Cyber Savvy
A successful cyber-attack has taken your company off-line. The FBI and CISA have been contacted. What now? As you know, if this hasn’t already impacted your business (either directly or indirectly), it will.
How can you make yourself a harder target, mitigating against cyber-attacks? What does all the terminology mean and why does it matter? What happens if an attack is successful?
Join DTC, Inc. as we outline, in a straight-forward manner, many of the issues surrounding cyber security which directly impact business owners. Our Cyber Savvy podcast episodes feature Mike Shelah as he brings in a new guest each month.
New episodes will be posted twice a month on the first and last Thursday, make sure to follow and subscribe wherever you listen to your podcasts, so you don't miss new content!
We would love to hear from you! Please send us your comments and questions to: AskUs@DTCtoday.com
Cyber Savvy
Just Culture Continuation ft. Pablo Breuer and Monica Smith
This episode of Cyber Savvy, we are continuing our talk about Just Culture and it not only applies to the workplace, but everyday life as well.
Our newest guest Pablo Breuer is a highly accomplished and decorated cyber security and information technology executive with unmatched global expertise and exemplary performance in the areas of innovation, cyber security, and vulnerability assessment. Polished speaker, team leader, and trusted advisor to executives. Recognized as a technology and policy subject matter expert at the highest levels of private industry, the United States military, and the federal government.
Guest Monica Smith is DTC's CFO (Chief Flourishing Officer) and founded The Clear Mind Project. It is a movement on a mission to bring the science of resilience and positive psychology to addiction and relationship recovery - bridging the gap between illness and well-being.
Andrew Rose (our host) began a cybersecurity awareness program in 2016 while at a major agricultural bank after recognizing that the ag sector wasn’t getting the attention it needed about the risks posed by cybercriminals and other adversaries. He helped coordinate several symposiums and events focusing on the topic. He is now an independent contractor and volunteers his time to bringing cybersecurity awareness, education, mitigation, and response to the ag and food supply chain (and other special projects). His focus is on mitigating emerging threats. In addition to his experience in cybersecurity, he has a deep understanding of banking/finance, risk management, and other professional service sectors related to food, agriculture, and climate.
Want to hear more? Past episodes are all posted, including on YouTube! Follow and subscribe on your favorite podcast app to ensure you don’t miss out on the conversation!
Want to hear more? Past episodes are all posted, including on YouTube! Follow and subscribe on your favorite podcast app to ensure you don’t miss out on the conversation!
[00:00:06 Andrew Rose]
Welcome to cyber savvy. This podcast was created by DTC to bring awareness, mitigation and response to cybersecurity threats companies and organizations face daily. Be prepared. Be cyber savvy.
All right. Good afternoon from Maryland. I'm Andrew Rose, the host of the Cyber Savvy podcast. Being a host means I get a front row seat to some of the most fascinating conversations around cyber security and risk management. My co-host, Mike Urbanik of R.K. Tongue represents the risk management portion of the conversation, but today he's somewhere near the end of his vacation.
Soon as he gets back from wherever that is, we'll plug him in and you'll hear his voice as well. Most importantly though, if you're a dentist or know a dentist in the Mid-Atlantic area who is looking for a reliable and responsive IT provider, go to DTC today.com for some more information. We would love to hear from you. A lot of you know that the cyber attacks occur, at least in the headlines, because updates and patches weren't applied, but the real trend is towards these AI enabled social engineered attacks.
On our last podcast, DTC Chief Flourishing Officer Monica Smith discussed Just Culture with the other Andrew Rose. They describe what it looks like from an organizational perspective, but also philosophically and practically. Today I've invited Pablo Breuer into the conversation, and he's a leading voice in the blunting of misinformation. And with that, I'd like to introduce our guest today.
And Monica, biggest question is, please tell us, what does a chief flourishing officer do?
[00:01:43 Monica Smith]
That's a great question. I'm still working on that myself, but I can kind of just speak to the way that I think of it, and the way that we think of it here at DTC is truly based on the definition of flourishing, which I think I mentioned on the last episode. I'll mention, again, healthy, vigorous growth, particularly as a result of a favorable environment.
So what that means to us here at DTC is healthy, meaning a focus on employee well-being as a core part of what we try to do and how we approach everything. Vigorous growth, meaning developing, creating a learning culture, a culture that is all about growth mindset and really embeds learning and development in everything we do and makes it part of our rhythm.
And then, favorable environment speaks to the culture. So we want to create an environment that supports that continuous growth and development. I think it does relate to some of the just culture we talked about in terms of creating an environment where it's safe to make mistakes and speak up about them, to learn and grow together. So those are- that's sort of the core foundation.
And we have lots of projects and initiatives and work streams that flow from that definition.
[00:02:44 Andrew Rose]
Well, DTC is incredibly fortunate to have you as part of their team. Side note I've worked with you on other projects and I am absolutely blown away. And I think there's probably many more stages that you'll be standing on your life to share your messaging.
[00:02:57 Monica Smith]
Thank you
[00:02:59 Andrew Rose]
so Pablo, for all the work you've done to protect our nation against our adversaries.
I'm assuming they're going to name a street after you somewhere, or at least a cul de sac. Can you tell us a little about your background and some of the contributions that you've made to protecting our country and the things that you can talk about, and maybe talk a little about the Disarm Foundation and why it exists?
[00:03:18 Pablo Breuer]
Sure, I'd be happy to do that. So I spent 22 years as a commissioned officer for United States Navy, working in what we now call cyber.
Didn't have a name when I was picked up for the community back in 2001, I spent a lot of time at Fort Meade doing things there. I did some teaching at the Naval Postgraduate School and then retired as the Innovation officer out of the U.S. Special Operations Command.
