HG - The Importance of Culture - Mike Murray

is my pleasure for the third year in a row to introduce my friend that I only get to see in Las Vegas we always do this talk at the beginning of the second day because there is a good portion of the community that does not go out and get a little inebriated on Tuesday night there are people who come here really to work on their careers and to really work on networking and they want to hear some of the more advanced not esoteric but sort of the the 30,000 foot view talk about what's going on in the community and really get your thinking as you move on through the rest of the day and maybe

moving on to DEFCON so without further ado let's give a round of applause for my friend Mike Murray and I think my mic is live yes excellent perfect that hand over worked up worked well all right so I'm gonna warn you all upfront this is my favorite talk that I get to do every year and it's also the talk that is the most nerve-wracking because I mean all of us are pretty used to the standard talks around here I would get up and I would show screenshots of I to Pro and talk about how I reverse engineered something or what I broke into that day and this is not going to be about that at all this is going to be a really

different look at I think a thing that impacts all of us in ways that most of us aren't aware and culture has become a huge buzzword if you read any business book in the last 10 years everybody likes to talk about culture but it's usually presented in a pretty esoteric sort of you know philosophical way and my goal today is to break it down in a way that makes you think about the place that you that you work today the place that you'd like to work whether that's the company work at today or not and what you bring to the place that you are integrated in and one of the really hard things about culture is actually

defining it one of the most interesting things you'll find is if you try and get a different of culture the the basic definition seems to be every thought feeling attitude behavior that you have that's relevant to the context in which you're in is part of the culture and if it's not then it's not part of the culture but that's hard to define what those things are and what those things aren't and and so until you start to understand that culture is really all of the things that all of the attitudes and beliefs and behaviors and especially all of the signals that shape your behavior and if you don't understand signals we'll get there and that culture is not one thing

it is not a monolithic thing we talk a lot about company culture but there's no such thing as company culture company culture is actually a set of overlapping circles and by the way this is my both my favorite slide in this show in this presentation and my least favorite because this slide it's actually completely wrong yeah I know I wrote the slides but but I'm stuck with Microsoft SmartArt and this stuff because because nobody wants me designing anything graphically and the the other parts of this is this is only true if things are perfect right culture is the idea that the idea of culture is that we have overlapping cultures in every organization your team has one culture

right the your your small work group the organization that you're in you're an engineering you're in the security team you're in security ops whatever that function is has it has its own culture if you have multiple offices in your environment I just came I was at a company called lookout before up till about last week and at Lookout we had an office in London we had a office in Amsterdam we had an office in Boston one in Toronto and one in San Francisco you think the San Francisco office was different than the Toronto office Yeah right and so each location has a culture each you know sort of meta organization engineering marketing sales they all

have a culture and then the whole company has a culture set for ideally set from the top right and so this picture makes it look like all of those things align I bet every one of you knows that that's BS right every one of you has been on a team where you're like I love the culture of this team but and this company sucks right or the other way around I love this company but man my manager is terrible and I hate working for that person and so I hate coming to work every day even though I love everything about this company and and so what like I said it's important to understand that you have many

different cultures interacting and I you know I have society is sort of the meta piece there which I'm not going to talk about here but it sort of implied in location right if you have you know an office in Canada it's going to be more Canadian than an office in in New York City and so understanding that allows you to ask yourself when culture gets dysfunctional which part right it's not every part of the culture it's not every level on this chart it's it's probably one or the you know one of them but probably not all of them and because of that we have to realize that culture is actually really it pervades everything we do on a daily basis and everybody's

heard the or many people have probably heard the old quote that is attributed to Peter Drucker by the way this is one of those interesting quotes that nobody actually knows the origin of but it definitely wasn't Peter Drucker if you if you sort of search it's really ambiguous where this came from it looks like it was a marketing slogan of some consulting firm in the 90s and then somebody stuck Peter Drucker's name on it just like half the Einstein quotes on the internet but the idea of this is right right you can have the best business strategy in the world and if every one of your employees hates coming to work are you going to execute on it

of course not right and so they and and truly we could get really deep and talk about how culture and strategy must align but that's a whole other that's that's a whole other conversation the the point of talking about today is to talk about how cultures are formed and how you act within them and the most important thing about culture is actually signal theory how many people know what signal theory is couple all right so basically signaling is the idea that and it was developed first in economics is the idea that we pass information to each other in a ton of different ways that don't involve what we say and don't often involve what we do in the original the original

