A New Model: Advancing Organizational Security Through Peacebuilding

Who Are We?Michele Chubirka, aka "Mrs. Y.," is a recovering

UNIX engineer working in security. She is also the host of the Healthy Paranoia podcast, the information security feed of Packetpushers, and official nerd hunter. She likes long walks in hubsites, traveling to security conferences, and spending time in the Bat Cave. Sincerely believes that every problem can be solved with a "for" loop.

Joe Weston is a workshop facilitator, consultant, and author of the book Mastering Respectful Confrontation. He is also the founder of the Heartwalker Peace Project, which creates opportunities for connection, discussion, and creative collaboration.

Who We Aren’t

Special Request

Importance of feeling heard.

Please put laptops and phones away for now.

A Language of ViolenceThe taxonomy of information security is

borrowed from the language of war.

How does this impact the way we interact with our user community?

How does this affect the practitioners?

Peacebuilding LevelsPersonal

Social

Institutional

Personal + social = institutional change

"The human brain hasn't had a hardware upgrade in about 100,000 years."

Daniel Goleman, Author of Emotional Intelligence

Users Aren’t StupidWe spend millions of dollars on security products

and at the end of the day, the weakest link is the user.

Even with training, users make the wrong choices.

What if the problem isn’t about the user at all, but us?

Something isn’t working

We’re swimming in data, but we still can’t make predictions about intrusions.

How can we realistically change user behavior?

User: DefinitionPeople who aren’t us.

Developers

Administrative Staff

Management

Brain RTFM

Neuroscience 101Limbic System: The interior of the cortex, includes the hippocampus and amygdala. Supports emotion and long-term memory.

Prefrontal Cortex: Region responsible for planning, decision making and moderating behavior.

Think of the limbic system to the prefrontal cortex as a horse is to a rider.

Demonstration: A Brain In the Palm of Your Hand

Hold up your hand and make a fist.

This is a good representation of the brain and spinal column.

The brain stem, limbic system and neocortex.

* These two slides are oversimplifications of a very complex system.

The Threat Response: Step 1Cortex receives input (externally or internally) from the thalamus, a component of the limbic system.

The Threat Response: Step 2

Limbic system and prefrontal cortex (the executive or evaluator of the brain) take in data simultaneously.

The Threat Response: Step 3

Amygdala, responsible for emotional response and memory, acts as an alarm activating the fight/flight hormonal response if threat is perceived.

The Threat Response: 4Then the sympathetic nervous system sets up organs and muscles for fight/flight response, inhibiting digestion and the hypothalamus prompts the release of stress hormones. 

Emotional Contagion

The limbic system is an “open loop,” influenced by other people’s emotions, aka mirror neurons.

Mirror neurons activate when an animal performs an action or when an animal observes the same action of another animal.

They are thought to be the basis of empathy.

Also called emotional contagion.

Negativity

The brain has a negativity bias because the limbic system is quicker than the prefrontal cortex at perceiving and analyzing potential threats.

Traumatic experiences are “stickier” than positive, happy experiences, i.e. harder to un-map.

No Escape From ThreatMost of us are in a permanent state of cortisol

overload due to the constant stressors of modern life and the fact that stress hormones stay in the body for hours.

This decreases intellectual capacity, memory capacity and lowers impulse control.

Stress makes you stupid.

Amygdala HijackKey indicator: intense and immediate emotional reaction, followed by the understanding that it was inappropriate.

I thought that stick on the ground was a snake!

I don’t like you or I’m bored, so I won’t cooperate or listen to what you have to say.

That guy who cut me off in traffic was trying to kill me!

Why were you so insulting to me in that email yesterday? (studies show there’s a negativity bias in email.)

Other examples?

Thin Slicing: Warren Harding Syndrome

Human beings make quick decisions based on intuition. Think “love at first sight” or a “gut reaction.”

This is sometimes called “Thin Slicing.”

One example is “Warren Harding Syndrome.” A mediocre presidential candidate, Americans voted for him , because he was tall, good looking and charming.

Harding has been called one of the worst presidents in history.

Thin Slicing: Bedside Manner

The likelihood of a doctor being sued has little to do with the number of errors made.

In an analysis of malpractice lawsuits, there was no correlation between the number of mistakes by doctors and how many lawsuits were filed against them.

Malpractice?

In studies, psychologists were able to predict which doctors would be sued more by analyzing the amount of time spent with patients and if the tone of their voices sounded “concerned.”

Patients file lawsuits because of how they are treated.

The Power of Mirror Neurons

Marie Dasborough observed two groups:

One group was given negative feedback accompanied by positive emotional signs, nods and smiles.

Another was provided positive feedback that was delivered using negative emotional cues, frowns and narrowed eyes.