And while I was there, one of the things I was tasked with doing was educating the command on things that represented asymmetric threats to the nation.
And so in 2017, we held a one day event at our facility called Softworks for Disinformation and Deepfakes. And we brought in experts literally from all over the world, from Australia and Europe.
And we were pretty depressed about the state of affairs, that this was a big problem that nobody was working on. So my dear friend Sarah Jane Terp and I said, well, we've got some spare cycles, let's work on this.
And we started working on a taxonomy, an ontology, so that people of different communities could discuss disinformation and foreign malign influence operations using the same language, and so that we could communicate across communities.
That is called Disarm the Disinformation Analysis and Response Measures framework. It is a free and open source framework that can be found at Disarm.Foundation, and it's been accepted by the EU, NATO and US governments as the framework they use to share threat information on disinformation.
[00:04:47 Andrew Rose]
Well, that's probably the most humble I've ever heard your introductions, Pablo. Again, thank you for everything you've done for this country. I know much of it has been almost as a volunteer, completely as a volunteer. So outside of the service that you did to your country. Thank you for that too.
[00:05:00 Pablo Breuer]
No thank you.
[00:05:02 Andrew Rose]
Well, Monica, I mean, it's almost like you laid Homer's Odyssey on us with this last presentation in just culture. I mean, it was a master course, and I could see that being taught at MIT, based on what you shared there.
And it was such a brief period of time. And I know you and I know you've thought deeply about everything you said, everything you could have said and anything else that could be added or expanded upon.
So I'm going to turn the microphone over to you to fill in the blanks or expand upon any of those points that you raised in our last recording.
[00:05:29 Monica Smith]
Yeah. Thank you, I appreciate it. I mean, yes, Andrew, you know me well. So of course I have lots of thoughts. I will say I'm very fascinated to have this follow on with Pablo and kind of hear your perspective of how this connects with all the work that you've done.
I think one of the things that did come up, I was thinking about it more after our last discussion.
And, Andrew, you asked me a question that I answered in a roundabout way, but I wanted to come back to you. And it was sort of, why does this topic matter to our clients? Like, why should it matter? And in terms of whether it's the culture that a company's trying to build around this stuff, I made a list more eyes, more eyes on something.
Everybody's moving in the same direction. Everyone's clear what success looks like. So more eyes on the challenges together, more openness, I would say getting to the root cause.
So when there isn't this fear of speaking up, when there is safety to bring up tough issues, even if it is a personal mistake when that safety exists, I think teams can get to the root cause and be more solution focused more quickly.
So getting to the root cause means preventing future issues from repeating themselves quicker. Action. I mentioned really just a sense of hopefully assurance about integrity and humility. So one of the things I know we talk about here, we try to expand on integrity by saying it's not just doing the right thing, it's doing the right thing. Even when it's hard.
We can say that it's hard. We can say out loud that it is hard and we still have to address it. We still have to do it. We have to figure out a way to do it together. So again, another sort of inside joke we have around here is that we're not allowed to say why bother? Or any version of why bother?
We have to have the confidence that we can acknowledge together when something is hard, but then we have to sort of come together as a team and tackle it together.
So that was something I kind of wanted to circle back to, because it can be a lofty topic to your point, and sort of getting down to some of the specifics about why it does matter.
And then I guess one of the things we ended on, which I think would be, again, it's always great to expand on, which was what is our relationship with this comfort. That was a question, and I wanted to give some context around how that came to me, and it was really based on a conversation I had in the kitchen here at DTC.
So one of the things that we've started to do is we've incorporated culture questions in our interview process, again, to try to make sure we're bringing on people that are in alignment with our mission and with the culture. And a recent new joiner asked me in an interview, what does it take to be successful here? Which, first of all, I thought was an amazing question.
It's an awesome question to ask, and I was intrigued. So I started asking around some of our newer people, what do you think it takes to be successful here? And someone said the ability to be uncomfortable and it was like I had this light bulb moment was such a great answer. And I have to credit one of our team members for coming up with that.
So that was kind of inspiring to me to kind of ask that question. And it's made me think a lot about growing that ability to confront things that are uncomfortable, that are threatening, that we don't even have an answer for right away. Are we building that ability to confront that together? So I wanted to kind of add more context to that question.
I definitely could keep going, but I will pause for other questions and feedback.
[00:08:39 Andrew Rose]
But I think you're dead on. I mean, the topic of discomfort is something that I've been looking at for a while now and trying to do some more research on because I think we flee discomfort.
You know, we try to sconce ourselves and we call it efficiency or whatever that thing is that incremental, that another point nine in the 99 of whatever it is that we're shooting for, just fleeing that discomfort.
And when we do that, I mean, Monica, I get I'm just parroting what you're saying now, we're not addressing the root cause of these issues. So and yes, I think that should be a podcast all of its own. I don't know, maybe we can find a way to weave that thread through here. Maybe it was something that Pablo mentions as well.
But Pablo, I mean, this is your lane and I appreciate your joining us today here. There's so many questions I have for you about everything related to this, but as we're focused just on the just culture piece here, can you tell us kind of broadly how just culture can be used as a foundational tool against AI enabled social engineered attacks?
And also, what are some of the signs that someone should be aware of, that maybe they're being manipulated.
[00:09:37 Pablo Breuer]
Yeah. No. That's great. If you don't mind, I'm going to actually take that in reverse order. So what are the signs that you're being manipulated? If your instant reaction to seeing a post or seeing a video or seeing some sort of image is emotional as opposed to cognitive, you're being manipulated.
That's because the whole social media business works on engagement with the platform.