example of this in the in the first economic papers was the value of a university degree value of a diploma and they they started talking about the idea of why does a diploma mean that you get better jobs right and actually we can play the the security version why does a certification matter right every one of us has had a hell I've been I think my first year on this stage I talked about certification not at some conference I've talked about certs and the point starts is that there signal right everybody knows that if you get a cissp that that doesn't actually mean you know anything right but why is the CISSP valuable what does it actually

convey and when you really think about it what a CISSP ultimately conveys is I'm interested enough in security that I read a bunch of books and I went and spent $600 on a test but that tells you a lot right the value of that signal is that I now know that you care and we were just talking and about about how you ended up in insecurity the the signal of all the things you did of coming to DEFCON sorry for anybody who doesn't know you've got to go watch her talk from yesterday Jared yes yes it it'll be cool I promise but but the reason that her story is so interesting is because of what you signaled right by

coming to DEFCON even not knowing anything about security that says I'm interested and all the first-timers here and actually anybody here a first-timer whoa okay all of you have given an incredible signal I care about security enough to get on a plane and come to Vegas when it's 110 degrees in the middle of the summer right and put up with all of the BS that goes along with being here this week right this this week I don't know about all of you but I'm exhausted already and it's Wednesday and I'm here until Sunday and by Sunday I'm not going to want to talk to anybody but that's the point right we all come here to show each other to signal to each

other hey I love this industry I want to be a part of it I want to I want to work here and I want to stick around that is a signal and that's what signal theory is all about it you see signals throughout the world and and humans are signal processing machines and extract every animal is a signal processing machine one of the one of the sort of common trite examples of signal theory is the Peacocks tail everybody knows what a peacocks tail feathers look like why does the peacock do that what is it what is the point of this bird having like all these excess feathers that don't help it anybody know mating but why what what does it say

about mating correct right it the the fact that it can have such an ostentatious display of tail feathers suggests it's healthy right it can provide it can take care of itself and that's a much more honest way of showing that then if it just sort of like hung out a sign that said look at me I'm healthy right and so signaling is about showing what is important to you and showing what matters to you in ways that are honestly able to be communicated now why am I talking about all of this random stuff it's because in a corporation and in an environment signaling is everything and actually the I threw a slide in last night one of my

favorite management philosophers in in in engineering and technical thinking Camille Fournier she's phenomenal if you haven't read her book on management you must it's amazing Camille posted this on Twitter last night and I had to I had to take a screenshot and put it in this presentation because literally what she's talking about it signaling right the idea everybody can see how I'm dressed today right I'm wearing a jacket and I'm wearing a collared shirt I ran into a few of you yesterday yesterday I was wearing jeans and a hoodie right each of those conveys a different signal and I wore this outfit today intentionally because it signals how to to me into Kathleen into the audience

that I'm taking this talk seriously and I'm trying to present in a particular professional way and I'm trying to be seen in a professional way that is a signal right every moment of your life you are signaling something your choice of outfit this morning the way that you approach a meeting what you know whether you talk loudly or quietly all of these things are signals to the people around you and those are just your signals those are the signals of the organization really shaped culture because when you think about culture and how its shaped and that chart that I had earlier of all the different levels at each level different signals matter so if I'm talking about signaling to an

individual and signaling to an individual how they are perceived through me how much I pay them that's a signal that's a signal of value competent by the way one of the biggest signals that companies make is money money is a signal if I give ten million dollars to engineering that is one signal if I give ten dollars to engineering that's a very different one and I'm sure everybody's been in an environment where you got the budget or you didn't or you know back to the individual piece if I'm paying you a particular amount I'm signaling your value to me fundamentally similarly the way I do benefits and everybody has looked at a benefits package and thought wow this

company is cut in the corners and they're intentionally they just don't care about about their employees right benefits are a big signal if I offer specifically extra maternity leave benefits what does that tell the women that way and the family aged people that want to work for me or if I don't do that you know I live in Silicon Valley right now and and if you're in California there's often these conversations about you know if you got a bunch of 25 year old startup founder like people are they going to offer the kind of benefits that a forty-five year old person with a family of three is going to want this is all about signalling who you want right signaling

what is important to you similarly when you get to the team the the most important signal is who you let on the team right and we'll talk much more about that in a little bit but also budgets headcount allocations the events that you do the things you do with the team all speak to how you feel about that team how how you value them and what you think and then at the enterprise level itself things like stock do we offer stock do we not offer stock things like executive transparency everybody's worked with a c-level executive that either told them things or hid things from them right and all of these things ultimately add up to be signals that

