineโ€:

โ

This means their security teams are underwater because of budget, political capital, executive support, or other factors.

Iโ€™m sympathetic to where Travis is coming from and to be honest Iโ€™ve also heard this from so many different cybersecurity professionals (even in โ€œcash-cowโ€ Silicon Valley firms) over the yearsโ€ฆ

Hereโ€™s is my take:

We as an industry know โ€œWHATโ€ to do to solve security problems. For example, we know that FIDO keys are effective for mitigating phishing attacks.

But, the real challenge is not the โ€œWHATโ€ but the โ€œHOWโ€.

How do I get it implemented and rolled out in MY organization - with all of our โ€œlegacyโ€ apps, โ€œproprietaryโ€ frameworks, budget โ€œconstraintsโ€, prioritization conflicts, etc.

You see, there are no security problems in any organization!

For example, if the CISO of a company says that Vulnerability Mgmt. is broken in an organization, thatโ€™s just the perspective from the cybersecurity organization.

When you start peeling the proverbial onion, youโ€™ll notice that whatโ€™s really โ€œbrokenโ€ (or non-existent) is one or more of the following: Asset Mgmt. (Inventory), Config Mgmt., OS Image Mgmt., Automation, etc. in a complex web of interdependencies with so many other variables like budget, profit, promotions, headcount, etc.

Typically, thereโ€™d be many leaders individually chasing their own local efficiencies without any insight into global effectiveness and the long-term implications.

Security vs Productivity!

Security vs Innovation!

Security vs Velocity!

They play many such zero-sum gamesโ€ฆ

In a way, leadership is about achieving seemingly opposing or paradoxical goals.

But such problems are only abstractions - they exist only inside our heads.

You see, we canโ€™t fix software security in isolation without fixing the underlying software development practices.

And that in turn depends on many things but a powerful factor is the underlying management systems in place.

Changing those management systems canโ€™t happen without the existing leaders changing their minds, unlearning and relearning new ways of working.

The โ€œ๐˜‹๐‘–๐˜ฏ๐‘” ๐‘Ž๐˜ฏ ๐˜ด๐‘–๐˜คโ„Žโ€

In Kantian philosophy, the Ding an sich (German for โ€œthing-in-itselfโ€) is the status of objects as they are, independent of representation and observation. It was met with controversy among later philosophers.

Can there be any observation without an observer? How can one discount the role of the observer?

Letโ€™s consider the โ€œphysical realityโ€ we all knowโ€ฆ Colors and sounds donโ€™t really exist in the universe. Colors only exist inside our brains - thatโ€™s how your brain perceives photons of various frequencies.

Whether you are inside your home or office or out on a mountain, the entire โ€œrealityโ€ your see is constructed by your brain. Sounds are just vibrations of air molecules.

Your qualia is yours and my qualia is mine - there is no way to independently prove that the way I perceive skyโ€™s blue color is the same as you do.

Now, letโ€™s consider โ€œsocial realityโ€. John Cutler (Iโ€™m a subscriber to his newsletter - highly recommend it!) recently made a very insightful post about a seductive trap that many leaders fall for in a corporate setting. He rightly says:

One of the most seductive traps in management/leadership is the idea that there is one "reality" that, once discovered, will unlock progress.

Yes, there are facts, but ten people looking at those facts will have different interpretations. Those interpretations guide actions and relationships.

In the social realm, what is truly missing is a pluralistic/multi-perspective approach. Systems Thinking can help hereโ€ฆ As the systems thinker C. West Churchman put it,

โ

The systems approach begins when first you see the world through the eyes of another.

But, here is the irony. Even the institutions/consultants that claim to teach Systems Thinking, actually end up teaching Systems Dynamics and Causal Loop Diagrams (CLD) which are not very pertinent here.

Instead of CLD, youโ€™d be better off learning about Strategic Options Development and Analysis (SODA) which uses interview and cognitive mapping to capture multiple perspectives of an issue. The implications of Second Order Cybernetics is still underrated in the mainstream. More about that in a future postโ€ฆ

