Switched On: Behavioral Science, Hyper-vigilance, and the Human Impact of Cyber Defense and Crisis Management

[Music] hey welcome everyone our inaugural b-sides sf human behavior panel switched on behavioral science hyper vigilance and the human impact of cyber defense and crisis management in the age of coded the impacts prolonged stress information overload and the perception of increased consequences to life have exploded into public consciousness in the form of brain fog endemic fatigue sleep deprivation and a laundry list of other physical mental symptoms none of these effects are new to first responders security and medical personnel whose daily lives are focused on identifying protecting from and responding to the threats we pride ourselves as a matter of fact on being switched on ever vigilant and ready for the next attack this hyper vigilance

is unsustainable however and in reality counterproductive today's panel is going to approach this as a human performance problem viewed through three different and interdependent lenses individual the team and the leader we hope to introduce some concepts to you to help optimize your individual team and functional outcomes now i'd like to introduce our panel we're going to start with janine stewart janine is a neuroscientist and former 10-year professor who has spent her career helping military teams brain surgeons rocket scientists and mere mortals to be better more inclusive leaders she is currently a leadership and culture strategist at the neuro leadership institute next is bob lord bob is a battle tested cyber security leader he has practiced his art at some of the

biggest technology companies in the world including netscape aol time warner twitter and yahoo he is currently the chief security officer of the democratic national committee and last but certainly certainly not least susan owen langley susan is a licensed clinical social worker who has spent her career helping individuals leaders and fortune 500 companies develop strategies to strengthen emotional well-being improve productivity and successfully manage critical incidents she's the founder of comprehensive employee services which is a crisis management and eat consultancy please welcome everyone on the panel very much looking forward to our conversation now bob i want to turn to you and ask you to set the stage by describing a personal story of a cyber cyber security incident can you describe

the scene yeah so let me let me give susan and janine a little bit of of background to kind of set the stage so you know as a security leader my life is very busy uh it is really busy um and so my days often begin very early sometimes uh between 4 30 and 5 a.m and sometimes you know if it's a good day i can sleep in until 5 a.m so that's not a lot of sleep but the job's super interesting and i learned a lot from the team so that's great i usually have meetings that can go until 5 or 6 p.m and then i can really start my actual work day and so there's a lot of context

switching and there's not a lot of time for for deep work um and i think it's a pretty common experience that there's a lot of ongoing stress as we're trying to get initiatives put through uh and they often receive a fair amount of resistance and so you know what i what i tell people is that we're in this we in the security profession we're in this really awkward position of having to care more about the data that we're trying to protect than the data owners and so you know we spend often enough a lot of time fighting internal processes or teams and tech debt to try to prevent an incident and you know we're often short of budget

or security talent we can't cross-train enough we often find that we can't take a real vacation and that we cheat on vacations and try to do a little work and what we don't cheat we're trying to be good that somebody inevitably calls so it's it's a hell of a career choice uh if you think about it and so you know talking about a scenario there's a pretty common scenario that that comes up where let's say that a reporter gives me a call and she claims to have some data that some hacker found on the dark web or something like that and so you know that might be true but it's more likely that the data has been

circulating for you know years and that's one of these these data dumps that we've seen from time to time and so best case is i have to spend time convincing the reporter that what she's found is not actually interesting um and and then i can get back to business but in this case let's say that there's something about the snippet of data that she's provided and it doesn't really match any of the previous um false alarms that we've run into on a regular basis and it's increasingly looking like the system our systems may have been penetrated at some point so at this point you know things kind of get real um real interesting and you know if

something like that were to happen we'd have to activate the incident response plan we'd have to start calling executives the general counsel maybe the communications teams maybe maybe outside counsel we've got to figure out how to pull people in from the security teams but also other teams to take a look at the data they have to create war rooms and you know we may have to decide do we call the fbi who calls the fbi um and do we call now or do we call when we have more data and who owns that relationship spoiler alert everybody it's going to be the lawyers who are probably going to own the conversation with the fbi and that

will add its own set of stress so you know uh and during these times i'll just i'll just share that on one hand where the people who want to run towards the flames and this is why we're here and uh on the other hand it is slow and it is messy time dilation is real you lose track of time very very quickly um and we're constantly wondering if we've got the the right team on the right side of problems and the fog of war is is is really real um executives are asking for hourly updates when we know it may take many hours or maybe days to get the kind of information that they're looking for