Right? And so you're rewarded by providing content that gets interaction you know likes dislikes, retweets, whatever. It doesn't matter what the social media platform. It's an attention driven economy.
And so that's when you really start to see the kind of outlandish headlines, the outlandish claims, the inflammatory things. It can also be like, there's a reason that kitten videos are still like the most popular thing on the internet, right?
But if your first instinct is to react emotionally, if you want to smash that like button or repost button or react angrily, you're being manipulated.
That's the first thing. And so you should start asking yourself, why am I being manipulated? Who's manipulating me? What is the intent of it? It might be that they just want you to buy a product.
You know, I'm an old guy, so I remember the old Coca Cola commercials with the catchy songs and everybody holding hand. Right. Advertisement is being manipulated. The difference between an influence operation or a psychological operation and advertisement is what's being sold in one.
I'm selling a product or service, and the other one I'm selling a belief. And so the difference is that when you're listening to traditional media, right, or when you're watching a movie or watching television, you know when things are advertisement in social media, you don't necessarily know when something is attempting to influence you.
So that's important. One of the interesting kind of things that has happened with the internet and with social media is when you look at the history of information technology, you go from parchment and quill to the Gutenberg press, from the Gutenberg press to the telegraph and the radio, from the telegraph and radio to television.
Right. Every one of those was about a small number of people being able to transmit more information more quickly to an ever increasing audience.
But even as late as the 90s, if you wanted to talk to a mass audience, right, you couldn't just show up to your local television station or your local radio station.
Go, well, I'd like to talk to the town. That didn't happen. And so what happened with social media is social media kind of completed the circle of information technology in that this was the first time that what was increased was not just the size of the receiving audience, but who could transmit.
And we've democratized that. So now anybody can transmit to a mass audience. And that's what's really fundamentally different now. And so you always end up in this discussion about First Amendment. And the proverbial argument is, well, you can't shout fire in a crowded theater. You absolutely can. You can hop in a crowded theater and you can shout, fire!
The difference is that if there's no fire, everybody knows who shouted, and you're going to be held accountable for your actions, right? That's not the case in the internet because we can't tie a person to an account.
And so the ongoing discussion that we need to have as a society is what's the right balance there. And so, you know, one of the trivial answers that I hear when I talk to students and other people about this as well, you know, what we should do is we should be able to tie a person to an account and that go, well, that's great.
What do we do with whistleblowers who need protection? What do we do with dissidents in dystopian governments that need to be able to speak publicly, but then have some form of anonymity and so there are no easy answers here.
There's really a balance of how do we hold people accountable for what they say, and how do we provide the appropriate level of protection, indemnity for the people that need that.
And so that's really the case. The other thing I'll address is, the difference between misinformation and disinformation. Disinformation is when there is an actual intent to deceive the person transmitting the message is intending to deceive the audience, and that can be by altering the content, or it can be by altering the context. Misinformation is kind of a victim.
A misinformation is when somebody sees a message, not realizing that they're being led astray, not realizing that it's disinformation, it's false.
They believe it to be true, and then they forward it. And the Soviets, back when they were the really bad guys, had this really ugly name for they call them useful idiots. But it's kind of descriptive in nature.
And so I want to be clear that when I'm talking about disinformation, right, I'm not talking about opinion. I'm not talking about editorializing.
I'm talking about things that are facts. And so you can take things that are facts, and you can twist them in such a way that they lead to the wrong impression. And if you do that with intent to deceive, that's really disinformation that has nothing to do with the pinion or right to free speech.
That's a different subject.
[00:14:49 Andrew Rose]
So it was a point of clarity then. Would information warfare and disinformation be the same thing? Is there a difference there between those two terms?
[00:14:58 Pablo Breuer]
That's a great one. information warfare is a larger overarching term, right? Canonically, I will tell you that my definition is a little bit more bombastic and possibly argumentative.
Right. So we talk about cyber warfare, right? Which for the sake of argument, let's talk about hacking. But what I would say is that the real effect of hacking a network is also an influence operation.
And the reason is that the end effect that I want operationally from hacking a computer is not on the computer itself. It's on the operator at the other end of that computer.
I want them to make decisions that are advantageous to me. I want them to take actions that are advantageous to me based upon information that they're looking at on their system that I've either altered, deleted, removed, hidden.
[00:15:50 Pablo Breuer]
And so really, there's still influence operations. I think what happens is that we tend to conflate them, and we want to categorize things so that, you know, there's a technical side and there's a social side. And the reality is that the technical side is there to affect the social side.
[00:16:07 Andrew Rose]
Agreed, agreed. So going back to the just culture is one of the inoculations against potential social engineer attacks, where you have a culture that really is it's fundamentally about safety and security of the organizational teams.
What are your thoughts on organizations that apply that the right way? Go through all the processes and protocols that are required, but have a functioning, just culture in place as a shield against the barrage of social engineer attacks that are coming and are already here?
[00:16:37 Pablo Breuer]
Sure. You know what? I'm going to be a raging American right now here and say that the way our democracy is supposed to work is a fantastic example of just culture, where we talk about civil discourse, we talk about having disagreements and how we solve problems and having different opinions. Right?
That contested political knowledge is what Bruce Schneier would call it.
We're talking about just culture. The way that Western law works is we don't predict when the train wreck is coming. We let the free market do what it does. And then there's an incident. There's an actual train wreck or some industry kind of does something because there's no regulation in place that says, okay, now we need regulation and we don't really blame individual people for that.
We go, okay, listen, this is the way that society set it up. So now let's fix the rules for society. So just culture really is how democracies work to solve problems. Well, we run afoul of that is when we get away from that. Right. And we start blaming the people. It's your fault that it's this way. No, no, no.
