RSI Security recently hosted our first Executive Development Series webinar, Consciousness of Cyber defense, on July 12, 2024. Our founder and managing director, John Shin, developed the concept for the event in collaboration with Vistage, a leading executive coaching organization that serves over 45,000 executives across the world. He started the event by explaining the crucial importance of human awareness of security concepts at the top of organizations.
Shin also provided an overview of the format for this first module and the overarching structure for the follow-up sessions, encouraging interactivity and audience participation throughout.
The Fundamentals of Awareness Security
After introductions, Shin explained how this first installment would focus on higher-order concepts related to awareness—rather than nitty-gritty technical aspects. The entire series is about building and using awareness to approach cybersecurity issues holistically. In doing so, executives are learning to use the Vistage decision model. Decisions power a cycle of instincts informing judgment, judgment broadening perspective, and perspective adding to instincts.
Ultimately, the biggest decisions executives have to make will revolve around ensuring awareness amongst leaders, implementing awareness principles, and right-sizing budgets.
With those principles in mind, Shin established that the majority of the first session would focus on intentionality. This begins with understanding energy and capacity, along with how to connect to one’s self and to others. The ultimate payoff is mastery in any pursuit—including cybersecurity.
The Human Capacity for Development
Shin introduced a figure from a recent comprehensive psychological study on the way humans experience happiness over the course of their lives. What the graph shows is that happiness begins to drop precipitously around age 15, and it continues to fall until around age 53.
The reasons for this phenomenon have to do with the creep of outside influences clouding individuals’ understanding of who they are and who they want to be. These begin to show up in adolescence, and they have a profound impact throughout most peoples’ 20s, 30s, and 40s.
However, something interesting happens at around 53. People begin to look back on their lives and realize how much they’ve been impacted by externalities. And, with the experience they’ve gained, they are generally ready to start fighting back unwanted influences and self-actualizing.
Shin explained that adult development often falls into one of two kinds:
- Horizontal development: more knowledge and skill (acquired learning)
- Vertical development: more complex perspective (adaptive learning)
Breaking out of plateaus and hitting that upward trajectory on schedule (or earlier) is about balancing horizontal acquirement with leaps and bounds of vertical, adaptive learning.
A second inflection point in the graph is at age 66, when people are at a crossroads.
At or around retirement age, people can choose to go back to their downward trajectory of happiness through external influence or to leverage their crystalized intelligence to help future generations. Those who choose the latter will see an indefinite increase of happiness.
The Importance of Consciousness and Intentionality
In the next part of the presentation, Shin played a short video for the audience in which Neil DeGresse Tyson explained that human beings’ connection to the galaxy goes two ways. We are made out of the universe, but the universe is also made out of us—we are both big and small.
One audience member offered a particularly interesting response. He remarked that we—in our personal and professional lives—always need to be conscious of all that led us to where we are.
When another audience member asked what any of this had to do with cyber defense, Shin noted that it matters because most problems in security are, at base, human problems.
The Transformational Journey of Deliberate Practice
Shin then led the audience through an activity where they repeatedly drew a circle, aiming to make it as perfect as possible. Both audience members and Shin himself shared their results, whether on paper or digitally. It quickly became evident that these circles were far from perfect, including Shin’s.
But the lesson in this zen practice is that of the mastery cycle. Progressing through human development is not about linear developments, or straight lines from point A to point B.
Instead, it’s a cycle of:
John then asked the audience to reflect on times in their lives when they’ve applied a similar kind of technique. One attendee noted that this cycle and openness to trying are especially crucial when working with emerging technologies like AI. Another attendee mentioned that such adaptability is inevitable at certain moments in both our professional and personal lives. For example, moving to a new company or city often requires this kind of flexibility.
Ultimately, developing as an executive means developing as a human. We need to continuously try new things, assess our attempts, and be strategic about what the next try—or six—will be.
The Human Core of Security—And All—Issues
Shin then led the group into another interactive practice. In smaller breakout rooms, groups of participants were encouraged to share with each other where they worked and in what capacity, what their favorite thing about their responsibilities is, and what their least favorite thing is.
Answers varied widely, but there was convergence among the unfavorable elements. Many participants agreed that adapting to rapid, unexpected change was what they liked least.
Shin noted that, surprisingly, a recent survey of cybersecurity executives revealed their least favorite aspect of their responsibilities was working with humans on human issues. This reluctance to address these issues holistically contributes to a plateau in development. As a result, happiness, productivity, and overall well-being can fade away over the course of a career.
And it’s exactly what this workshop and series were designed to combat.
The Four Approaches to Development
Approaching the end of the workshop, Shin sketched out a handful of models that people fall into as they develop interests, skills, and sensibilities in their personal and professional lives.
The three most common models break down as follows:
- The Dabbler’s Approach –
-
-
- Tremendous early enthusiasm with a sudden loss
- Rationalization of not pursuing the interest
- A constant search for the next thing
-
- The Obsessive’s Approach –
-
-
- Desire to accelerate learning, leading to burnout
- Robust early progress and non-acceptance of a plateau
- Hurt from an inevitable fall
-
- The Hacker’s Approach –
-
- Early ability to “get the hang of it”
- Willingness to plateau indefinitely
- Stagnation in doing just enough to get by
Ultimately, none of these approaches lead to the kind of productive, vertical, adaptive development that leaders need in cybersecurity and in all matters of business.
However, one approach does lead to steadfast development over time:
- The Master’s Approach –
- Diligent, studied practice and reflection
- Embracing plateaus along with growth
The end goal of these workshops is to understand and embody the master’s approach through diligent, intentional practice. Shin remarked that the mantra “practice makes perfect” is not necessarily true. Practice needs to be targeted and mastery-cycle focused to work.
Looking Ahead: Practical Applications of Awareness
Wrapping up, Shin asked audience members to reflect on when they embody each of these approaches in their own lives. The same attendee who had initially questioned the relevance of this humanistic inquiry answered with a powerful insight. He said that he approaches a handful of things as a master (i.e., his trade), but is also a tinkerer or hacker at others (interests, etc.).
Shin built on this, noting that an important part of security awareness is understanding that these approaches are not who we are. These are choices we make, and the more intentionally and consciously we make them, the better we position ourselves and our firms for success.
Future installments of the series will explore the practical applications of this human approach. They will begin with a focus on cultivating broad awareness and then move on to specific cyber defense strategies.
We encourage you to view the webinar via our event page or on Youtube, and to sign up for future editions of the series here. To learn more about how RSI Security can help your organization take a holistic, human approach to cyber defense, get in touch today!