The Future of IT Security

In the next 2-3 years, I feel that within cybersecurity, a new branch will emerge. This specialist branch will focus on security and AI. 

In plainspeak, this branch will focus on frauds that are executed through AI. Some examples are: 

A. Deepfakes 

B. Hacking enterprise chatbot programs to get the user to share PII 

C. Carhacking (a little more dangerous than carjacking) 

D. Crimes using IoT (as simple as hacking into a home security system, as complex as electrocuting a user) 

E. Mental Health and IoT - where IoT devices are hacked to alter a user's perception of reality and mistakenly have them believe that they need mental health help, or, worse still, are mentally unsound. 

Any other use cases that come to mind? 

 

The Danger of the Single Story for self

When introducing ourselves, we usually go with, "Hi, I am abc's parent." or "Hi, I am abc. I head / work with abc unit at xyz company." 

This is great, because the listener really just needs a short one-item description to slot you in their brains. 

In these situations, limiting oneself to a single story is both appreciated and useful. 

But then, the problem arises. Because the modal value of these single stories becomes our own single story. 

If, 6 times out of 10, we introduce ourselves as designation, organisation, we start to believe that we are that. That description becomes the single story through which we define ourselves. 

That is where self-liming begins. And Sustains. 

But we are not a single story. None of us is. The stay-at-home mom is also a nerd, or a financial whiz, or a dancer, and a teacher. A friend, and a partner. 

The busy CEO is also a poetry lover, a nature enthusiast, a husband, and father. 

We are all so many things. 

I think it says something when we have to read a book to realise that all our dimensions need nurturing. Not just one or two. 

The second self-limiting belief we need to address is that we can only excel at one thing at a time. That is so not true. I think that our offices perpetuate that myth. They tell us that we are only this and nothing more. But we are more. And we owe it ourselves to believe that, and invest in it. 

Swati's book helps us do that. It helps us remove our own self-limiting belief. And it helps us rediscover that more aspect of our personalities. 

https://www.amazon.in/360-DEGREE-Excel-Anything-Everything/dp/9390547156/ref=sr_1_1?crid=XRSV07FL6VPQ&keywords=swati+lodha&qid=1668509514&qu=eyJxc2MiOiIxLjkxIiwicXNhIjoiMS41NiIsInFzcCI6IjAuMDAifQ%3D%3D&sprefix=%2Caps%2C186&sr=8-1

Common Threads in Indian Business practices

Every family is unhappy in its own way, but the ones that are happy have some things in common. 

You might have read this or heard it from your seniors. 

It is true in business too.

Some common threads run through the business communities that I have studied. 

They support each other 

The BIGGEST common factor in successful business communities is that they all support each other, especially the ones who are starting out. 

They provide introductions, orders, opportunities. Even simple logistical support like a place to stay or eat inexpensively. 

It's not done at an individual level. There are community structures in place. For instance, there is a dharamshala in a city. That dharamshala is funded by the commerce association of a community. 

Employment is for families, not individuals 

You get a break if you belong to a certain family. The opposite is also true - if one member of a family commits a fraud, no one from that family then gets a break for a generation or two. This works in two ways - one, it lowers the entry barrier, and two, it raises the punishment for a wrongdoing. 

Therefore, integrity at the workplace is enforced by ensuring that everyone knows everyone's families and the reward (and punishment) of good/bad work extends to the family and the extended family. 

Big on philanthropy, but silent

Every single Indian businessperson I know, every single one, is a philanthropist. Indian religious and cultural belief systems anyway enjoin that a certain amount of one's earnings must go towards charity. But even without that guideline, I have no idea what prompts this level of individual giving. 

My father ran a small store. We did not always have enough. But every Tuesday, my mom would make packets of food that dad distributed for free at his store. 

An industrialist I know shared in a rare moment of candour that he pays for health facilities for underprivileged women, because no one thinks of the women. He never mentions it. 

Yet, if you see the CSR reports of India, they are woefully silent. Why? 

Because the other aspect of this giving is that it must be anonymous. The only way to get some punya (good karma) out of this giving is to not boast about it. So, one gives, but does not talk about it. 