drive the culture forward so I promise this wasn't entirely going to be a philosophical talk we're actually going to talk about how to do this well and the nice thing is there's some really good books on this and there's some really good thinkers on this topic Daniel Coyle is one of my favorites he says the build a really really great culture there are three things that you have to do and we're going to talk through those three things the first one is the concept of psychological safety and people if they are not safe in the group that they're in do not engage in it it's it's sort of hardwired into a into us as social creatures the second

is the importance of sharing vulnerability and this one's going to be hard for anybody who is human probably and then the third one is establishing a shared purpose and we'll go through all of them but let's talk about psychological safety for a second how many people have heard that concept before good that's amazing okay five years ago there would have been no hands right this is all relatively new but basically the idea of psychological safety is you will engage in a team as much and and only to the point that you feel safe and truly so Google did a bunch of research about five or six years ago on what made teams effective and they found that everything else does

not matter psychological safety is the number one and probably like only factor if you have psychological safety the team will engage and if you don't forget it there's nothing you can do it doesn't matter how smart the engineers are doesn't matter how how much you push them how much you incent them if they don't feel safe to contribute they can't and if you think about where we came from right if you think about the history of humans this makes perfect sense we are for lack of a better word we are a tribe animals right we we exist in groups you know the if you think about how we got here what was the what was the big punishment for people

you know 2500 years ago how did you punish this as a member of your society the most no not killed them what was that ostracize nation right exile exile is the most is the most powerful punishment to a person isn't it crazy right being alone through what you know you think about what is the was the cruelest thing we do to prisoners solitary confinement right we are wired for connection and so if you don't feel like you can be safe at work if you don't feel like you are able to have that connection you will not engage you just can't and so how do we create that right because it's possible to create psychological safety in an

organization and the interesting things about it is everyone knows what a psychologically safe organization looks like and everybody wants to work in one it's fun right it's it's when everybody's comfortable with each other it's when we are looking at each other and engaging when we're willing to be close with each other we willing to laugh with each other I'm sure most of you have been in a team at some point where nobody ever made a funny joke right where everyone was serious all the time and everyone was tightly compressed and no one spoke at meetings that's the example of a psychologically unsafe team and everyone's probably been in an environment where they were able to be

psychologically safe heck why do we come to DEFCON every year right why do we come here we we all know even as it's gotten to be like 40,000 people that all of you understand me at some level and I understand you at some level and we are able to be safe with each other in a way that we're not out in the normal world and frankly come on most of us are here because we're a little weird right and that weirdness is what allows us to be connected and that's the point right when you're safe and you're able to be connected and that's when you're able to be effective and that what makes the beginnings of a strong

culture now this flies a lot in the face of a lot of the things you hear in the literature right now every but anybody on Twitter get involved in the stupid 10x engineer debates that have been going on for the last five years right 10x engineers are great but I'd rather a team of people who make all the engineers around them great rather than one stupid rock star and we're gonna digress for a second to my actual favorite topic in this space because there's absolutely nothing worse in an organization than the brilliant jerk and I'm not even going to define it because I know every single person here knows one heck there are some walking around

here and yeah sure kissing yo no and that's definitely not just this industry

yes yeah brilliant jerks exist I've met really brilliant jerk accountants right I've met brilliant jerk HR people I've met brilliant jerk ever you know everybody has these right and and so I I am to Kathleen's point and this is an important thing I'm talking about culture for us but these is all this none of this is about us the the books that I'm referencing aren't security books their culture books right and their books about every culture I'm just trying to bring it back to who we are right and because because I think it's important because none of us really spend a lot of time thinking about this I mean a couple of us but we're weird

we're weird even for security people right and it's the brilliant jerks so coming back to the brilliant jerk thing it's the brilliant jerks that I see that destroy teams and the frustrating thing for most of us and especially as you get into senior leadership the hardest thing in the world is to take your most productive engineer who is driving people out of the organization and realize that the best thing you can do for your organization is to fire the smartest person you know it is absolutely it feels counterintuitive it feels hard it especially feels hard when that person is the only person who knows a code base or how a system works or how to solve certain problems but it's the

absolute number one most important thing every single person needs to do and that sounds draconian and extreme but if you think about it in terms of psychological safety if you realize the performance of your entire organization relies on everyone feeling safe when they show up at work that person who walks into the meeting and pounds their fist and yells at people and calls the name or how smart they are they will never be smart enough to overcome the 10 or 12 or 15 people that you lose and that is so hard for all of us to get I by the way I'm saying this from experience and experience is the name we give to all of our own screw-ups

