Posts

Cybersecurity Burnout

Image
Recently I have seen mentions in different outlets of the problem of burnout in an alarming number of cybersecurity programs. The Wall Street Journal had such a piece in which a number of CISOs complained that the programs they oversee are understaffed and what staff they have are burning out under the weight of the ever-growing deluge of cyber attacks of various kinds. The problem described in the piece resonated with me. The tone and thrust of the CISO's complaints did not. Before I talk about the problems to which I think I have useful input I want to outline the problem to which I think I do not have useful input: the burnout problem. I keep seeing the following dynamic in cybersecurity groups: there is a surge of cyber attacks and mission-driven employees that we are, the cybersecurity folks respond by working more hours to deal with these particular crises. But the surge turns into the new normal, so while we wait for the cavalry to arrive, we fall into working late on weekni...
Post a Comment
Read more

BS: Has Bhushan Sethi Called Out The Leaders In Your Organization -- Or You?

Image
Ah, Bhushan is back out on the speaking circuit. (Does the man have a day job?) His latest Substack post focuses on BS, which, just to set it straight now, he admits are his initials. Not that Bhushan Sethi doesn't focus on Bhushan Sethi. His target in the post is organizational BS. And that does not refer to buffalo sunning. The nub of Bhushan's post is about remarks on the future of work by Jamie Dimon , CEO of JPMorgan Chase Bank, made at the Davos meeting this year (video here ). His topics ranged from the impact of AI on organizations as well as no-nonsense leadership. Apparently these remarks affected Bhushan more than he initially thought they might, as they resounded in his February presentation  that I attended as well as this post in March.  Here are Dimon's themes as Bhushan has processed them: *Operationalizing "the cost of honesty" (Bhushan's term) as what you're going to pay as a leader to get honesty in the AI age. Bhushan summarized the Di...
Post a Comment
Read more

March Mastery

Image
Our executive coach guru, Scott Eblin, is at it again. In his latest post, "From March Madness to March Mastery: A Leader’s Guide to Managing Energy When the Pressure is On," Scott discusses how the concept of "March Madness" -- the single-elimination basketball tournaments that lead to crowing the best collegiate teams in the US -- can be seen by leaders as a means to create better teams. Scott calls it "March Mastery." He starts by discussing how March is the month where it finally, actually feels like we're done with winter -- for example, the winter of '25-'26 was the third-snowiest on record in the Boston area -- and now the year can blossom. He continues (quoting at length): Here’s what I’ve learned in 25 years of coaching executives: the leaders who navigate March successfully aren’t the ones who grind the hardest. They’re the ones who manage their energy – personal, team, and organizational – intentionally so that they can lead for both...
Post a Comment
Read more

Yes, You May Hire People Who Don't Do Well On The Pre-Employment Assessment -- But Is That Wise?

Image
Our focus at Pythia Cyber is behavioral cybersecurity. That means we bring the best in behavioral science and organizational behavior practice to the realm of cybersecurity. We recently wrote about what it means to make the shift to a talent-based culture.  Starting out as a talent-based culture has several components, but one of the most obvious pathways is through assessing new employees for talent. As part of our mission, we have developed three assessments of cybersecurity talent -- front-line, manager, leader -- for the purpose of assessing talents related to effective cybersecurity performance. Talent assessment is entirely a 'normal course of business' in the behavioral science and organizational behavior realms. An organization that tests for talent has to become used to saying 'no' to candidates that it used to hire. There's nothing wrong with those people. But they lack the new talent that is required to be successful. A normal human response on the part o...
Post a Comment
Read more

Win By Making The Transition To A Talent-Based Culture

Image
Our focus at Pythia Cyber is behavioral cybersecurity. We bring the best in behavioral science and organizational behavior practice to the realm of cybersecurity. As part of the mission, we have developed three assessments of cybersecurity talent -- front-line, manager, leader -- for the purpose of assessing talents related to effective cybersecurity performance. Talent assessment is entirely a 'normal course of business' in the behavioral science and organizational behavior realms. Using a pre-hire assessment process means that you will find that some people have talent, maybe a lot of it, to be effective in these roles. There will also be people who score low on these assessments. Cybersecurity is a technologist domain. Talent assessment is a behavioral science domain. These are different domains, and that creates a need to create dialog and bridges between the two domains to capitalize on the synergy to be gained through their overlap.  First let's ask why we wish to cre...
Post a Comment
Read more

Talent Acquisition & Upskilling: Upskilling

Image
This is the fourth of four related articles. The others are here: one  |  two  |  three  | four. Pythia Cyber was formed to seek a very particular Holy Grail: improving cybersecurity by combining behavioral science with information technology. It was clear to us that human behavior plays a huge role in cybersecurity failures and therefore deserves a large percentage of the time, energy and focus that the technology gets. Changing individual habits is hard. Changing organizational culture is exponentially harder. One effective way to change culture is through hiring. The problem is that hiring can be effective in either degrading or upgrading your culture, which is why hiring is so fraught. The problem isn't just hiring though: new people need to be integrated into your team and then kept engaged. Internally, we call these three phases Find, Manage and Retain but we bow to convention and call them externally "Talent Acquisition & Upskilling" (TAU for short). ...
Post a Comment
Read more

Talent Acquisition & Upskilling: Manage

Image
This is the third of four related articles. The others are here: one  |  two  |  t hree |  four . Pythia Cyber was formed to seek a very particular Holy Grail: improving cybersecurity by combining behavioral science with information technology. It was clear to us that human behavior plays a huge role in cybersecurity failures and therefore deserves a large percentage of the time, energy and focus that the technology gets. Changing individual habits is hard. Changing organizational culture is exponentially harder. One effective way to change culture is through hiring. The problem is that hiring can be effective in either degrading or upgrading your culture, which is why hiring is so fraught. The problem isn't just hiring though: new people need to be integrated into your team and then kept engaged. Internally, we call these three phases Find, Manage and Retain but we bow to convention and call them externally "Talent Acquisition & Upskilling" (TAU for sh...
Post a Comment
Read more