so you know let me just kind of pause there because this is sort of the way many of these events unfold they kind of ramp up and from that point on um you know you're in full incident response mode and uh the thing that went from uh the thing is that we've gone from a world where we have this low-grade constant stress to now full-on full-on war so to speak so let me just kind of pause there and and see where people want to take this well i'll jump in go ahead no sorry yeah i'll jump right in the the what's coming to mind immediately from a neuroscience perspective is our brains are not wired to do anything you've described

and of course we know that that's why we're here what the way our brains are wired in terms of taking in information and assessing how uh how stressful or how stressed out we ought to be really really boils down to our our system our neural system being fine-tuned to take in information from a variety of sources um in the in the neural sense that would mean some sensory input some cognitive input some social input from our interactions with other human beings like the reporters call and we we sort all of that each bit of input each bit of information at a neural level moves us in one of two directions and and what we're monitoring and and

netting out at every given moment is am i moving toward a place of higher threat or risk i.e am i at risk of ceasing to exist as a as a human being so our brains are really fine-tuned to say am i safe enough to keep living or do i need to intervene in some way in order to maximize the other side of the equation which i'll call the reward side so we kind of have a spectrum that we're tracking neurally below the level of consciousness by the way and it at one end is maximum threat uh risk maybe death at the other end is maximum reward i think of that as blissed out on the beach with a mai tai

so so our brain is constantly saying where am i and what we're going for ideally is an adaptive middle zone and in fact in fact what our brains want to do is to be able to flex a bit in that middle zone to be able to say all right something threatening's happening it's okay it's okay because i'm going to bring myself back to that rewards side of the equation not too far though i want to stay engaged in the work and a couple of things you mentioned bob come to mind in terms of that that adaptive engagement and that flow between threat and reward you mentioned that the work is really interesting and it's kind of exciting

and the the challenges seem to engage you so that's all signs of the adaptive zone however when you extend uh too far toward the threat side of the equation that's where our bodies can start to say uh-oh i'm not going to be able to come back and the net result of that over time can be significant unrelenting stress and stress-related illness and so there's a cost to that hyper-vigilance that hovering at the threat end of the spectrum too much or too long thank you thank you you know that balance that you're talking in terms of stress not all stress is bad i call it the i call it the zone of best performance that zone where you're energized you're

motivated you're meeting demands and as bob said you know i really like this book and so the level zone of best performance for many in cyber security is probably more than maybe the average person not in cyber security but i think that's what you're talking about figure out what you're saying when you're when it starts tipping and yes the the strength and the stress is happening the threat is creating more and more stress you're going to get signs you're on overload and that's some of what i'll talk about but i like to call it the zona best performance that level of stress that really works helps us work well in all parts of our life does that make sense

yes because the media tends to say all stress is bad and it's really not true it's our brain trying to figure out what's the best zone that i want to try and stay in and try and figure out how to do that susan how can you give some examples of how you how you can optimize what some tools are that you can try to stay in that zone while not burning out well do you want me to go through all my life stresses you know what janine's saying is it's a it's a it's is our body's response to a demand that we're not sure we don't know we have if we have the ability to meet it or not so it sets off

that alarm if we meet it the alarm goes off if we don't and there's just bob's point if you have constant demands where i have no time to just take a take a step back that alarm is on non-stop to your point and your brain is hyper activated to oh my god worst case scenario worst case scenario um so the to notice the signs if that's your question your point is exhaustion sleep disability you know deprivation irritability you know it's going to impact your performance losing focus so what people can do i mean i got a list of things that are that we can go into in details i had because you're wanting to know how do

you counteract that when you notice it is that what you're asking well yeah i think so before we before we go down that road i think something you said there was really interesting and i bring it back to bob for a second you know she she kind of talked about indicators and warnings which is something that we look at functionally in our jobs but we don't necessarily as individuals can you can you talk about some examples of your that um in the scenario you gave of where you've seen signs in yourself or in others of that stress starting to set in yeah and and i i sort of uh i really appreciate the this part of the conversation

because as you were talking about these different modes i recall that somebody once said to me uh during an incident somebody whispered to me you secretly love this don't you and i said no i don't i do not love being in this situation but this is what we've been trained we're trained for this is what we're what we've been trying to prevent but now that we're here we we have a game plan and we're gonna do our best so um there's that part of it but then other times when that sort of stress lasts for an extended period of time for days weeks months it's you know you can't be in that hyper vigilance state the entire