I have I have put up with far too many brilliant jerks in my own organizations over the last 20 years and I have made this mistake and I I'm sure I will make this mistake again at some point I'm sure all of you will make this mistake again at some point which is why I'm hitting this like with out any subtlety and like it's a feel like I got a hammer yeah go for it so the question was have you ever been able to fix a brilliant jerk so I used to think fixing people was possible I really did and and I I think somewhere around the time I turned 40 I started to realize that I'm pretty much the same

kid I was when I was 7 years old I dressed differently and I'm a lot smarter in some ways but you know I think I think most of us are largely who we are now I've been able to constrain the behavior of a brilliant jerk and that is that's the best I could hope for right is can we can we put them in a situation with basically don't talk to anyone and work by themselves that can work if you've got a role where you can isolate and it's not something like that but do you mean man I I'm not a therapist I would I don't want to be a therapist that's a job that's wave

harder than I can ever do and to me it's like the other question is do you want to take the time right if it takes me nine months to fix that person and six people quit in those nine months because they hate working with that person is that worth the trade-off right is that a trade-off I'm willing to make for my organization and I by the way I'm saying these numbers and like I have actual examples of people in my head right like I've seen this I've seen where organizations have tried to rehabilitate the brilliant jerk and sometimes it works a little bit but it generally it's generally just not a fruitful thing it's it's almost more fair to let the person

go and find a culture that they're that they're fit in right like look there are cultures where brilliant jerks actually work you know nobody here's an investment banker so you know sales and I'm being silly right even sales people can't survive for long as brilliant jerks and I've met lots of brilliant jerk salespeople as I'm sure many of you have as well but the point is it's better to move them on if they're not a fit for the thing you're trying to do then two we're not therapists our job is to serve our customers and serve our clients not to not to spend time hoping that our people are going to be different than they are and that sounds

cold and it's not meant to be it's actually I'm trying to actually be caring to everybody other than the brilliant jerk right I'm trying to honor the fact that I've got 50 people on the team that are all impacted by this one person's terrible behavior I'd rather take care of 50 than one in that scenario so I tend not to I tend to with it but it's hard man firing people is literally the worst thing that any of us ever have to do it sucks nobody likes it and I think if you do see the slide on brilliant jerks but but yeah sometimes you have to alright so the second thing that you that make that makes the

hallmark of a great culture is it builds on the first right the second thing is vulnerability right and Trust and vulnerability go hand-in-hand and for anybody who wants to know about vulnerability the absolute best that I actually thought about like I'm just gonna play brunet Brown's TED talk for 18 minutes in the middle of my presentation but I felt like that was a cop-out and so if you haven't seen Bernie Brown's TED talk on vulnerability it's the best 18 minutes you'll spend this week or next week or on the plane on the way home I don't care like it is really great but you have to realize you can't be vulnerable if you don't feel safe the point of

vulnerability is I connect with you because I'm vulnerable right we connect as humans mostly and and this goes through the work of Robert CLD neon influence and and all kinds of other folks have seen this same pattern we connect with each other and we are able to perform as a team when we are vulnerable to each other and when we help each other humans are ultimately built on help the absolute best way to become friends with someone is to say hey can you help me with this and I so as I don't know how many of you saw I'm actually walking around here with a sling on because I broke my shoulder a few weeks ago and I've had some of the

most interesting experiences when I when I was doing this and this is a conversation about vulnerability when I was when I broke my shoulder I was away on a trip with with a bunch of really impressive people people who I thought were just really cool and obviously I came home with a broken shoulder and they had to put me on a plane the next day but what was really interesting is I couldn't tie my own shoes you ever asked somebody who is a luminary in the industry if they can tie your shoes for you you want to you want to experience vulnerability they try that see see how it feels to literally have to ask

someone who you're like that person knows who I am like to tie your shoes that's vulnerability and I am now friends with those people in a way that I wouldn't have been otherwise right that is the way that is how vulnerability creates connection and if you read the literature on culture they actually talk about what creates connection is vulnerability loops so I had to have a hamster wheel slide in here somewhere it wouldn't be a black hat DEFCON presentation without it so a vulnerability loop is basically just we're vulnerable to each other and we notice I express my vulnerability to someone they notice that I did so they reciprocate and expressed vulnerability to me and friendships deepen that way