Entrainment

Those who received the positive feedback accompanied by negative emotional signs reported that they felt worse than participants who received negative feedback given with positive emotional cues.

The delivery was more important than the message.

Your emotions and actions will be mirrored by those around you.

This is similar to a phenomenon known in physics as entrainment.

Is Efficiency Overrated?Study conducted by Gillian M. Sandstrom and

Elizabeth W. Dunn of the University of British Columbia.

Participants who “smiled, made eye contact, and talked with the cashier” at a coffee shop reported higher satisfaction and moods than those who avoided interaction.

Small, unimportant interactions with others can create a feeling of connection according to researchers.

There’s No Mr. Spock

Neurologist, Dr. Antonio Damasio, had a patient who had been a successful corporate lawyer.

A tumor was discovered in his prefrontal lobes and the surgeon who removed it inadvertently severed the circuit between this area and his amygdala.

Somatic MarkerThere was no obvious damage to his cognitive

abilities, but his life fell apart.

It was discovered that he couldn’t make decisions when presented with the simplest choices.

He no longer had any feelings regarding these options, no preferences.

This is the basis for Damasio’s Somatic Marker Hypothesis, in which it is proposed that emotions assist with complex decision-making.

It is a gross misconception that reason can be completely separated from emotion.

You’re the ThreatThe WAY we present information is just as

important as WHAT we present.

In the first few minutes we interact with someone, we’re being assessed for our potential to provide reward or punishment.

Could I have some carrot with that stick?

It’s Tribal

As humans, we’re constantly trying to maximize pleasure or minimize pain.

That black, unwashed t-shirt and body art may feel like a personal statement, but it can impact and even alienate those we’re trying to convince.

Are you a member of their tribe?

Social Connections Matter

Anthropologist Robin Dunbar found that a species’ brain size—size of its neocortex, the outermost layer—is linked to the size of its social group.

We have big brains in order to socialize.

We’re Wired To Be SocialIn the brain’s non-active moments, when not

involved in a specific task, it reverts to a configuration called the “default network.”

According to researcher, Matthew Lieberman, this appears to resemble another configuration, the social thinking brain, which is empathetic.

“The default network directs us to think about other people’s minds—their thoughts, feelings, and goals.”

That was the bad news.

Now for the good.

Training That WorksThe Dynamic Feedback Loop

In the 1960s, Stanford University psychologist Albert Bandura determined that giving individuals a clear goal and a method of evaluating progress increased the likelihood that they would achieve it.

Feedback LoopsWhere are they used?

Personal training, leadership coaching, digital speeding signs.

In Garden Grove, California, the use of digital speeding signs reduced speeds on an average of 10%.

This was more effective than police ticketing.

Let’s Have Some Fun

Draw the letter “e” in the air in front of you.

*This is a decade-old method social scientists use to measure perspective-taking – the ability to put yourself in someone else’s shoes.

Communication That Works

• Interaction based on the core competencies of Emotional Intelligence, such as self-awareness, self-regulation, empathy, and motivation.

• Social engineers already use some of these skills to create emotional and social affinity with a target. It’s called pseudo-empathy.

• Conflict resolution methods such as those based on Non Violent Communication (NVC) and Restorative Practices.

Self Awareness ExerciseIt’s called “labeling”

Think of it like putting yourself in debug mode.

Process emotions or sensations you experience in real time.

Let’s try it.

Say to yourself, “Right now, I’m experiencing….”

Communication Models

XYZ model

Respectful Confrontation

BEER Method

NVC

XYZ

In situation X...

when you do Y...

I experience Z.

Joe Weston’s Respectful Confrontation

Behavior

Impact

Need

Make a request

Suzanne Kryder’s BEER Name the behavior

Its effect

The emotion experienced

The requested behavior

BEER = Behavior Effect Emotion Request

Marshall Rosenberg’s Non-Violent Communication

Facts or observations

Feelings

Needs or what’s “alive”

Request

RespectIf you want respect, you have to give it.

How do we disrespect our users?

Sophos study said only 4% of IT staff trust their users.

What percentage of users trust US?

“How To Break a Terrorist”Two tragedies to Abu Ghraib.

The human cruelty

The obvious failure of humiliation and violence in gathering intelligence.

Interrogator, Matthew Alexander, discovered that building rapport with prisoners was the most efficient way to get information and stop terrorism in Iraq.

“The quickest way to get most (but not all) captives talking is to be nice to them.”

Mark Bowden, author of Black Hawk Down

MotivationStudy sponsored by the Federal Reserve Bank found three main factors motivate people in their work.

AutonomyMasteryPurpose

If we want security “wins” we have to include everyone as partners in a cooperative process.

Neuroplasticity: You Can Change Your Brain

It is no longer believed that the brain becomes static after childhood.

The brain is always changing. This is caused by physiological, environmental and behavioral factors.

