Borrowed Perception
The importance of listening to ideas that differ from your own
While CISO at HCA Healthcare, I became a certified instructor for the Model-Netics management training and development program. The program covers the landscape of management responsibilities through 151 unique models/lessons. I had the honor of taking more than 300 aspiring managers through the 30 hours of instruction over 12 years of teaching the class. One of the models that really resonated with me is called “Borrowed Perception” – utilizing knowledge and experience of others to augment yours and improve your decisions.
Cybersecurity leaders are confronted with new challenges daily – threats and attacks never seen before, “zero day” vulnerabilities that were literally not known yesterday, and technology and data changing at the speed of business. We have a wide surface to cover, and pulling in the knowledge and ideas of others is crucial covering it. Borrowed Perception from others provides:
Subject matter expertise: Security is a multidisciplinary field, and engaging experts across the many areas enables us to make the most knowledgeable and effective decisions. The same applies to your organization and the need to consult with business and IT leaders to align your program with business needs.
Diverse thinking: Do you think the same way as a hacker for the Lazarus Group in North Korea? Probably not. Bad actors like them play a different brand of chess, making it hard to anticipate their moves. However, if you stack up the diverse backgrounds and ideas of your team and network, you stand a better chance of matching their moves. “Two heads are better than one,” but don’t stop at two.
I have bachelor’s and master’s degrees in agriculture, and always felt I had a glaring gap in my technical knowledge, but actually it forced me to listen and learn from others to compensate. I didn’t realize it at first, but I was using Borrowed Perceptions.
There are five steps a cybersecurity leader can take to foster the use of Borrowed Perception:
Hold regular team meetings: Use team meetings and town halls for two - way discussion of projects, challenges, and potential improvements to create an open environment where individuals at all levels feel comfortable sharing their ideas.
Cross-functional outreach: Organize sessions with teams from different departments to discuss cybersecurity risks and plans to solicit feedback.
Establish an advisory board: Create an advisory board of representatives from various departments, including IT, legal, HR, Internal Audit, Communications, and Operations; discuss security strategies, risk assessments, and proposed actions to get their feedback.
Promote diversity on your team: The broader the perspectives on your team, the broader your team’s thinking becomes. Broad perspectives come from diverse backgrounds and skills.
Take full advantage of external networking and information sharing groups: My former team’s connection with the Health ISAC (Information Sharing and Analysis Center) and participation in industry conferences, forums, and networking events was an invaluable mechanism for sharing intelligence and best practices.
More than anything: Listen. Becoming a cybersecurity leader is a long, tough climb, and it is easy to feel that the job requires that you have all the answers. A modern CISO cannot tackle the job alone – we must make use of every tool at our disposal. Borrowed Perception is a force-multiplier for ideas and also fosters buy-in and a culture of ownership of cybersecurity. Put the concept to work for you.
Hold Fast and Stay True!