that is how we become friends it is also how we become a powerful team and it goes against everything that I'm looking at the ages in the audience because against absolutely everything we were trained as kids right and especially I don't know about all of you but I can speak to myself I was I was raised to you know not cry not show emotion not share my feelings you know all of these things and they run completely counter to how to make great teams and so I made a quick little cheat sheet for leaders around how to be vulnerable and the very first thing spot spotlight your own phal ability right and this is where I say it

runs against every training right we were brought up that leaders are strong and militaristic and you know they always know the answers guess what I'm not that smart I don't always know the answers and fact any of you who worked with me which is a few of you know that I don't know that many answers right and that's the point the other the next thing is really great leaders in in expressing vulnerability show gratitude saying thank you is a statement of vulnerability in a lot of ways right it says I needed something from you and you provided it it says I needed something right that is an incredibly powerful statement and in vulnerable cultures you will hear the

word thank you and and it's like slaps on the back and praise for what other people do for you more than you will ever hear how well one person did how many you guys have ever been in that culture though literally like two hands in the room right we don't do this well enough I've I've worked with with c-level executives who literally would call you and ask a question and you know I'd be on the phone like okay you know give the person the answer and they would hang up without saying anything like the the cultures that we've created and most of our organizations are not ones where we say thank you a lot they're not ones where we show our fell

ability and there's certainly not ones where we're good at asking for help right think about the number of times that a peer or a co-worker actually is willing to say can you help me with this not will you do this for me that's different right can you help me with this is one of the most powerful statements that you can make to express your vulnerability to others and to signal that you are vulnerable to them and that they should be vulnerable to you so all right that's vulnerability the last one is shared purpose and I'm doing my best to leave lots of time for questions by the way so I know I'm running through this really fast this is

like seven books of work I urge you to read coil's book it's brilliant and anything by burn a brown but but the last piece is shared purpose because when you have when you have trust when you have safety when you have vulnerability the next thing is to say we're all in this together and we're going in a particular way and organ is Asians that have shared purpose are really interesting and if you start to study what an organist Riven organization is they start to exhibit some really weird characteristics and the main characteristic that you see in a really good Purpose Driven organization is they have their own weird language and it if you understand this managers in that kind of

environment realize that their job is really simple III already know like as a as a leader I know I have a very simple job set priorities right and very explicitly setting priorities doesn't mean I'm gonna give you a list of six thousands and call that a priority you know it if the lists longer than three you didn't prioritize write prioritization means there's lots of stuff we're not doing these are the few things that we are doing the second one is figure out what the behaviors I want to see out of my organization are that align to that priority if I say treat customers first and then I see all my people never talking to a customer well I'm pretty

sure that I'm not accomplishing my priority with our behaviors and then the third piece and this is where the language thing comes in and this is the really interesting part these really great organizations you will find have their own language that align their behaviors with their priorities and and we know the famous ones right move fast and break things it's kind of like the most famous Facebook one but there's others right I'm not at Facebook so I don't know what they are but I know from my Facebook friends that they act differently than everybody else I know and you will see that that people in these purpose-driven organizations start to evolve a vocabulary that that aligns

to that business in that culture and so as a leader your job is that and fundamentally you can start it with your own team even if you're not like a manager on a team even if you're just wanting to be seen as somebody who leads and I talked I think last year all about the difference between management and leadership because they're different things you can be you can never have a direct report and be be the best leader in the organization and you can have thousands of direct reports and be a terrible right if you want to be a leader your job is what I said earlier figure out what the priorities are figure out the

behaviors and then start saying things and ideally they're pithy you know like like the ones that they've got famous because they're easy to remember but start saying things repeatedly that align those behaviors in your organization to the people to the priorities that you have and realize you can't do any of that until you've got the first two and this is this is why this is a three-part thing is because everyone's been in an organization that's tried to have slogans where you didn't have psychological safety and you didn't have vulnerability and that's why we have all those stupid posters on the wall right and everybody you know they there's what what is the there's the website that has the the like bad

versions of those stupid posters I what is it despair calm I knew somebody in the room would have that reference not surprised that it's one of the people in like recruiting at the back of the room you get the idea right if you if you if you have slogans without psychological safety and vulnerability you don't have a good culture you just have that annoying BS that we all hate and so you really do have to have all three and if you have like the most psychologically safe group in the whole world and you don't have an alignment to purpose you've got a book club right you don't have a team that's going somewhere you just have a bunch of people who really