We as a society had some discussions. We as a society voted. We as a society elected leaders. We as a society passed laws. And those laws happen to not work out. But what you see now with Democrats blaming Republicans and Republicans blaming Democrats is not working right. That is just culture that doesn't work.
You are Congress. You were duly elected by the people of your state to represent the whole of American society.
And so we, the voters, are to blame for the lack of equity that's been carried out. How's that?
[00:18:13 Andrew Rose]
I think it was genius. But I also saw Monica unmute a couple times. I'm going to turn the mic over to you.
[00:18:18 Monica Smith]
Yeah. My brain. Well, I mean, I can't write notes fast enough for all the things going on in my brain. So thank you for sharing that.
I mean, I think I guess I'll work backwards forwards, but one of the things, Pablo, as you were sharing, some of the things that were coming up for me as I was listening, were I was trying to pull out, what are the skills then, that we need to be focusing on as organizations, as humans, across the board, based on kind of some of the threats that you were talking about.
And what was really jumping out at me was and again, this came up really loosely in our last podcast episode, but emotional intelligence, EQ over IQ, because really, I loved what you said. If your instant reaction is emotional, not cognitive, well, we know how important emotional intelligence is and yet I think it gets lost and we focus so much on the cognitive and the knowledge and the intelligence and all of that stuff.
And so Daniel Goldman's model of those four components self-awareness, self regulation hits right at what you're talking about. Do we have the self-awareness to notice?
How am I feeling right now when I see this thing or when I read this thing, what's going on in my body, what's going on in my emotions? And then can I regulate that enough to pause and really have that broader awareness to do something with that?
And then obviously the social awareness of what's going on with other people. And what do I do with that from a skills perspective too. So that was a big piece of what are the skills we need to be focused on.
And then also critical thinking, which sometimes I wonder if it's dying art. But all of the cognitive biases that we all as humans have, but in particular confirmation bias.
So you were talking about selling a belief. And we all know from a confirmation bias standpoint, when we have a particular belief that we're carrying around, we find evidence to confirm it, and we miss evidence that goes against it. Right? That's a natural part of the bias that again, from a critical thinking perspective, we need to be aware that we all have the tendency to do that negativity bias.
We have the tendency to weigh negative heavier than positive. This is partly how we're wired to survive. So so many things going off in terms of really can we narrow down the skills that will help us protect against some of these things?
And then what we're working against is our biology. Also, to your point that social media, we know it is absolutely feeding off of our natural biology and while technology is evolving, our original body operating systems are the same as if we were living in the wild.
And so it's really tapping into all of that wiring. So we can build skills to work with that.
But we need to be really intentional about it. I think. And so that was coming up. And then sort of on the latter part of some of the things you were saying, that famous quote, you know, we can't solve a problem with the same consciousness that created it, Division and blame, it doesn't matter where it's coming from.
It's the problem, not the solution. And as long as we're in that consciousness, we're never going to get to the solution. And that's again such a tie to this.
You mentioned it in a different, different way, but context over content. We're not going to get to solve the actual content if we're not paying attention to the context that we're operating in, which is like, we're all in this together, we have to focus on the bigger picture.
We have to see through the lens of how do we get to the solution together. We're all after the same thing. If that's not the context we're in, we'll fight over content for the rest of eternity. And I think that's where we get stuff.
I mean, we can get stuck in our families there. We can get stuck in the workplace there.
We certainly, I think, are stuck there as a culture right now. So really loved what you shared about that too.
[00:22:05 Pablo Breuer]
Well, thanks. If I could, I just want to riff off some of the things that you said as well. So you and Andrew started out by talking about discomfort. If you're not in some level of discomfort, you're not growing.
And that's true whether you're working out, whether you're a business, whether you're in government, if you're doing the same thing over and over, you're just not going to grow.
And so when we talk about cognitive effects, right, there's cognitive friction and cognitive dissonance. Cognitive friction is the amount of effort it takes for you to assimilate new information.
Cognitive friction is the amount of effort it takes for you to assimilate information that directly opposes something that you've already internalized.
Yep. And so we really need to be willing to have uncomfortable situations, right?
If you're a Fox News watcher, great. Watch Fox News. But then maybe also listen to NPR and maybe also listen to CNN so that when you meet somebody that listens to those, you can have the discussion and understand where they're coming from, or at least attempt to understand where you're coming from. Same thing.
You know, if you're an NPR listener, maybe you want to listen to Infowars and understand where the other side is coming from.
So you can have that civil discourse. There's uncomfortable conversations. So in the 80s, if you were an American, your choices for the news were ABC, CBS and NBC. Right.
So it didn't matter where you were on the political spectrum, if you were on one side and your neighbor was on the other side, when you went over the fence to talk to your neighbor, you could agree to disagree, but at least you still had the same information from which to draw your opinion.
The problem now is that we have so many choices that we self isolate. It is uncomfortable hearing information that doesn't fit our biases and so we end up self radicalizing. We only listen to media sources that reinforce our own beliefs, and so it makes it much harder for us to have that common ground to have that civil discourse.
I'm going to quote a movie which I think has some brilliant points in it. Some folks may find it a little sacrilegious, but there's a movie called dogma.
It's a comedy, and Chris Rock plays a character in there. He has this great quote that he says, somebody ask him is having beliefs bad? And his response is, I think it's better to have ideas.
You can change that idea. Changing beliefs is trickier, and that's a really kind of nice way to put it.
[00:24:32 Monica Smith]
It's so true. Yeah, it's so true. And it's interesting because I was thinking about, again, if I'm going to flip to the other world of recovery for a second, it all relates. We talk a lot about in that world. I talk a lot about intimacy is the problem and the solution. And by intimacy I mean emotional intimacy, connection with oneself and true vulnerable, authentic connection with others.
