Darn It, Did You Really Miss The Gorilla?

The Importance Of Having Diverse And Creative Thinkers On Your Cybersecurity Team

Darn It, Did You Really Miss The Gorilla.jpg

By Rachel Phillips

Hiring Your Next Security “Genius”

You may have found that diversity can enhance creativity, or heard that leveraging methods from unrelated fields produces breakthroughs. Teresa Amabile and Mukti Khaire certainly have, according to their 2008 Harvard Business Review article ‘Creativity and the Role of the Leader,’ which states that creativity is essential and “sustains the best companies.”

“By definition the ability to create something novel and appropriate, creativity is essential.”

If today’s job market demands creative thinkers, the field of cybersecurity should be no different. But when I say “analyst,” what type of person comes to mind for you? Is he or she a logical, linear thinker who can write Python scripts in their sleep? Would it surprise you that someone with a background in creative web design would surpass a former systems administrator in identifying actionable security events?

Do not get me wrong, it is still important to utilize logic. A security professional should understand, for example, the impact to keyspace that a password policy with complexity requirements would have, and not make it easier for attackers by enabling it.

Employers would be wise, however, to consider the value of non-traditional skill sets when looking for their next security “genius.”

The Men Who Stare at Goats

Speaking of non-traditional skill sets… In response to hearing that Russians had been using psychic spying techniques, the United States started its own top secret project in the 1970s, code-named Stargate, which exploited psychic phenomena to aid in gathering domestic and military intelligence.

A document from the Stargate collection (found in the CIA library) entitled ‘Magician Walks Into the Laboratory’ describes Dr. Kirlian’s electromagnetic medical diagnosis techniques, photographing holiness, and bodies emanating an “understandable force” that can be used in the laying on of hands to heal.

This bizarre, albeit factual, history is described by Jon Ronson in his book The Men Who Stare at Goats which recounts attempts to kill goats simply by staring at them. According to Nikolai Khokhlov, a KGB captain who defected to the U.S. in 1954, the Russian government studied ESP from as far back as the 1800s.

Keep Your Eye OFF the Ball or You’ll Miss It

ESP is just one of many mysteries of the mind. The title of this article is not a mixed metaphor but rather turns the popular idiom about focusing on just one thing upside down. If you take your eye OFF the ball, you just might see the gorilla. Let me explain.

I heard about these government ESP experiments while reading a fascinating book called Sleights of Mind that deconstructs the techniques that magicians use and the cognitive science behind them. Authors Macknik and Martinez-Conde describe one such trick our minds play on us in the “gorilla experiment.” Researchers asked participants to count the number of ball passes between two groups, one wearing white and the other black. In the middle of the video, someone in a gorilla suit walks out, turns and waves, and casually walks off. After watching the video, researchers asked participants if they saw the gorilla. The majority did not.

The brain is so focused on the ball, it completely misses the anomaly right before its eyes! This phenomenon is called inattentional blindness (aka change blindness) and occurs when the brain is overly focused on something so that it misses a very obvious thing. Magicians use it for many of their effects.

This is similar to what happens when someone works in technology and has such a strong point of view on what is worth paying attention to that he or she can miss an obvious sign of a compromised network. By itself, an event may not be worth the alert, but viewing an event through a different lens or in conjunction with other events allows another story to emerge.

Defining an anomaly as malicious user behavior is often contextual. This is why user behavior analytics (UBA) products are in every good security analyst’s toolbox.

Being able to think outside the box allows for innovation and early detection, which can at times have a profound impact.

The Mind Is Full of Mystery but Who You Hire Shouldn’t Be

Techniques found in magic and psychic phenomenon may simply be science we do not yet understand. Although those unconventional creative thinkers may seem scattered, they might actually be on to something.

Whereas information technology and security as an industry are thought to be dominated by auditory-sequential thinkers (aka left-brained), many of the world’s greatest geniuses, in fact, are described as visual-spatial thinkers (aka right-brained).

I am not saying that you should employ psychics or magicians, though it probably wouldn’t hurt; what I am saying is that it’s important to have diverse and creative thinkers on your team. The analyst role may have the connotation of being better performed by a left-brain dominant person, often a quality attributed to men, but it’s critical to stay open-minded when considering the best candidate.  

Take it from these masters of neuroscience: the mind is full of mystery, but even that can be hacked.

About Rachel Phillips

Rachel Phillips is an influencer and sought-after contributor for her views and leadership in technology and security. She holds a Master’s in IT with emphasis in Information Security and Assurance, and a Bachelor’s in Business Administration from Kaplan University. As a cybersecurity consultant for PwC, she provides oversight and assurance of meeting industry standards and best practices to secure the IT environment for its clients.

More About Rachel