avatarBorut

Summary

Entrepreneurs should prioritize internal reflection and quality improvement over pursuing hackers, recognizing that hackers can act as catalysts for systemic improvement akin to coyotes in an ecosystem.

Abstract

The article emphasizes the importance of "brutal self-reflection" for entrepreneurs, particularly in the FinTech sector, advocating that resources should be focused on internal analysis and quality enhancement rather than the pursuit of hackers post-breach. The author, drawing from an interview with a former national bank chairman and personal experience in a CISO role interview, suggests that less than 50% of resources should be dedicated to capturing perpetrators after a hack. Instead, the focus should be on understanding and improving the environment, mistakes, and loose ends to prevent future incidents. This approach is likened to the role of coyotes in nature, where they are not the problem but a mechanism revealing systemic flaws, much like hackers expose vulnerabilities in business systems. The article also critiques the 'Release first, Fix later' business strategy, comparing it to the imbalanced dynamics of mice and snakes in nature, where an abundance of one leads to their own demise due to overlooking quality and security for competition. The conclusion urges a shift from short-term financial evaluations of quality and security to long-term, adaptable strategies that prioritize product and service quality as the foundation for security, suggesting the adoption of best practices and security frameworks like CIS, ISO, or NIST.

Opinions

  • The author believes that entrepreneurs should care about "brutal self-reflection" to improve their businesses' quality and security.
  • Focusing on persecuting hackers is deemed non-core business and a misallocation of expertise and resources.
  • Admitting and correcting mistakes is seen as a sign of growth and a way to enhance product and service quality.
  • Hackers are likened to coyotes in an ecosystem, serving as a mechanism to identify flaws and force systemic improvement.
  • The 'Release first, Fix later' approach is criticized for creating ideal conditions for security breaches, similar to how an imbalance in nature leads to population control by predators.
  • The article suggests that low quality and numerous

THOUGHTS🔛SECURITY

Why Entrepreneurs Should Care About Brutal Self-Reflection

And about a popular business approach that appears to be self-destructive

Business photo created by drobotdean — www.freepik.com

I was listening to an interview with a former chairman of a national bank. He explained how the future ‘FinTech’ businesses will have to operate. He mentioned the term brutal self-reflection.

I often remember that and reflect on the meaning.

I applied for a CISO role with a FinTech company. The CEO of a company asked me an interesting question. “What percentage of the available resources would you dedicate to persecuting and capturing perpetrators if a hack occurred?”

Less than 50 percent

I paused for a few seconds and replied: “Less than 50 percent.” My response surprised him. “Persecuting and catching criminal offenders is not your core business or range of expertise. Therefore, I believe you should not put too much focus on that,” I explained.

Of course, I would want to help and cooperate with authorities and specialized institutions. Particularly if our customers were severely damaged. But I do not wish to entirely focus on bringing the case to a satisfying epilogue.

I firmly believe we should focus our efforts and resources internally. Analyze in detail — the environment, our mistakes, and loose ends. After all, that will help us prevent similar events in the future. And show a certain maturity level to our customers. Not persecuting perpetrators.

Admitting their own mistakes and improving them is a sign of growth — an excellent start to provide better quality and security of products and services. There is always a lot of faults and flaws to be fixed. A perpetrator only needs to find and exploit one (or a few) of them.

Chasing and persecuting hackers will not improve quality or security. Not without a proper amount of brutal self-reflection. It does not make it more difficult — for new or returning ones — to attack. Ultimately, it might scare off a few. But the environment will not improve. All the faults, flaws, and loose ends will remain open for new exploits.

This sounds kind of familiar, like with bacteria — systemic cleaners in Nature. We need to focus on finding and solving root causes. Eliminating symptoms or consequences never solved a problem.

Hackers and Coyotes

The Biggest Little Farm’ movie remarkably portrayed Nature and the Ecosystem. It also revealed coyotes’ fundamental role in it — a vivid engaging analogy to parallel the business ecosystem.

Thinking about that led me to realize the meaning of brutal self-reflection in business. Hackers (or coyotes) are not the culprit. They are merely a systemic mechanism (a key component in a system, actually). The one with the task to identify obstacles and mistakes. The one that forces the system to improve and evolve.

We learn the most from our mistakes. And hackers are ‘the system’s mechanism’ that detects those faults and flaws. What we identify are the symptoms and their effects. Symptoms are never the cause, but they do cause pain, especially to the ego.

If you can keep your ego at bay, you start to seize and embrace the need for self-reflection. And maybe learn enough to see the point in getting brutal at it. Hackers are the warning signs reminding you to re-evaluate and re-inspect your systems. They are the symptoms of faults and flaws you have managed to neglect.