So it's the problem that we're walking around with. And however that's manifesting in whatever area. And the solution is in the problem.
And the big picture of connection versus disconnection. Can we be humans together organizationally? Can we be humans together? Because blame, where there's a villain, there's a victim, where there's a victim, there's a villain. It's the same energy.
It's it's a disproportionate relationship with power at the end of the day on either side. And so it's really a- can we maintain awareness of that big picture. And I think to your point, the level of choice of where information is coming from and where we can access it, and the ease to only focus on information that confirms our beliefs and humans and to only connect with humans that share those things, it's more dangerous than ever.
And when you take that back to okay, so now we have these very real threats and we're in a silo in the context of that, we're not going to be communicating well with each other.
We're not going to want to we're not going to receive information from someone or from some group. That and again, this can happen in the workplace.
This can happen anywhere. It's more threatening for all of us, I think, to be operating there.
[00:26:12 Pablo Breuer]
Yeah, absolutely. And there's a couple of words that I hate to use because they're politically charged, but I'll go ahead and use a cancel culture. You can't change somebody is behavior by not communicating. You change somebody's behavior by sitting them down and going, hey, listen, we're both Americans or we're both human beings, or we're both find some point of commonality and saying, our community thinks that that behavior was not okay.
That doesn't mean that you don't hold people accountable. You absolutely hold people accountable.
But you can't change somebody's behavior by locking them out and ostracizing them. That just it doesn't work.
[00:26:50 Monica Smith]
Well And that reminds me too. And I was looking it up to get it right. But so Susan Scott is a great resource. She has a book and lots of resources called Fierce Conversations, Fierce Leadership, among others. And the way she puts it to your point is she tells this story about, I think it was a husband one point at a conference or something was saying, I can't believe I have to keep having this conversation over and over again with my wife.
And we all know we've been there. I've been there. I know my husband would validate this. And her point is the conversation is the relationship. Yes. It's no, it's not the content, right.
It's the fact that you're having it and every relationship is failing or succeeding one conversation at a time. That's what she really talks about. And so it's really the-
And what I've seen at work, we talk about this a DTC all the time in terms of the culture we're working on. And of course, in private practice, in couples and in relationships. The conversations we do not have are always putting us at greater risk than the hard ones that we do have.
[00:27:53 Pablo Breuer]
Absolutely, absolutely. And, you know, there are micro examples of interpersonal communications, but there are macro examples of that.
When you look at history, I'm going to put myself in danger by oversimplifying slightly. You know, at the end of World War One, the Treaty of Versailles, really held certain powers at odds and held them to blame for that conflict.
And some of that was what led to World War Two happening right afterwards. And when you look at what happened at the end of World War two, when the allies went into Italy, when the allies went into Germany, when the allies went into Japan, the way that they reintegrated them into society. And it took a while was by saying, hey, listen, you're good people.
You were fooled by a small number, and we're going to welcome you back into society. Let's get in there.
It astounds me that we spend lots of time talking about how offensive influence operations happen, and the best example we have of how to walk people back to their how to cure them of disinformation after being radicalized is the Marshall Plan at the end of World War two, and I've seen very few study-
I've actually not seen any studies where people go, hey, listen, we took some really radicalized mass populaces and we welcome back to the rest of the world.
I mean, go into Germany. There's some of the nicest, most freedom loving, accepting people in the world. Now, that was not the case at the end of World War two. So we should really study how we had those conversations over a long period of time.
And instead of trying to find somebody to blame.
[00:29:30 Monica Smith]
Absolutely. Yeah. And I think that also gets to this idea. And I know this is sort of one piece of how this the positive psychology movement was came to fruition, which gets a bad rap because it's not about smiling and being happy all the time, but it's misunderstood to mean that.
But it's about looking not- There's so much research that focuses on all of the problems and all of the pathologies and all of the issues and all the things that went wrong, and not that that's not important, because we certainly need to learn and look at all those things.
But there are a lot of solutions. There are things that are working, whether it's corporations, societies, cultures, geography groups, there are lessons of things that do work or have worked or positive changes. And there's so much to learn from looking at that as well to be recreated.
And I think sometimes we can all- going back to negativity bias, we all become so focused on the problem identification that we miss the opportunities to look around for what's working really well around us that we can really dig into and learn from.
[00:30:32 Pablo Breuer]
Yeah, and sometimes it's really simple things. So I work in a industry that's absolutely horrendous about blaming people, right? I work in cybersecurity. And if I send you enough emails, sooner or later you're going to click on that spear phishing email.
Everybody does. I've done it. You've done it. And so if you work in cybersecurity, what's the first thing we do when a user clicks on a spear phishing simulation?
We kind of point and laugh and we make them sit through an hour of additional training. Right. Like that doesn't work. That does not endear your users to go, hey, I think I did something bad. Let me go put myself on report to security. You want to find out when there are problems. You want to do the root cause analysis.
You want to learn from it. And you can do those things without blaming an individual.
Now, certainly there are cases where people continue to do the wrong thing and then they refuse to learn. That's a little bit different, but for the most part, people are good and they make mistakes and they hear things that aren't necessarily true and they believe them to be true.
Or I think if we can all start out by a question of why did you believe that? Or why did you do that, or what made you act in that way? If we can come from, as you put it, emotional intelligence and try to put ourselves in the other person's shoes, it goes a long way. It's really I mean, we're in a very politically charged environment.
No argument about that whatsoever. It's really fascinating when people go on rants and then you go, okay, that's interesting. Tell me more about that. Why do you believe that? And it's like they're almost shocked that somebody is interested as opposed to yelling back why they're wrong. That stuff goes a long way.