like each other which I love I have lots of people that I really like but that's not the same as a high-performing organization so like I said I left a lot of time for questions that was intentional one thing I'll actually want to just kind of pitch because we're in higher ground so I actually left the corporate world a couple of weeks ago I am starting a new security company focused on health care and and solving healthcare security issues thank you if you want to so this is this is my my statement of alignment to purpose I want to go solve health care security problems anybody who wants to do that with me is on my team so come find me

like do more of that anybody who thinks that's cool let's let's do this together so all of you come find me at some point and that especially applies to people on the internet and the live stream etc etc alright question time and he's got the mic so I'll let you pick who's who's talking hi I'm the previous slide that third point create heuristics I'm not super clear on what that is can you give me some plugins so heuristics being like so I actually I like the move fast and break things one it's actually a really good heuristic so it's so he heuristic there meaning a small rule that allows me to decide how to behave right so if

I'm making it you know in the early days of Facebook if I'm making a decision about how to do something move fast and break things tells me a lot about what I should do right and and like the Jack Welsh ones control your destiny or someone else will that's a very 1980 CEO heuristic but it told GE how to act right and everybody who knew that that was the rule knew what they better be doing right and it's literally one sentence but it tells you so much about how to act in that culture does that make sense all right other question by the way you don't have to limit the questions to this we've last year we

talked about it pretty much everything so happy to talk about actually anything yeah just following up on that it sounds like if you have a slogan that is not part of your priorities but you asked your team to do other things you actually have a broken link you bet you're actually broken link was a good it was a really good way to say that that's that's right yeah you you basically have a dangling reference to something that doesn't matter and that's what you see actually we have second that's what you see especially in companies that had a mission statement 15 years ago when they first started and and they're not doing anything like that anymore and you're

like we have these values things that don't align to anything we actually do so it's interesting on the mission statement I spent 20 years in the nonprofit community and what's interesting is a lot of people would go into the nonprofit community because they believed in the mission but the mission had been around for 50 years and they built this machine that did not fulfill the mission one of the group's I worked with was saving life on Earth okay that's a little bit too high of a mission so I think so I think when we're talking about missions and when we're looking at career development may be looking at missions that actually can be done ya know and I think the other

piece of that is is does them so this mission and mission is strategy often aligned right and the whole like culture eats strategy for breakfast if you don't build a culture to accomplish the mission you're not going to ever do it go for it yeah just a small comment so I think the other side of the spectrum for the brilliant jerk is the emotional wreck we need to get to those two because they can be also very toxic to absolute teams you really try to help them but at some point you can't you realize you can't yeah same thing I said about the brilliant jerk right like that person should probably go find a different organization you know if

you're if that level of emotion is not aligned with the kind of that with the kind of safety that your team needs get them out of there and in part of it is especially in our profession in the high stress situations that we are in and with burnout creeping it convenient I mean over time you have to be very aware to that and sometimes the best thing you could do for somebody is not to fire them but find them something else to do and even if they don't know about it that you actually is for them but the actual thank you later but you kind of have to save them yes exactly exactly by the way that goes to with a question

that you asked earlier right okay I had a lovely situation where I had a brilliant jerk and an emotional wreck who were on the same team and had to collaborate and that has been literally the last year of my life to break that apart and and get that into a healthy situation which I feel like I'm on the track of having done I am not advocating for brilliant jerks absolutely toxic agree with everything that you said up there but I'm also I'm a strongly empathetic person and it's very easy to see how people are broken and to want to and to want to fix that you can't fix that don't ever try to fix someone who's broken they always

have to fix themselves right and so if you're ever in this situation I have some recommendations for you either scenario the brilliant jerk or the emotional wreck they both have to get into therapy that is something they have to do for themselves by the way can I just echo that point that is my advice to everyone whoever manages anyone the absolute most important thing for you to deal with is your own stuff and find a damn good therapist it's it is the best management it's actually the first thing I tell anyone who says I want to manage I tell them to go get a therapist I'm just echoing your larkin sorry No No thank you that's that's great because

that was my next point which is if you are going to try to engage with with either of these two particular types of employees you need to make sure you have the emotional space and bandwidth it you mentioned time but it's also very very hard on you personally and emotionally because you have to be there constantly like taking the vitriol or whatever it is from these people or the sadness like and and helping them process it and so you're processing it too with them and that is extremely emotionally draining an additional in addition to taking an inordinate amount of time and then the whole orc everyone who you're working with they also have to want to save

