Posts

Talent Acquisition & Upskilling: Acquisition

Image
This is the second of four related articles. The others are here: one two three four. Pythia Cyber was formed to seek a very particular Holy Grail: improving cybersecurity by combining behavioral science with information technology. It was clear to us that human behavior plays a huge role in cybersecurity failures and therefore deserves a large percentage of the time, energy and focus that the technology gets. Changing individual habits is hard. Changing organizational culture is exponentially harder. One effective way to change culture is through hiring. The problem is that hiring can be effective in either degrading or upgrading your culture, which is why hiring is so fraught. The problem isn't just hiring though: new people need to be integrated into your team and then kept engaged. Internally, we call these three phases Find, Manage and Retain but we bow to convention and call them externally "Talent Acquisition & Upskilling" (TAU for short). In other words, we ...
Post a Comment
Read more

Talent Acquisition & Upskilling

Image
This is the first of four related articles. The others   The others are here: one  two three four. . Pythia Cyber was formed to seek a very particular Holy Grail: improving cybersecurity by combining behavioral science with information technology. It was clear to us that human behavior plays a huge role in cybersecurity failures and therefore deserves a large percentage of the time, energy and focus that the technology gets. Alas, aside from scolding users about clicking on links in emails (which is sadly an important function these days) we see precious little attention being paid to human behavior in the typical corporate cybersecurity program. We know this because we have looked: we have trained an AI to analyze public statements about cybersecurity to see what management claims to focus on. We can see why it is tempting to assume that by "human behavior" we mean "those naive users who don't understand the threat environment." I too prefer to assume that I...
Post a Comment
Read more

The Pursuit Itself Is Excellence

Image
Many people in developed countries, particularly in the US, feel they have a right (of sorts) to being happy. Or at the very least they feel they should be happy. Even when someone tells you that you have a right "to the pursuit of happiness" it feels like it's all upside. Over at The Growth Equation, Steve and Brad are there to tell you differently. Brad, author of the best-seller The Way of Excellence , and Steve's new blog post is "Struggle, joy, and the meaning of life." They particularly focused on Olympic Gold medalist Alysa Liu. Their next post was about Olympic Gold medalist Connor Hellebuyck. Both are must-reads. Their analysis of Liu, which is entirely consistent with their other wiring, centers on the 'the totality of the journey.' Here is how they put it: Alysa Liu worked hard, struggled, and sacrificed. She endured monster training sessions. She put in thousands of hours. She fell on ice more times than you could imagine. Anyone who tell...
Post a Comment
Read more

Talent v. Talent

Image
Sometimes you can look at the same object and see different things. We recently had a discussion about what we do at Pythia Cyber when we assess talent. The issue is that the recruiting and HR worlds have appropriated the term "talent" to mean "applicants with qualifications we like." As in, "We're looking for top talent!"  At that level, "talent" is an honorific much like "ma'am" or "sir" or "your majesty." Let's get a few disclaimers out now. Referring to potential new hires, who are after all people like you and me, as "talent" or "talented" is a huge improvement over referring to them as "human resources." And if an accompanying emphasis on -- let's say it together -- RECRUITING as opposed to putting out a help wanted sign comes with it, bravo. Where did this come from? As usual the people at McKinsey started it. We first learned of the " War for Talent " in...
Post a Comment
Read more

Litany Of The Hacked: February 2026 Wrap-Up

Image
Ah, the Month That Was was busy as a bee in the world of cyberattacks! So it's time for -- the litany of the hacked! The litany of the hacked is our listing for each known/reported hack in the previous month. The point of the litany is not shame but awareness-raising that, well, these sorts of things happen. And so, the litany of the hacked for February 2026, which includes some big-time targets, entire cities,  tribal entities, and nation-state actors. Those hackers were out like drones! The litany now includes: Wynn Resorts...PayPal...Car Gurus...University of Mississippi Medical Center...the Arapaho and Cheyenne tribes...FortiGate...DeFi...Panera Bread...Russian missile guidance systems...Tulsa International Airport...the dead convicted sex offender Jeffrey Epstein's estate's accounts (he put passwords in his emails)...City of New Britain, CT... This write-up by Ross Young  regarding the Wynn Resorts hack by ShinyHunters is worth repeating in full: Bonus 'Hoorays!...
Post a Comment
Read more

Bonus Public Service Announcement: This Time It's Real

Image
With today's military events in the Middle East, cyberspace is going to be heating up for the foreseeable future. Here is a blog post from Cynthia Kaiser at LinkedIn and a link to Halcyon's blog . Ask us how you can keep your people motivated. (image credit: BogTar201213, CC BY-SA 4.0 <https://creativecommons.org/licenses/by-sa/4.0>, via Wikimedia Commons)
Post a Comment
Read more

CISO: Do The People On Your Team Trust You As A Leader?

Image
People should trust you, right? I mean, you're trustworthy, aren't you? Sometimes leading is like magic. Magic acts are about misdirection of attention. Get people focused on one thing, which is key to trust, then pull off a trick they weren't expecting -- magic! Military leaders know this well: it's "the suck," as in, the troops are all maneuvering in the mud and it sucks but the key to leading wet muddy troops is to direct their attention to being in it together -- and presto, the effect is like magic! You can't be a magician without being trustworthy. If people didn't believe you they wouldn't put their attention in your hands. If wet muddy troops didn't feel you were all in it together they would focus on themselves. What's your CISO magic trick? How do you capture the attention of your team so that they are willing to follow along because what you do seems like magic? My friend Steve Hunt thinks a lot about leadership. Over on his Subs...
Post a Comment
Read more