Cybersecurity & Sexual Harassment

Once upon a time, sexual harassment in the workplace was all too common. But through the diligent application of training and slide shows this scourge was vanquished and now we all enjoy the reasonable certainty that our jobs are free of it.

That is the story we tell ourselves, but alas! this story is not really true. There is hope for real improvement, but that improvement rarely comes from corporate training. In fact, sometimes corporate training makes things worse.

And yet, when cybersecurity became the crisis of the moment, we reached for the same tools that did not work to change behavior in the past. Why? Because familiarity breeds content among management even as it breed contempt among rank-and-file workers. Managers are accustomed to these tools and unaccustomed to considering effectiveness over compliance. Workers are used to having their time and patience squandered in this kind of training. It all just seems, well, boring but normal.

Pythia Cyber is often asked to justify our indifference to the time-honored self-directed on-line class culminating in a certification test, the weeklong offsite sessions in sterile rooms with instructors and slide shows, the annual refresher course of whatever stripe. Here is our problem with them all in a nutshell: they are conditioning when what you need is learning.

Conditioning is the building and strengthening of the stimulus / response cycle. Conditioning is just the ticket for situations which require little or no deliberation. See the ball, hit the ball. Hear the fire alarm, leave the building. Green light = go. Red light = stop. Properly behaved pets are conditioned. Athletes are conditioned to mindlessly handle aspects of their sport. Conditioned responses are reliable, rapid and inflexible. Fire drills are about reliable and rapid responses. Hitting a baseball requires a split-second decision followed by mindless reflex. Conditioning helps you execute a specific action reliably and rapidly. Compliance with the letter of the law can be achieved by conditioning.

Learning is the acquisition of new knowledge or skills. Learning is idiosyncratic and individual. Learning is required when you need not only to know something, but to apply that something to determine an action. Learning enables you to adapt and learn more. Commitment to the spirit of the law can be achieved by learning.

So it is with sexual harassment: conditioning can help you stop calling women "Honey" but education can help you start thinking of women as colleagues first and female second.

So it is with cybersecurity threats: conditioning can help you stop clicking on links in emails but education can help you start thinking of any kind of notification as a possible forgery.

Compliance with immediately out of date and over-simplified cybersecurity rules is a consolation prize: it is better than nothing. Commitment to cybersecurity is mindful technology use and it makes you safer.

Corporate training is OK, we guess. But we feel that you can do better. We know we can help you do better.