Sunday Musings Memento Mori Cyber Ddb
Happy Sunday Friend!
Welcome back to another musing! I’m glad you’re here. Here are your Sunday Musings, a quick dose of what I’m exploring and thinking about. If you find it useful, please feel free to forward this along to friends!
Quote I’m Musing
“Have I done something for the common good? Then I share in the benefits.”
-Marcus Aurelius
The past few weeks have been a whole new endeavor for me in the interviewing/job market. I’m the person on the other side of the camera who is asking questions, looking thoughtful, and evaluating applicant after applicant.
I’ve interviewed, assessed, and “tried-out” for many positions and jobs over the last 40 or so years. Some I got what I wanted, some I got what I needed, many (many, many) I missed the mark and fell short. I’d be lying if I said I learned from every single one. I either never caught the introspection lesson from my mentors and teachers, or I never received it; I certainly don’t remember that lesson until my late thirties. I spend a lot of time reflecting on and inspecting my thoughts and experiences nowadays.
Being a good interviewer is hard. Much, much more difficult than I expected it to be. I mean, I’m in the power seat, right? I’m the gatekeeper, the final word…right?
When we interview, we are actively reading the person across from us or on the camera, or on the phone. We tailor our questions to the role we’re asking them to take on. Are the skills they’ve professed on paper demonstrable through a 30 minute to 1-hour session? Do they express the traits they’ve listed? How does this person communicate their thoughts? How do they answer the question they expected when asked in a different way? Does their personality come through, and is it compatible with the culture and dynamics of the organization?
I’m not only advocating for my organization, but I’m also deliberately supporting or altering the culture with every person I bring in. I’m altering the perception of our organization every time I describe us to someone, every time I tell someone we aren’t a good fit for each other at this moment in time.
Most importantly, we aren’t for evaluating a position, we’re evaluating a person. As soon as I began reading through provided resumes, letters, and some evaluations, I realized how much more important the role is.
It is intimidating. I owe each person more attention, research, understanding, and empathy than I ever understood was necessary.
I thought about my interviews, and how I felt. Awkward, excited, intimidated, unsure, anxious.
I tried to remember the people I interviewed with. Most of the standouts were the negatives. I felt lied to, let down, and dismissed. I remembered my assessment into a special mission unit; I had all the same feelings until the end. A panel of people picked me apart, then told me where I was weak, where I was strong. It felt good to get honest, legitimate feedback and helped me understand myself a bit better (this is also in my thirties, so maybe that helped also).
How can I ensure I’m not part of the problem, complicit in perpetuating the negative cycle? Moreso, how to not waste time arguing what a good man should be, but as Marcus Aurelius says, “Be One”.
In my interviews I vowed to do what I wish I had gotten when I was younger. Do my best to be Socratic in my questioning, guiding the interviewee along a path of discovery. Discovery about the organization, and a bit about themselves. I try to have a discussion more than a transaction. We talk about their outlook on their past organizations, what they know about my organization. I then fill in the blanks and we discuss their thoughts and what questions they have about the organization with a better understanding. We talk about how they handle specific situations, what their friends and colleagues think of them. What they think of themselves and what they’re doing to better themselves; what mentorship they’ve experienced. I continually ask them for questions.
Towards the end, I provide immediate and direct feedback on my perceptions of the interview, their strengths and where they can improve. I also give them as many resources and support as I can for any improvements I can recommend. And I seek their feedback and perceptions.
In about three weeks, I’ll only be able to bring on about 1 out of every 15 people I interact with. I am genuinely loving the broadening experience of learning this new facet (for me) in leadership. They aren’t making it easy. The (largely) young people I’m interviewing are immensely smart, professional, and diverse in thought. They’re all amazing in the areas they’ve specialized in.
One big thing I’ve learned is that it’s not about whether you’re qualified for the job, it’s whether the job and you are the best fit for each other at this snapshot in time. If you weren’t well qualified, you wouldn’t get an interview. So, ask for feedback; ask things like, where is your organization at in its systems and processes? What type of person are you looking for today and how has that changed since the beginning? How do you see the role changing, if at all, over the next few years? It’s something I didn’t realize I knew and needed to understand until this chapter.
As leaders, we should be helping others learn to better themselves and do things themselves. When those behind us improve through our efforts, we will reap the benefits of their expedited improvements.
Everything on the Internet Isn’t True: The Dance of Disinformation.