time and yet we sort of have to and so i sort of appreciate that that part of the dialogue for me personally you know i can notice when we're going from the excitement of the chase to the uh to feeling like we have so much that we have to accomplish in a short amount of time and there are so many different expectations and that lasts for an extended period of time like i can feel that in my my in my body i can feel that in different parts of my body my shoulders or my back and i can i can physically feel that it's almost like there's a weight that that is on me and so you know

personally i've tried to find ways to notice those kinds of signals um as early as i can and then to try to do something about it whether it's take walks or exercise more or something like that but but yeah i'd love to hear more about you know once once i notice those triggers what is it that i should be doing to to respond to those well i'll tell you one thing that that i recommend and it's and it was in an article i read from the harvard business review manage your time out your energy is just take note and take a break literally and it can be in you know 5 10 15 minutes where you just on disengage from work

and do something that has nothing to do with work for 5 10 15 minutes that can mean take a walk take a walk it can mean listen to music it can mean you know eat as healthy snack because lots of times when we're immersed in this we're not we're not eating we're over stressed so that's you know you take take regular breaks throughout the day and janine probably can confirm that basically about anywhere from 90 to 120 minutes our body's going to tell us it's time to take a break you're feeling it in your body some people are going to feel it there they start yawning they're hungry they're restless and all of a sudden

they're it's called presenteeism they're there looking at the computer but nothing's going in so when you notice that you know after a couple of hours just five ten minutes just walk away and you will find it's a little bit of a reboot to go back and be focused does that make sense that's yeah so so okay so the the thing that i should be noticing is is when either myself or other members of the team and this will be harder to do in a socially distant covid world but i guess you know from wolves notice and i really like that trigger which is um i'm staring at the same screen and i'm not doing anything

spell check always tells me i'm wrong but i know i'm not so yeah i guess i guess i can notice that myself and if we were in the physical offices i could notice that in other people to some degree but uh but we're not with other people right now how do we deal with that people what you might notice as a leader for example is somebody is you've scheduled a meeting and they're either they're not showing up at the meeting at all or again they're there but they're not there in other words they're not interacting they're not engaging in any way usually if you have a meeting everybody has an opportunity to say something to engage

so you that would be one way to notice doing it virtually or somebody event you know missing a deadline that that's pretty big but that and virtually you're going to know that if they miss a deadline that's bigger but not showing up or if they're at a meeting not engaging that would be a beginning sign no since everything's virtual mostly everything is gene we also yeah proactively can you talk about from a leadership perspective proactively how can we kind of prepare for these kind of things ahead of time as opposed to you know when we're seeing these signs in our teams one of the things that's coming to mind just based on what susan is sharing

is that proactively leaders and teams can develop a shared language for checking in and evaluating where we are on the threat spectrum we can note we can keep it simple and in fact we often my colleagues and i at the neural leadership institute we often refer to this in terms of a three level system so think about what level of threat you're experiencing as a level one is i'm alert i'm engaged it may feel intense but i'm able to focus a level two is i can't maintain focus for very long i notice that i've got maybe 20 or 30 minutes of capacity and then i'm distracted or distractible and so i feel myself swinging in and out

of that adaptive zone we were describing earlier a level three threat is i'm really not able to hold my focus i'm not able to dig in and do my best work and so if a group has that shared language which is a taking up that proactive step of saying this is how we're going to check in with one another and then we develop the routine of checking in with one another maybe it's twice a day during crises more often than that whatever's appropriate for for the work it gives you a quick way of saying all right who needs support and demonstrating that support for one another is really critically important especially when when we're working

through the kind the level of uh challenge and and um mental exertion that you're describing bob it's just critically important to know we're not in it alone even if we're sitting in our own cubicle in our own home-based office yeah can i ask a question i was just gonna say i i i'm intrigued by this idea and i but i wonder is it not the case that people will feel compelled to say that there are ones or twos when they're really threes like how how would i get the team members to really be honest knowing if everybody says one and i'm a three do i really say that i'm a three how do you how do you

help people understand that's okay to be the only three in a group of ones i think that's a great question and actually something that i've seen change across industries across i work with um as a cons in my consulting role i work with people across the wide spectrum of industries one thing that we've noticed over the past year is that people can't leave it at the door anymore and so this is a it's partly a leadership challenge for us to acknowledge as leaders that whatever signals we're sending about what is expected moment to moment or throughout a crisis or a normal work day we probably need to modify some of those signals and do that in a