[00:31:59 Monica Smith]
Don't we all just want to be heard at the end of the day and understood? I think it's just that core human need. We all want to be seen, heard, understood, and goals that can be easy to miss or seem insignificant in the context of all the other things.
And I think one of the things that you were talking about, I think I ran into this in some of the research, Andrew, of just Culture, when you kind of sent me a bunch of resources and I was digging in, it's this idea of not asking the who, but the what, how and the why.
And that's sort of gets to what you're saying, Pablo, of can we just remove the idea of the who and the blame altogether and still get to a solution?
I mean, the answer is yes, and it's scary and it's uncomfortable and it's something we all need to be focused on and trust that we actually can still get to a better solution if we don't have the conversation that way.
[00:32:46 Pablo Breuer]
Yea and we started out by talking about doing the morally correct thing right and doing the right thing even when it's hard. Doing the right thing becomes a lot easier if you know you're not going to be instantly blamed and ostracized for it, right?
People make honest mistakes. That's what happens. And so people are a lot more willing to admit they've made a mistake.
When there's compassion, understanding on the other side.
[00:33:10 Monica Smith]
Yeah, absolutely. Yeah. It does become easier. And I would even say if I go back to kind of growth mindset culture, this idea that mistakes are not something to be avoided, but actually a necessary component of learning and growth, level of threat matters and repeated mistakes that are a demonstration of an absence of learning or interest or desire or a willingness that's a different conversation.
But in the true nature of the course of being a human and learning and serving in a role, if we can have the mindset that that's actually part of it, it's a necessary component of it.
And therefore the definition of success is being willing to take a risk, to do the right thing or to speak up. If we can create a situation where that's actually defined as success and, you know, as you say, you know, that that's just everybody does it that way.
We're in this company. That's how we do it here. Then it does become easier. It feels less of the hard thing. It might be uncomfortable. It might open up another can of worms to solve. But it does feel safer to do that. And I think it's, I'm obviously biased, but I think these are the skills that should be getting so much more focus and priority.
And again, from the emotional intelligence standpoint, I know that's something we've definitely been focused on because these are really the foundation to all the other stuff we're talking about.
[00:34:29 Pablo Breuer]
Yeah. How does that mean go about you know, wisdom comes from experience and experience comes from bad judgment.
[00:34:35 Monica Smith]
Exactly!
[00:34:37 Pablo Breuer]
One of those things you've ever been a parent, you tell your children, hey, don't jump on the bed, don't touch a hot stove, don't run in the house. And sooner or later they do it when you're not around and they learn the hard way and they go, oh, now I really understand. Right?
So wisdom is really kind of the growing pains from learning from a mistake.
[00:34:53 Monica Smith]
Yep. Yeah. And I think there's fear and I think this came up a little bit last time we talked. Andrew I mean there's fear somehow there's this association that if there isn't someone to blame, there's no accountability.
And if there's no accountability, then nothing's going to change or somehow we're being too soft or too gentle or too easy, or we're letting people off the hook or we're letting ourselves off the hook.
I mean, there's a whole big amount of research. Kristen Neff is an amazing self-compassion researcher, and I think some of her findings showed that the people that were more self compassionate procrastinate less. But what we think is we have to be harder. We have to be harder on ourselves, on each other. So there's this underlying fear that without the blame, there's not accountability and it's not true.
But I think there's a lot of fear there that we have to confront as well.
[00:35:41 Pablo Breuer]
Well, there's some of that. There's some other kind of interesting cognitive things that happen. And so they're these fascinating social experiments where people believe that their beliefs are held by the majority of other people.
And so the simplest, most trivial example of that is 80% of people believe that they're above average drivers. That's not the way that math works.
And we could all kind of laugh at that. But so part of this is being aware. So there's a concept in political science called the Overton window. And the Overton Window is you take any particular subject and there's a range of things that you can say on the political spectrum and polite company, and there are things outside of that.
So if you're talking about undocumented immigration or illegal immigration, whatever you want to call that, you can say, well, those people ought to be given a path to citizenship.
You could say, no, those people should immediately be deported. What you can't say is that they're lizard people from planet Venus. They should be lined up and shot, right? Like that's upside.
It would be really fascinating experiment if social media because they can see what everybody says. If they could show you the Overton window and actually make you aware that, hey, you're actually pretty, Senator.
Hey, you're way off to one side or way off to the other. And then you might go, oh, the majority of people don't believe what I believe.
Maybe I need to see some of these other things instead. And so technology can provide those tools. It doesn't have to tell you you're wrong. It doesn't have to censor you doesn't have to do any of those things, just making you aware that you're outside the standard distribution of what most people believe is probably going to be enough for most people to go, wow, I need to probably figure out why I'm out here, why more people don't believe that, and it's going to make them curious about it.
Not for everybody, but I think for a large percentage of people it would work.
[00:37:23 Monica Smith]
Yeah, that's really interesting and fascinating. And I was thinking about it. It reminded me of a micro level experience of that that we just had here. In fact, we were in a meeting yesterday talking about a new initiative here at DTC and we kind of went around the table.
And, I mean, I wasn't looking at it this way at the time, but what you're talking about, you were kind of checking in around the table and all of the different departments, are you good with this or are you good with this?
Is this make sense? Does this track? And we got around to one person who said no, but that tells me everything I need to know that it's a me thing, right? Because we did like literally a human in person level pulse check. But it was really helpful for all of us to go through that together. And he was practicing what you're saying.
It gave him that information. So that's like the micro level of the macro kind of fascinating experiment that you're talking about. And goes to show that there's all kinds of ways to practice this.