these people they also want to have to go on this journey with them to get them from where they are to where they need to be and you need to test that with people in an organization that supports like psychological safety so people can say no I can't do this this this isn't gonna work before before you start down that path just my my experience by the way so obviously I know Larkin a little bit and there are not many people who can embark on the journey that you're talking about it's why I'm sort of it you know you know me a little bit off off this stage I'm a little more vehement about we

should let those people go than I ever am in real life because I think you and I are similar in the way that we emot-- to the people around us but you know that's a that's a tough move that's a really tough move for almost every manager and it's it you got to have a lot of comfort with yourself and a lot of emotional intelligence and yourself before you can take that stuff on so do not take on what we're talking about lightly it is it will wear you out and even even if you've done 20 years of therapy like I have it will exhaust you and it will it will beat you up so so

make sure it's worth it but but yeah realize hey and if you ever decide to take that on feel free to call me I will happily give you thoughts and advice and probably try to talk you out of it so that kind of ties into some thoughts I've been having specifically I know you said you didn't really like the the circular like core of the earth type slide that you had were your team and the organization and the everything else well I just don't think it aligns in a vertical like that in real life it's just it's a much Messier but I tried to represent the messiness of it on a slide and it just looked like a Jackson

Pollock but but I think it really highlights something that's important that you really are focusing on say your team or the smaller organizational unit that you have control over and you can normalize that behavior and that culture within your team but you're really crushed under the weight of the rest of the organization's culture and it's really hard to fight against that so you can you can do awesome things with your team and your culture and try to normalize that behavior and those heuristics heuristics but trying to push against the rest of the organization if none of them have that safety or none of them want to move in that direction it's really difficult so so how do you how do

you help spread your your goodwill and your circle of safety further outward to the rest of the organization you you do you in some ways you do and in some ways you don't in some ways you have to be a missionary almost right and an ambassador but but so I two parts to what you're saying and this is where it gets really complicated there's the old trite saying people don't leave companies people leave managers and that's really a statement of people leave their local culture before they're crushed by the bigger cultures I don't believe that that statement is always true right I've I've seen great managers who had great local cultures who lost all their people because of what you're

talking about and we we underrepresented partially because it's very little we can do about it right if I manage a team and they all bail because they're like the CEOs a like there's not much I can do to stop that and I'm probably going with them right I'm probably it might even be the first one out the door to take the team to a new place where there's a better culture and so it's it's tough but but like you know to Larkin's point about fixing people fixing people is one thing fixing whole other peer organizations man i met many people who pulled it off you know there's there's some amount of things that are just too

much work for any human Josh so building upon that let's go even bigger so some people here psychological safety and think it's this touchy-feely thing about how you feel at work but they studied Google site reliability engineers for why they were just breathtakingly better than everybody else at large-scale infrastructure after years of study the two-word report with psychological safety so it's not about how you feel touchy-feely and hugs and fist bumps it's if you really want to do breathtaking results that set you apart from everybody else and have high impact and high efficacy it's about that so here's the bigger question outside of an employment relationship or a team relationship the hacker culture has brilliant jerks has toxic culture yeah

are we trending towards psychological safety where we're all gonna be our best and have the highest impact or are we turning towards polarization and diminishing people so how do you change the hacker culture which is a tribe of tribes do you I've been around long enough that I think we've seen it right and and I you know I'll say it this way I think there are a lot more brilliant jerks twenty years ago when my when I came here the first time then there are today and I think I think you see a movement towards things like sort psychological safety even in these environments you see codes of conduct you see people holding people accountable for bad behavior in ways we

didn't look I'm not saying we've solved it I not even close and there's more brilliant jerks around here than I ever want to be around but the the thing is I think we are getting better and I think honestly I'm up here talking about this because I hope I hope everyone goes out and thinks about how do I make a safe environment for all of these people right it's not just performance as a team at work like Google site where engineers or my team it's us as a whole industry how do we make it safe so so I don't know if you you had walked in yet because I know you guys came in a few minutes late I asked

how many first time attendees were in the room did you see that do it again how many first-timers in the room right all of these all of you I hope go out and are thinking about like how do we make it safe and if you see somebody being a jerk to somebody else call them on it like let's let's drive this out of this community because frankly I will say the thing I love about security and the thing I've always loved about security is it's such a big topic that no one can know enough to be good at everything and frankly no one can know enough to be good at anything really you know like I