Let me end this section with a pertinent quote from Heinz von Foerster

โ

๐˜ ๐˜ด๐˜ฆ๐˜ฆ ๐˜ต๐˜ฉ๐˜ฆ ๐˜ฏ๐˜ฐ๐˜ต๐˜ช๐˜ฐ๐˜ฏ ๐˜ฐ๐˜ง ๐˜ข๐˜ฏ ๐˜ฐ๐˜ฃ๐˜ด๐˜ฆ๐˜ณ๐˜ท๐˜ฆ๐˜ณ-๐˜ช๐˜ฏ๐˜ฅ๐˜ฆ๐˜ฑ๐˜ฆ๐˜ฏ๐˜ฅ๐˜ฆ๐˜ฏ๐˜ต โ€œ๐˜–๐˜ถ๐˜ต ๐˜›๐˜ฉ๐˜ฆ๐˜ณ๐˜ฆโ€, ๐˜ฐ๐˜ง โ€œ๐˜›๐˜ฉ๐˜ฆ ๐˜™๐˜ฆ๐˜ข๐˜ญ๐˜ช๐˜ต๐˜บโ€ ๐˜ง๐˜ข๐˜ฅ๐˜ช๐˜ฏ๐˜จ ๐˜ข๐˜ธ๐˜ข๐˜บ ๐˜ท๐˜ฆ๐˜ณ๐˜บ ๐˜ฎ๐˜ถ๐˜ค๐˜ฉ ๐˜ญ๐˜ช๐˜ฌ๐˜ฆ ๐˜ฐ๐˜ต๐˜ฉ๐˜ฆ๐˜ณ ๐˜ฆ๐˜ณ๐˜ด๐˜ต๐˜ธ๐˜ฉ๐˜ช๐˜ญ๐˜ฆ ๐˜ฏ๐˜ฐ๐˜ต๐˜ช๐˜ฐ๐˜ฏ๐˜ด, โ€œ๐˜ต๐˜ฉ๐˜ฆ ๐˜ฑ๐˜ฉ๐˜ฐ๐˜ญ๐˜ฐ๐˜จ๐˜ช๐˜ด๐˜ต๐˜ฐ๐˜ฏโ€, โ€œ๐˜ต๐˜ฉ๐˜ฆ ๐˜ช๐˜ฎ๐˜ฑ๐˜ฐ๐˜ฏ๐˜ฅ๐˜ฆ๐˜ณ๐˜ข๐˜ฃ๐˜ญ๐˜ฆ ๐˜ค๐˜ข๐˜ญ๐˜ฐ๐˜ณ๐˜ช๐˜ค ๐˜ง๐˜ญ๐˜ถ๐˜ช๐˜ฅโ€, โ€œ๐˜ต๐˜ฉ๐˜ฆ ๐˜ฅ๐˜ช๐˜ฏ๐˜จ-๐˜ข๐˜ฏ-๐˜ด๐˜ช๐˜ค๐˜ฉโ€, โ€œ๐˜ต๐˜ฉ๐˜ฆ ๐˜ฆ๐˜ต๐˜ฉ๐˜ฆ๐˜ณโ€, ๐˜ฆ๐˜ต๐˜ค., ๐˜ธ๐˜ฉ๐˜ฐ๐˜ด๐˜ฆ ๐˜ฏ๐˜ข๐˜ฎ๐˜ฆ๐˜ด ๐˜ฎ๐˜ข๐˜บ ๐˜ฃ๐˜ฆ ๐˜ณ๐˜ฆ๐˜ฎ๐˜ฆ๐˜ฎ๐˜ฃ๐˜ฆ๐˜ณ๐˜ฆ๐˜ฅ, ๐˜ฃ๐˜ถ๐˜ต ๐˜ธ๐˜ฉ๐˜ฐ๐˜ด๐˜ฆ ๐˜ฎ๐˜ฆ๐˜ข๐˜ฏ๐˜ช๐˜ฏ๐˜จ๐˜ด ๐˜ฉ๐˜ข๐˜ท๐˜ฆ ๐˜ฃ๐˜ฆ๐˜ฆ๐˜ฏ ๐˜ญ๐˜ฐ๐˜ด๐˜ต.

Cyb3rsyn Newsletter: Preferences

One more new feature update to the subscribers of the Cyb3rSyn newsletter!

If you are logged in as a subscriber you can set your preferences now. On the โ€œManage Subscriptionsโ€ page, you can now easily update your preferences. The brand-new preference center allows you to:

  • Change you email address

  • Edit your name

  • Review previous receipts

  • Downgrade or unsubscribe

  • Update your preferences

Iโ€™m curious to learn more about your persona so that I can customize content appropriately. Of course, you can always hit reply to the newsletter email and send me a note directly.

Subscribe to "I'm Serious" to read the rest.

Explore and experiment with multidisciplinary ideas from the frontier and escape the mainstream!

Already a paying subscriber? Sign In.

A subscription gets you:

  • โ€ข ๐Ÿ‘ฉโ€๐Ÿ’ป Online access to the premium content archive!
  • โ€ข ๐Ÿคฉ Unlock ability to interact with Comments, Surveys, etc.
  • โ€ข ๐Ÿ’ก Multidisciplinary insights for passionate human-centric ๐—ฒ๐—ป๐˜๐—ฟ๐—ฒ๐—ฝ๐—ฟ๐—ฒ๐—ป๐—ฒ๐˜‚๐—ฟ๐˜€!
  • โ€ข ๐Ÿ’ธ Survive-and-thrive guidance for post-ZIRP era ๐—บ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—ฟ๐˜€!
  • โ€ข ๐ŸŽ‰ A new way to think and lead organizations for "systems" aware ๐ž๐ฑ๐ž๐œ๐ฎ๐ญ๐ข๐ฏ๐ž๐ฌ!

Reply

or to participate.