You can then identify and fix all the causes you ignored. And improve the quality of your product(s) or service(s). That will make it less likely for symptoms to (re)appear. And help in fulfilling your responsibility — to safeguard your customers.

Release first, Fix later

‘Release first, Fix later’ is a widely used business approach these days — a textbook example of how to provide bountiful conditions for ‘coyotes’ in the business ecosystem.

It is similar to snakes and mice in Nature — balancing each other’s population.

When mice live in abundance, they grow in numbers. In large numbers, they start to prioritize ‘internal’ competition. As such, they become reckless of ‘external’ dangers and easy prey for snakes.

Which leads to bountiful conditions for snakes. Snakes start to grow in numbers and decimate the population of mice. That, in turn, makes the remaining mice more cautious.

Decimated and cautious, mice as food become a scarce resource for snakes. That leads to a decrease in the population of snakes. This is how Nature balances snakes and mice, as both play an essential part in the Ecosystem.

When a species ceases to play an essential role in the system (or another one evolves to perform that role better), it dies out.

Nature is an excellent architect and teacher. We can learn a valuable lesson from that analogy above. When there are too many businesses (related, in the same field), they typically start to shift their focus from quality to competition.

Leaders become hasty and reckless. They devote less attention to quality and security. And make more mistakes, leaving more ‘loose ends’.

Less Quality = Less Security

Less quality means less security. Hackers do not pose the only threat. Low quality and too many ‘loose ends’ can turn your customers into a substantial threat.

To perform a vital role for the system poorly or detrimentally translates into redundant, useless, and expendable. Only the efficient and useful ones get rewarded (or tolerated).

Ecosystem(s) can not evolve (or exist, in the long run) without coyotes and hackers. If you eliminate them, others will come to take their place and try to balance the system. Every system strives towards a functional balance. Life is in a constant seeking of balance. Not seeking or achieving static balance means atrophy or death.

You should not put your direct attention to threats such as hackers. Instead, lower their ideal conditions by focusing on your products and services. Self-reflect, improve, and evolve. You will increase your overall efficiency and value to the whole system.

You should consider focusing more on self-reflecting, improving, and evolving. You will increase your overall efficiency and usefulness, also for the system.

Conclusion

I do not advocate criminal behavior. If you find my beliefs irrational, give that movie a try. It might open some new perspectives for you.

Hackers are here to stay, so get used to them. Focus on your quality and awareness instead. To eliminate all competition, or to adapt and evolve? What do you think is best — for all?

It is not the strongest or the smartest species that survive. But the most adaptable to the environment. This means we need to seek balance. Not to adapt the surroundings to our (limited) capabilities, but adapt ourselves and evolve.

The prevailing ‘Release first, Fix later’ mantra amplifies ideal conditions for hackers. If we adopt that approach, we can only expect one thing — an even faster-growing trend of hackers and their attacks.

This forecast is pessimistic at first sight. And security professionals still have to do their jobs. But you have to incorporate (brutal) self-reflection, face mirrors, and keep your own ego at bay. That way, you can evaluate and improve both — the quality and security of your environment.

Where to start

Quality of product(s) or service(s) is a prerequisite for security. You should invest a substantial amount of your thought and resources into it: Research ‘best practices’ and security frameworks. Implementing CIS, ISO, or NIST will help you build stable quality and security (systems).

“99% of the market is short term.” — Gary Vaynerchuk

Stop evaluating quality and security with financial attributes and in the short term.

Remember — it is easy to know something. But the point is to understand. Even when disagreeing with the perspective of another person, we can take something valuable out of it.

Thank you for your time and any thoughts you might want to share. If you clap, it matters to you. Thus, more people get to see and read this. It also lets me know what kind of articles to write.

Life Lessons
Entrepreneurship
Business
Leadership
Information Security
Recommended from ReadMedium
avatarMike Scarpiello
I May Never Find a Full-Time Job Again

Striving and surviving in my 50s in a very crowded profession

5 min read
avatarAlexander Nguyen
The resume that got a software engineer a $300,000 job at Google.

1-page. Well-formatted.

4 min read
avatarStephan Joppich
Goodbye, Atomic Habits

The overlooked problems with building healthy habits

9 min read
avatarDavid Loewen
How to Have an Eclectic (And Incredibly Rewarding) Career

No two days the same — and why that’s a good thing

6 min read
avatarOssiana Tepfenhart
Korea’s Shocking Incel Problem Is So Much Worse Than You Think

No, for real, this is terrifying.

10 min read
avatarBernard Builds
AI Is Running My SEO Blog. Here’s the Growth So Far

Half a million impressions, thousands of clicks, and top of Google rankings

6 min read