was a pretty decent exploit writer in 2005 I don't know a damn thing about exploitation anymore and and this industry changes so fast and involves so fast we rely on each other and there are a few people in this room who I pick up the phone or I send a text message whenever I'm stupid about something and they answer questions and I answer theirs right and I've offered it multiple times up here already call me if you've got some of these problems I mean that and I am willing to be there for all of you and I'm willing to be vulnerable to all of you I hope that you all do the same for me and I hope you

all do the same for Josh and for Audie and for for Larkin and all of these people and I hope we can create a community where we all get better right and so Josh this point it's not just about at work it's about this environment too and hopefully we create that yeah Larkin hold on near mic

so it's really hard to work on that in your work and it's also probably really hard to work on that in the larger scale this is where I'm going to put the pitch of consider volunteering in the community like at a besides your local bee sizer here because you already know that you're going to be part of a tribe that is part of the mission supporting passion but it's going to give you another opportunity to work on those relationships because that is the problem where do we work on relationships in a safe environment and I'm not techy I'm a newbie but I've been part of this community for eight years and the reason why I've been able to

work on some of the harder relationship leadership and management issues is because of volunteering um I I work at slack for those of you who don't know me and one of the things that I love about slack is what an exceptional job the culture does there at building psychological safety we we actually have a culture definition that we absconded with it slack it is that um culture is the worst behavior that a leader will tolerate in an organization by the way so we talked about heuristics and slogans and things like that that right there that tells you so much about their culture and so much about how every leader is supposed to act within it

that's what we were talking about sorry no no thank you thank you for demonstrating the behavior that's so cool yeah and and I want to share my favorite interview question because this is the interview question I use to test if people are going to fit well into that culture and it's one of the last it's the last question I ask and everyone tells me it's the hardest question that I ask in my interviews and I'm only telling you because this is so much more important than me getting a good signal from interviews it's more important that we're all helping to build this culture and I figure you're here because you care about that too so the cult that the question I ask is

how do you support diversity and people will ask me what I mean by that and I'll what do you think I mean like that like I want to hear a thoughtful answer my least favorite answer is I don't see color like okay you're just not admitting that there's a problem here you're not even trying to engage in the questions like people who have like yeah I've really thought about that and I've worked with my hiring team and you know this is what diversity looks like in my organization like those are the people that I want to work with those are the people who really thought about the problem you can use my question you can come up with your own but but please

have a way that you are helping support however indirectly the idea of building a team that is going to take that psychological safety into account I mean what you were saying about like you know that team they laugh together they're comfortable together like yes that for everyone who can contribute is what we wanted our company yeah there's no such thing as psychological safety if someone feels excluded period full stop right if you feel excluded you do not feel safe those are opposite definitions and so if you make someone feel excluded you have immediately dear Oded the psychological safety on your team that's I'm stealing your question yeah so sort of building on what I was asking before

what I was trying to get out was coach ability I guess right I guess your definition of a brilliant jerk includes not being coachable right often off Manny if though the examples I had in my head not so much right and you know I'm you know you and I are about the same age I'm guessing so I mean I sort of got that same thing around 40 where I just but I I feel like I owe it to the people that work for me not to give up on them so they tell me how I can coach them to fix this yes the hardest thing is if you if you care about people and if you if

people matter to you a lot that we all end up there right and and that's why I kind of put the balance on the scale of is the one person impacting the fifty people so much worse like you know we're all if you're obviously a very caring guy and I know this feeling and I do this myself and I'm like if only I can do this one thing they'll be better and then everything will be better right and and far too often I have impacted the majority by keeping that person too long in that spot when they're not coachable now if they're coachable that's a different commerce and they're probably not impacting everybody else that badly if they're

tape if it's just something like hey man stop yelling at people in the middle of a meeting okay well that's probably one thing but the the real brilliant jerks I've worked with it's it's a set of behaviors it's usually a lot of insecurity it comes from deep you know Larkin was talking about therapy it comes from deep-seated childhood stuff and the moment you're like I'm gonna wait I'm gonna wait into this person's childhood issues because I think I know how to fix her face it's just by the way I've done that it doesn't end well it just doesn't but but I'm the same way I really want it to be better I like the person and I see their

potential in their ability I'm like I can do it guess what I can't do it just like trying to casually let the speaker know that he's at the end of it yes so come find me I'll be the guy with the sling on so I'm easy to find you know with that fashion accessory but yeah come find me I love talking about this stuff but thank you guys for having me Thank You Kathleen always an honor to be here and to do this thank you so much let's thank my first time [Applause]