Good in accounts 

Almost all these communities are found to be great at numbers. They have an inherent, innate sense of money, cash flow, and that amazing thing - profitable or not. 

Relationship with money 

Their relationship with money is positive. They do not view money as evil. But they also do not view money as an end in itself. Rarely, if ever, have I found anyone from these communities to think - How do I get more money in? 

They think about - Impact banana hai, bada banna hai. Money is a means to an end - a better life is the end. A better life might mean a more comfortable house, more prestige, better education for kids - anything else that they desire. 

Perhaps this is why they rarely flaunt wealth. The Birlas use their money to buy art, but they are found in cotton clothes. In an interview, a member of the Birla family mentioned this in as many words - "What will we do with money? It only means that we are able to buy a piece of art or do some act of charity without thinking. That is what money means to us." 

Trusted Advisors

Because they help, they have access to almost every kind of trusted expertise. Other communities that experience this also report incredible benefits of this perk. For instance, if you want, lets say, an HR issue resolved, you call up another person who is in the same line of business, and they tell you what they did. You have the template ready. This is also why so few Indian family-owned businesses respect modern management professionals.  They tell the staff what to do because they have either done it themselves, or know someone who has. I have experienced this in our Women from IIM Community, and I cannot explain the competitive advantage that it gives us. Need something in tech? Ask the tech group. Anything in HR? Ask the HR group. Its amazing how much actionable advice is available at the click of a Send button. 

**************

The communities I have studied are: Marwadis, Baniyas, Gujaratis, Punjabi trading communities. 

The communities I want to study - Shroffs, Shettys, Chettiars, and others from the South, Ahmediyas and Bohras, and the North East. 

People don't become rich. Communities do.

People don't become rich. Communities do. 

Some of you might know that I have been trying to understand the business and wealth practices of Indian communities. Then one day, someone forwarded a video where a person speaks about the wealth and business practices of the Jews. 

And that is what got me thinking. In all the Indian business communities, while there is diversity of belief system, one common thread runs - the community works actively to uplift those who are just starting out. This is one of the 2-3 parallel threads that run across all financially aware communities of India. 

The video on Jewish practices said the same thing. 

And that is when I realised - Most rich people stand on the foundation of other people who helped them in early days - a loan, an introduction, an order, even something as simple as a place to stay, which used to be the norm amongst Marwadis traveling for work to other areas.

People rarely become rich. Communities do. That is why, even self-made people immediately seek the friendship of other fabulously rich people. Success is a team sport. We need the network to help us. 

If you are looking to get successful, seek a community that will help you. It could be your family, your college alumni, or even the local networking chapter of some business association that you are a part of. This is why organisations like BNI are successful. 

If you ARE successful, invest time in BEING such a pillar of support to someone who needs it now. 

The sense of community is vital to all aspects of our well-being - spiritual pursuit, though an individual affair, is helped immensely by being a part of a likeminded group. Everything from parenting to professional excellence needs a sense of community. 

The trick, I think, is in finding that sweet spot between community support and its Whack-a-mole impact on innovation. 

More on that later. 

Changing the voice of Performance Management

 In Agile, every morning, in the standup meeting, we answer three simple questions: 

A. What did I do yesterday? 

B. What will I do today? 

C. What support do I need. 

As anyone who has been in an Agile Standup knows, there is no judgement in these meetings. No performance appraisal. It's a team, sharing its work with all its members, and asking for support in an open forum, where anyone can help. 

That's where I got the idea - this is what performance discussions should be like - sharing, not judging, appreciating, not assessing. 

On Britain

It is very easy to make memes. It is very hard to read. 

If Rishi Sunak is today the Prime Minister of Britain, the credit also goes to the average Briton who chose him. As the UK economy struggles (along with many other European economies), we have to understand that this is a country we are talking about. Real people. 

Even understanding this situation will take days of reading - just to answer the question - How did we get here? - will take days. Then, we need to give the leadership our patience. No matter how genius he is, he will not be able to turn the economy around in a few weeks. It is time to stop the sops and take long term policy measures. Those will take a few months to show results, and there are no easy answers. 

Will it work? It has to. Primarily because I trust Britain's ability to come out on top. This is a resilient society. A good leader, with a long term perspective and the ability to execute well, will transform the current challenge into a winning event. 