If you’re reading this, you’re likely no stranger to rumors and speculations swirling around like an overcaffeinated tornado in a gossip factory. Recently, a rumor caught the attention of both the cybersecurity community and the wider public, focusing on the Signal encrypted messaging app and a supposed vulnerability that could be easily exploited by hackers. It's an opportune moment to unpack this tale and explore how it fits into the larger narrative of phishing, disinformation campaigns, and the potential manipulation of populations.
As Mark Twain said, "A lie can travel halfway around the world while the truth is still putting on its shoes." Today, this seems like “while the truth is still sleeping”, thanks to the omnipresence of social media and digital communication. It's simple for anyone with an internet connection to post a claim on X, watch it reposted and reshared thousands of times, becoming a trending topic of the day.
The rapidity of information sharing is a double-edged sword. On one hand, it empowers people to share and amplify critical voices. On the other, it provides fertile soil for unfounded rumors and speculations to flourish. In this case, the Signal app rumor quickly went viral. I even got a couple “heads-up” messages from friends and colleagues.
The alleged vulnerability in Signal was connected to the "Generate Link Previews" feature. However, upon closer inspection, this connection seemed unlikely. Here's the short of it: Signal generates link previews before sending the link to the recipient, not after. Therefore, disabling "link previews" in Signal, as suggested in the erroneous warnings posted on social media, only prevents the creation of link previews on your own device. You can still receive them from others.
It should be natural to respond to such rumors with skepticism. After all, an encrypted messaging app like Signal is the choice of privacy-conscious folks who want to keep their communications secret. So, when claims emerge about vulnerabilities, it's reasonable to ask for more details or credible sources to substantiate these allegations.
Many individuals did indeed raise valid questions about the rumored vulnerability. They requested more information or sources that could confirm the issue. It's a reasonable and logical request in any security discussion. But they were met with deflection.
Those who questioned the rumors were often met with a smokescreen of evasive responses. Some were told the vulnerability came from a "trusted source," while others got vague references to unnamed individuals within the U.S. government. It's a classic tactic in the world of misinformation – the intimation of a credible source without concrete evidence.
Essentially, there were no verifiable details of a zero-day vulnerability in Signal.
Signal itself stepped in with an X post stating that it had seen no evidence of the alleged vulnerability. They went a step further and noted that it had checked with individuals within the U.S. government, given that the initial claim cited the U.S. government as a source. Lo and behold, those government contacts had no information confirming the claim. Signal's President, Meredith Whittaker, even chimed in, noting that the vague and viral nature of the report resembled a disinformation campaign.
Now, you might be wondering, what's the big deal? So, a rumor started, some people questioned it, and Signal debunked it.
The business of cybersecurity is a tricky place, narratives can be weaponized, and rumors used to manipulate. Even though this particular rumor turned out to be baseless, it's a stark reminder that misinformation campaigns are alive and well. While the rumor itself may not have posed a real threat to Signal’s users, the suggestion of vulnerabilities created doubts and eroded trust, especially among privacy-conscious users.
In turn, this creates opportunities for our malign actors, underscoring the interconnected nature of phishing, disinformation campaigns, and the potential manipulation of populations. Let's break it down:
Phishing: Phishing attacks often rely on creating a sense of urgency or fear. False claims about vulnerabilities or threats in widely used platforms are an effective way to lure victims into clicking malicious links or providing sensitive information.
Disinformation: Seeds of Doubt: Disinformation campaigns spread false narratives, often exploiting hot-button issues or fears. The Signal rumor was an example of how easily disinformation can spread, leading people to question the security of a trusted platform.
Manipulation: The endgame of these activities is to manipulate and control populations. By sowing doubt, creating confusion, and eroding trust, bad actors can influence public opinion, behaviors, business valuation, and potentially political outcomes.
Just because a rumor is debunked doesn't mean it's now harmless. Phishing attacks, disinformation campaigns, and manipulation of narratives are persistent threats, dangerous to the uninformed.
The Signal rumor serves as a cautionary tale where misinformation can spread at warp speed. It's a reminder that, in the age of digital communication, we all have a part to play in combating the spread of false narratives. Stay vigilant, stay curious, and do your research. It remains the responsibility of every citizen (and netizen) to be informed, guard against ignorance; else we lose our autonomy.
I’d Love Your Feedback!
Which musing is your favorite? What else do you want to see or what should I eliminate? Any other suggestions? Just send a tweet to @erichaupt on Twitter and put #SundayMusings at the end so I can find it. Or, eric@erichaupt.com for long form email.
Have a wonderful week, I’ll see you Sunday.
-e
End of transmission.