[00:38:14 Pablo Breuer]
Absolutely. And the converse of that would be a tenth man. So if you get in a meeting and nine people say all the same thing, that 10th person should probably disagree, just, yes, force people to have the discussion. Right? Because otherwise you're going to self-select your own biases and you might be missing something. Now that 10th person could be entirely wrong, but that's okay.
It's kind of their duty to go. We all agree. What are we missing? Let me play devil's advocate.
[00:38:39 Monica Smith]
Yes, absolutely. That's true too. And that came up Andrew, I know in our last episode of also the practice of assigning people to purposely challenge and to purposely find the dissenting opinion because that's valuable to, to make sure we always have that perspective as well.
[00:38:56 Pablo Breuer]
And the other nice thing about that, right, is if you know that they're assigned. So for having a meeting where, like Monica, you're going to be the contrarian this time, there's really nothing that you're going to say that's going to upset Andrew and I, because we know that your assignment is to be contrary.
[00:39:09 Monica Smith]
It's safe. It's a good safety to put into place. And it's easier for me because I know that's my role and that's the expectation.
[00:39:16 Andrew Rose]
All right. Well, I've made some notes here to Monica. So I, I want to add the self-awareness self-regulation piece.
I want to expand a little bit upon that because something Pablo mentioned late last year and we were going over this is a possible way to inoculate organizational team members against these AI enabled attacks. Was to send sort of the phishing emails out 2.0 and send them out in an AI enabled way and try and trick the receiver.
And what we want to do is implant an anger in that receiver for being tricked. They're individualizing that and that. Then will that hopefully not only then, not only organizationally, but across the broader spectrum, whether it's election disinformation and what have you, Pablo, can you- because that was what I think at the time was genius.
I'm sure you thought a little bit more about that too.
So could you expand upon that?
[00:40:09 Pablo Breuer]
Oh, man, I'm going to need a little bit more. We've had so many conversations. I'm trying to remember the point I was trying to make, Andrew.
[00:40:16 Andrew Rose]
Well, more so than anything else, what you wanted to do was have the individuals internalize and anger at themselves for being tricked and using the, sort of the phishing email technique. Not a phishing email per se, but other means of digitally altering other message content.
You know, person sending it like it could be a CEO saying, hey, change my bank account.
[00:40:34 Pablo Breuer]
Again, right? Like when you look at the phishing emails, when you see the scams happen, they all play on these strong emotions that we have. It's never like the guy or gal that sits in the cubicle next to you that sends a thing going, hey, please print this for me real quick.
Just click on the link right? It's always the CEO that instills fear.
It's a missed opportunity. Hey, I'm a Nigerian prince and I've got $25 million and you're going to miss out if you don't help me. It's always these emotional tricks.
And so it's one of those things. Again, people click on social media and email scams all the time. It's not your fault. But once you realize you've fallen for that, you should go back and go,
What were the triggers that led me to react that way? Was it fear? Was it happiness? Was it a nervousness? How do I do that? And these are very well known cognitive and psychological triggers for us. And they really do go back to our basic survival instinct.
If the instant thing you want to do is click on a button or click on a link, you probably need to stop and take a breath and go grab a cup of coffee and go, okay, what just happened?
[00:41:39 Monica Smith]
Well, and I think to Andrew, to your point, what's fascinating, thinking about that, A) from a self-awareness and self-regulation. Right.
Like teaching a skill of what is going on in my head, my heart, my body, like literally paying attention, being aware because we're not going to get anywhere without that. And then self-regulation being a thermostat, not a thermometer.
I not only set my baseline level, but I know when I'm above or below, and I know some skills and some things to do to kind of regulate myself back so that I can make thoughtful and intentional decisions about what to then do, which obviously a lot of skills involved in that.
But then not only those pieces of kind of what you're talking about, but then what is the organizational culture? What's the favorable environment to have that person then use that not only learning for themselves, but to share that learning with the team. Oh my gosh, this happened. Here's what I noticed in my body. Here's what I was feeling in my emotions.
Here's all the thoughts that were flooding through my mind. Here's all the fears and here's sharing that.
Like from a peer learning perspective, it's one thing to sit in the room and talk about emotional intelligence skills. But if we're not also learning how to apply it, and I think there's nothing more powerful in applying it than actually giving everyone the opportunity to share that in real time as it's happened.
[00:42:59 Pablo Breuer]
Yeah, I mean, that's how group therapy works, right?
[00:43:01 Monica Smith]
It is. Yes. It's very powerful.
[00:43:02 Pablo Breuer]
Yeah. You know, whether it's Alcoholics Anonymous or Veteran support group or whatever, people stand up and go, so I made this mistake here, the things I learned from it.
Now the collective gets to learn from the lessons of the individual. And so it's fascinating. I'm gonna go back to some of the religious or political issues that we have.
There have been some really fantastic experiments where they took groups of people at opposing sides of an issue, and they said, okay, here's what you're going to do. You're going to have a weekly lunch together to talk about these issues. And what they find very quickly is really just after a few short weeks, they have far more in common than not.
And so when they hear these things that are upsetting to them, whether it's on media or social media or out in town or whatever, they now have somebody that can kind of calibrate them and go, here's why people believe this.
That's also the reason that people that were part of radical groups that are no longer part of those radical groups are really good at getting others out of those radical groups.
So there are people that were formerly members of neo-Nazi or Ku Klux Klan or what have you. They left and they're really, really good at getting other people out of that because they've been in those shoes. They understand the context, the content, the perspective, they understand the challenges and the language. And so they're really, really effective at helping people learn from their own mistakes in the past.