Moving from ZTA to RTA - The Importance of Right Recruitment

Ignorance is a decision. In this day and age, Ignorance can only be a decision. 

ZTA stands for Zero Trust Architecture. 

Simply put, this means that all employees on all systems will have "need to know" level access only. 

While ZTA is the new favourite flavour of the security fraternity, is it really the silver bullet we've been looking for? 

I believe that ZTA will create a culture of inherent mistrust. While that may stop security incidents in the short term, this mistrust will only lead to greater vulnerability over a longer period. 

I would, instead, like to propose RTA - Reasonable Trust Architecture. 

In this format (which is not very different from what we currently practise at many organisations): 

A. All employees are trusted. 

B. System access follows a simple protocol. Audits are in place and logs are automated and detailed. 

C. Simple checks like maker-checker are in place. 

Now, most readers are, at this point, shaking their heads and thinking, "No, this doesn't work. We tried it." 

It does. If we make ONE change. 

What do you think is the one change that will make the current RTA successful? 

It is Right Recruitment. 

Get the right people in. That's all it takes. Get people who have an unblemished security record. And genuine integrity. 

Remember that systems are hacked by humans. Deliberately. Willfully. or Stupidly. Rarely has a hack been possible without some human action. Whether it is social engineering, spear phishing, or any other format.

The right people will: 

A. Welcome rather than resist security and safety briefings - both physical safety and data security. 

B. Demonstrate a high level of personal and professional integrity. 

C. Actively report both security incidents and process vulnerabilities that they discover 

D. Insist on a culture of fairness and equity - Where everyone is taken at their word and looking over the shoulder or micromanagement is considered a form of professional disrespect. 

E. Believe inherently in the welfare of all or none. So long as one is left behind, we are all left behind - this should be their core ethos, not something they learn at work. 

F. Demonstrate the ability to work in groups and active empathy.  

For our case, let's call these people the Ants. 

What would Right Recruitment look like? 

Right recruitment is top-bottom. If the senior leadership recruits yes-people, they really cannot expect to find the ants further down the hierarchy.  

Right recruitment prioritises personality over experience. "Skills we can teach. Attitude you have to bring." - these golden words that I heard at the SAP interview still ring true. 

Right recruitment has zero tolerance on ethics. There is no "one time". The first ethical lapse is the final one. Would that make the culture toxic? Yes, for those who believe in flexible ethics. But it would make the culture incredibly secure for everyone else, because they would truly be in a place where everyone inherently trusts and is trustworthy. 

Right recruitment is hiring the person, not just hiring for the role. If you deserve to be in here, we will find something for you to do. - Can you imagine a workplace like that? 

Is that hard? Yes and No. 

In the Western management systems, which we currently follow, the individual is an absolute and most white-collar crimes are hushed up under the carpet. The person is asked to leave, and that is that. Whether it is POSH or corporate corruption, these things are just not recorded. 

But in the Indian management practice, a person's reputation precedes them. If they are found in POSH, or party to corporate corruption, they are brought to book and their actions made public. Most Indian business communities are specialised by industry and are close knit. Further, employment is typically a family thing. Like, if the father works at one office, it is assumed that once the child completes their education, they will be viewed favourably by the employer. This means that the price of dishonesty is not individual - it is a shock that reverberates through the entire family. Nor is it purely financial. Your "saakh" or social prestige is also destroyed by an incident like this. 

Even if we don't, or are not ready to adopt this paradigm, a simple case that I saw last night, would definitely argue for a more holistic approach to selection. 

The story is that the conductor of a bus in Indore, Madhya Pradesh, was fired by his employer. This genius changed the display of the bus to show a cuss word, followed by the surname of the employer - also the name of the business. 

Now, one genius data analytics professional tweeted about this and added wink emojis to the post. 

The conductor, one might argue, is technically savvy and acted with mala fide intent. 

Therefore, the act of the data analyst who thinks abuse of privilege is funny, is, to my mind, a huge employment red flag. 

When hiring, I would like to access the public posts of the candidate. Those who think this is 'invasion of privacy' when we access your public posts on a public platform, obviously fall in the category of flexible ethics or multiple personalities.