A study found increased cortical gyrification with more years of mindfulness practice.

Higher gyrification usually correlates to intelligence.

Practicing Respectful Confrontation

My Truth != The Truth

Synonymous?

True Power

Brute Force

Confrontation

Conflict

Assertiveness

Aggression

Concepts to Explore

True Power != Brute Force

Confrontation != Conflict

Assertiveness != Aggression

Four Pillars of True PowerGrounding

Focus

Strength

Flexibility

Vulnerability != Weakness

It is only in your vulnerability

that your true power

is revealed.

“Water is fluid, soft, and yielding. But water will wear away rock, which is rigid and cannot yield. As a rule, whatever is fluid, soft, and yielding will overcome whatever is rigid and hard. This is another paradox: what is soft is strong.”

Lao Tzu

Personal Space

5 Steps of Clear Communication

1. Contact with yourself

2. Contact with other

3. Desire/Impulse

4. Act of communication

5. Received message

Key TakeawaysBad trumps good in the human brain.

You can’t turn your emotions off or leave them at home. It’s like wearing a bad toupee. You aren’t fooling anyone.

If the limbic system is an open loop, we’re all responsible for the quality of the emotional landscape.

Stress makes you stupid, by shutting down blood flow to the critical pre-frontal lobes. If you set off a stress response in someone, you minimize the chance of having a rational dialogue with them.

Confrontation isn’t always negative. Resistance to change can be a valuable source of feedback.

Cyber PeacePeaceful doesn’t mean passive.

Peace isn’t the absence of war or conflict.

Violence isn’t always physical. There are subtle ways to commit harm against another.

Let’s stop blaming the victims and work in partnership with our users to empower each other in our mutual goal of enterprise security.

“If you use government to show them the Way and punishment to keep them true, the people will grow evasive and lose all remorse. But if you use integrity to show them the Way and Ritual to keep them true, they’ll cultivate remorse and always see deeply into

things.”

From “The Analects” of Confucius 5th century B.C.E.

Where Can You Find Us?

Michele Chubirka, spending quality time in kernel mode.

http://www.healthyparanoia.net

Twitter @MrsYisWhy

Google+ MrsYisWhy

networksecurityprincess@gmail.com

Joe Weston, writing and teaching workshops.

http://www.respectfulconfrontation.com/

Attention Tutorial Attendees!Please don’t forget to fill out your Tutorial

Surveys.

Your feedback is very important to us and helps us shape the future

of the LISA training program.

Please visit www.usenix.org/lisa13/training/survey and fill out the appropriate surveys.

Thanks for your help!

ReferencesChubirka, Michele. "Is Cyber Security a Form of Violence." Web log post. Packetpushers. Packetpushers, 31 Jan. 2012. Web.

Esfahani Smith, Emily. "Social Connection Makes a Better Brain." The Atlantic 29 Oct. 2013: n. pag. Print.

Goleman, Daniel, and Richard Boyatzis. "Social Intelligence and the Biology of Leadership." Harvard Business Review Sept. 2008: 74-81. Print.

Goleman, Daniel. Working with Emotional Intelligence. New York: Bantam, 1998. Print.

Hanson, Rick, and Richard Mendius. Buddha's Brain: The Practical Neuroscience of Happiness, Love & Wisdom. Oakland, CA: New Harbinger Publications, 2009. Print.

Kryder, Suzanne. The Mind to Lead. N.p.: NeuroLeap, 2011. Print.

Luders, Eileen, Florian Kurth, Emeran A. Mayer, Arthur W. Toga, Katherine L. Narr, and Christian Gaser. "The Unique Brain Anatomy of Meditation Practitioners: Alterations in Cortical Gyrification." Frontiers in Human Neuroscience 6.34 (2012): 1-9. Print.

O'Connell, Andrew. "HBR Blog Network / The Daily Stat." Harvard Business Review. Harvard Business Review, 30 Oct. 2013. Web. 02 Nov. 2013.

Pink, Daniel H. Drive: The Surprising Truth about What Motivates Us. New York, NY: Riverhead, 2009. Print.

Pink, Daniel. "Why Bosses Need to Show Their Soft Side." The Telegraph 17 July 2011: n. pag. Print.

Rosenberg, Marshall B. Nonviolent Communication: A Language of Life. Encinitas, CA: PuddleDancer, 2003. Print.

Siegel, Daniel J. The Mindful Brain: Reflection and Attunement in the Cultivation of Well-being. New York: W.W. Norton, 2007. Print.

Weston, Joe. Mastering Respectful Confrontation: A Guide to Personal Freedom and Empowered, Collaborative Engagement. Emeryville, CA: Heartwalker, 2011. Print.

Zehr, Howard. The Little Book of Restorative Justice. Intercourse, PA: Good, 2002. Print.