[00:44:26 Monica Smith]
And I think that's why peer learning is huge from an organizational perspective. It's, as you said, it's coming from that audience that they know best how to speak to each other in that regard. So yeah, I think that's absolutely true.
[00:44:40 Andrew Rose]
This is beyond phenomenal. I mean, the tapestry we've woven here is just magnificent. One thing I do want to make a note up here to Pablo. Thank you for the dogma shout out. We frame that one around beliefs and dogma has made me question my beliefs on the whether God is a male or female now after watching that movie.
So every time I see someone say God's a hey, I'm like, oh well, have you seen dogma? There's a different narrative in there.
[00:45:07 Pablo Breuer]
You have to leave your feelings at the door with that one. You have to be willing to laugh at yourself if you're going to go watch that movie. But, I mean, who doesn't like a movie with Chris Rock and Salma Hayek and.
[00:45:17 Andrew Rose]
Black Matt Damon.
[00:45:18 Pablo Breuer]
Matt Damon.
[00:45:20 Monica Smith]
And also the sometimes simple but forgotten role of just like, laughing at ourselves as humans and laughing at what it is to be a human. I mean, I know for me, like in my younger years I was told often I'm too serious. And now it's like, ironically, a joke that I have to remember to infuse humor into my life because I can get too serious.
I'm all caught up in my head about things, and so remembering to expose myself to funny things and funny people that have humor that comes more naturally is very valuable to me.
[00:45:49 Pablo Breuer]
I'm a proud member of Gen X, comes with its own baggage, but you remember some of the movies and comedy shows that you grew up with and they would be found horrifically offensive, right? Completely unacceptable. At the time, though, it was a really good way for everybody to laugh at themselves.
When you watch Eddie Murphy's Delirious, he makes fun of the black population, and they loved it because they were in on the joke.
If you watch an old Mel Brooks movie, they make fun of the Jewish population, and we laughed at it because we were in on the jokes. I think we've lost the ability to laugh at ourselves and it's okay. It's okay for us to laugh ourselves. It's okay if we're welcome to laugh at others and laugh with them as opposed to at them.
It's kind of that discomfort thing where you hear a joke, that you see a skit and you look to the person's left and right, you and go, are we okay laughing at this? And most times, yeah, we're okay laughing at it. It's fine.
[00:46:44 Andrew Rose]
Well I love where these conversations go. It's never quite the point where I think it's going to end up.
You know, Pablo, since we do have you here and there's a little bit of time left on the clock, and given the nature of the work that you're doing and where we're going as a democracy into an election cycle, what are some things from an election misinformation security standpoint you can just share with the general public just to be aware of or whatever that thing might be?
[00:47:11 Pablo Breuer]
Yeah, I know there's a couple of things. The first one is if you're reacting to something emotionally, you're probably being manipulated. Definitely go back and get other sources. If you can't find other sources, you should ask yourself why.
And they don't have to say exactly the same thing, but they should be in rough agreement, right? A good 70% or 80% of it should be the same.
The editorializing is what's different. The other one is remember who the source of truth is. And I'm not going to tell anybody who the source of truth is. That's kind of up for you to decide. But when there are narratives about, say, Mail-In ballots.
Ballots are handled by your local elections committee. Talk to your local elections committee. Ask them about how the ballots work, ask them how the mail in ballots work.
Don't listen to some pundit that sitting at a national news center that has never been to your county and doesn't know anything about your county. Talk to your local representatives. That's how this works. Talk to the other side.
You know, when you hear things from the other side that you disagree with, get to know them. Ask them why they feel that way, have that discussion, have the uncomfortable discussion.
We're all here. We we all have kids and families and loved ones, and we all want a better life for ourselves and for those that come after us and start from there and go from there. But always look for corroborating sources. Make sure that you can separate what is being reported as a fact, as opposed to what is editorializing.
We've gotten really bad in media writ large here in the US, where we intermingle reporting of the news facts with the editorializing. That used to not be the case. Perhaps we need to go back to that.
Make sure that you can tell the difference between what is a fact and what is that talking heads opinion. Get uncomfortable, right?
Listen to sources that you wouldn't listen to normally, and make sure that what you are assimilating is true.
[00:48:57 Andrew Rose]
I really appreciate that we have multiple different podcast titles that we're thinking about. Instead of announcing what the next one is going to be, I do want to digest everything we've discussed here, because I think there's multiple tendrils that spring out of here from a beneficial way, and maybe some other voices that we need to draw on to the room as well.
So, Pablo, Monica, thank you dearly so much today. I mean, again, I think everyone understands now why I call Monica philosopher in addition to everything else she does, just how she frames these ideas and brings them forth in a way that is not only palatable, but understandable to someone like me of a lesser intelligence. And Pablo again, a man with your CV.
I'm so honored to have you here today and on this podcast.
[00:49:38 Pablo Breuer]
Thank you so much.
[00:49:39 Monica Smith]
Andrew, and thank you so much, Pablo. This is really fascinating. And I have many, many pages of notes, so I'm excited to expand on these things.
[00:49:48 Pablo Breuer]
Andrew, always a pleasure. My friend. Monica, it was lovely to meet you. I look forward to continuing the discussion. I learned a lot today. Thank you very much.
[00:49:55 Monica Smith]
Yeah, thank you so much.
[00:49:57 Andrew Rose]
Great. And I'll leave everyone. If you're a dentist in the Mid-Atlantic and you have an IT issue, please go to ww.DTCtoday.com and we will answer all your questions and be happy to take your call. Have a wonderful day.
We would love to hear from you. Please email us your questions or comments to askus@DTCtoday.com. New episodes of Cyber Savvy are posted the second Tuesday of every month. For more detailed information, visit our website at DTCtoday.com. Be prepared. Be cyber savvy.