Pythia Cyber is uniquely focused on the behavioral and organizational conditions that determine whether cybersecurity investments produce cybersecurity outcomes. We focus on cybersecurity talent at the engineer, manager, and leader levels, and on the culture and talent strategy that surround them. Brendan refers to this as TAU : the systems, processes, and talent implementation strategies that create cybersecurity. You can't hire your way to better cybersecurity if your systems, processes, and talent implementation strategies are inadequate and misaligned. You can't organize your way to cybersecurity through systems and processes that are under-executed by less-talented personnel, managers who can't connect with their teams and stakeholders, or leaders who can't lead. You need talent and you need a talent strategy. And you need the people running cybersecurity to be "bilingual." Cybersecurity leaders are translators by necessity. They face downward into the t...

(p.s. programming note: We're doing the April 2026 Litany of the Hacked today to make room for a multi-part special series starting Monday. Come back next week for our three-part series!) Do April cyber-attack showers bring May cybersecurity flowers? Better hope so! The litany of the hacked is our listing for each known/reported hack in the previous month. The point of the litany is not shame but awareness-raising that, well, these sorts of things happen. And so, the litany of the hacked for April 2026. Our litany this month reflects...I think the word is hubris (or  hýbris ) , to be classical: the  über -hacker-program, Mythos, the One AI To Rule Them All, was -- hacked! “We’re investigating a report claiming unauthorised access to Claude Mythos Preview through one of our third-party vendor environments,” said Anthropic . One implication is that nothing is entirely safe when people start getting involved . Another, to be a little more cheerful, is that the AI arms race to AGI...

At Pythia Cyber we combine behavioral science with classic cybersecurity because bad behavior so often beats good technology. As part of our behavioral science toolkit we have three different talent assessments: one for Cybersecurity Engineers, one for Cybersecurity Managers and one for Cybersecurity Leaders. A common misconception is that these three assessments are beginner, intermediate and advanced assessments. This misconception is rooted in the widely embraced fantasy of promotion as a reward for performance. In this fantasy all careers have the same trajectory: get a job, work hard, move up the ladder until you cannot rise any further. This fantasy is based on the fallacy that the core talents underlying success are the same at each stage of one's career, or that most people happen to have all three sets of talents. Both of these are fallacies: it is a rare person indeed who can succeed at all levels of the organization. Such a person is a unicorn. Don't count on unicorn...

The phrase "don't bother me with details" refers to a particularly annoying dynamic between the cybersecurity people and others. The short version is that saying "don't give me the details" is often not the clever avoidance of wasted time that one might think. The long version is in  this post . This post is part of series about how culture can hamper the delivery of cybersecurity, but it is also about which talents you need to succeed in this field. At Pythia Cyber we add behavior science to classic cybersecurity engineering to take effectiveness to the next level. We lean heavily on our proprietary assessments which allow us to add awareness of  talent  to the question of who you should hire, which employees should be in which roles and how that talent should be developed. Today's example of how cybersecurity people can feel caught between a rock and hard place is why we try to balance a talent for enforcing rules against a talent for finding reasonabl...

Yesterday Ted posted about how to consider talent as you develop your employees. Today we will look at Pythia Cyber's emphasis on talent as well as experience and credentials from a different perspective: what makes cybersecurity different from most of the rest of IT. More "why" than "how." I am not the only one who has noticed an alarming tendency in business (American business at least) to reward effort instead of achievement. When I started managing information technologists--either developers or operations personnel--I was stunned to start to have "I spent X hours/days/weeks on this" as an excuse for new technology or new configurations not working properly. This was a problem for me because part of the reason I was drawn to information technology was the glorious black-and-white nature of it all: it either worked or it didn't. The new one was either better or it wasn't. Upgrades were either smaller and faster and more reliable or they we...

Not many of us -- probably none of us -- are as gifted as Mozart was as a composer and keyboardist. One of my favorite Mozart facts is that in a 13-month stretch spanning 1773 to 1774, beginning when he was 17, he composed nine full symphonies. He also produced string quartets, keyboard sonatas, divertimenti, and other works in the same period. The talent was obvious. The productivity was extraordinary. And yet even Mozart needed a job. The document pictured above is a state-sponsored retainer issued in 1787. It acknowledges Mozart’s talent, reputation, and prior success as justification for paying him an annual stipend to compose as needed. In other words, even extraordinary talent required both demonstrated output and a sponsor powerful enough to recognize its value. That is still how careers work. First, you have to get very good at your craft. Then you have to produce, collaborate, and create evidence that others can see. But even that is not always enough. You also need leaders...