proactive way so even when we're not dealing with a crisis what signals are you sending to your team that you understand that not everybody is equally resilient today not everybody is going to feel the same degree of readiness for the full workload even in the day-to-day maybe i have a family member who's ill maybe i'm feeling the strain of financial pressures within my family um so sending those signals and engaging those those issues uh on an ongoing basis gives us a readiness to extend the grace and courtesy when things get tougher when the heat increases does that make sense does that help at all bob i think also as a leader if you meet as a

if you i i put a stress management leader to check in regularly with your employees which could be one-on-one but it can also be in a meeting where you say you know what we're in a high-stress atmosphere you know workplace hype and vigilant and you know we all have a different level of how we manage it and you know i want to hear if you have problems you're sensing a potential problem in the workplace i want to hear about potential solutions and you know i want to hear it ever it doesn't really doesn't have to be to your point gene i'm fine because people will say i'm fine because if they don't then maybe maybe

you bob the leader is going to feel like they're really not up to the job which is so as a leader i would say you go beyond you can really say it's okay if you're not if you're not fine i'm here to listen and to share let's as a group to your point some of us are having a good day and we're right on focus and some of us you know the stress from homes you know right here with me and so i'm not as focused it's but i want we can be open about that because we can help each other support each other and also solve problems that are occurring for the team does that make sense pop that and janine

that sort of pulls that together if you're ready i like to check a regular check-in then you know if a manager like box calls a meeting it's like not oh my god it's okay well this is our platform to share what's working and what's not yeah i think building up that the habit of doing that in peace time so we we talk about things left of boom and right of boom so and a lot of the stress that we that we have is that we are we're left of boom but we know there's going to be a boom and we know that we can't uh you know we can't prevent all booms and so you know right of boom you're going to

have to rely on your training or your incident response plan or other cultural norms and so i like the idea of of doing that in uh in peace time left of boom so that it becomes okay when you're right of boom to be much more honest because the i think the health of the overall team depends on on understanding where everybody is at that particular point so yeah i think that's i think that's worth considering i don't know if anybody's watching we can talk about this in reddit but if anybody's actually done that um successfully before i'd love to hear more about that particular practice you might even i'm just sort of spitballing here but it might be the

sort of thing that you weave into you know vincent response plan as um as a thing that you do as as a normal thing and you put it in there and you you know it's it's just what we do when we hold and these meetings are they're ad hoc in their you know their emergencies like the cso is calling a meeting in five minutes and everybody has to stop what they're doing and they're all researching if you're right of boom they're all researching they're all doing something but we now have either new news um and so we have to uh we have to trade information back and forth between teams or whatever and maybe making that as part of the

standing meeting um agenda which is go around the room and ask everybody for their particular um their particular status that that could be pretty interesting so that's i'd love to hear more about other people who've tried something like that well i can tell you in terms of a critical incident um will would know this because i've been called in to do critical incident and have the leaders say look to employees an eapp professional is going to be available to talk one-on-one but also in a group and in that group setting bob i'm able to say here's what normally people experience when there's been when there's been an incident when there's been a trauma a traumatic event

um normally experience grief and loss here's what's normal and and there's no time time limit on that um but this group is an opportunity to i use it as an opportunity if it's an employee you know for example who've been injured or died to share about that and begin to share oh yeah their thoughts and feelings around grief and loss because also many have had grief and loss and trauma in the past which comes up what happens organically in those groups that i've run is that there's peer-to-peer support that already starts in that group oh you felt that way too or oh i went we had you know when there was a suicide we had an employee say you know

i talked to him i really you know we we all tried to check in but it really created a really good support uh peer-to-peer that occurred in the group and guess what after the fact it continued because i was still on site and they're talking to each other like because now that we were all in that group together we all know we have these same kind of feelings it's okay to say hey bob you know i that group was really helpful you know this is really hard or you know that helped me get through today and go beyond so that it is the group dynamic especially after crisis really it really helps employees manage the stress and the

grief and loss and also see their co-workers as resources for support i'd echo that the power of labeling and just just pausing to say this is my experience it doesn't have to take long or detract from from the urgent work to just take 30 seconds to say i'm here i i am at this level or i am experiencing the following emotions or reactions and in fact those those micro opportunities to insert um reflection human connection and even just to use the process of labeling itself shifts us from a chaotic emotional experience to a more controlled rational analytical experience if you will in the brain that that shift actually is a way of backing away from the

precipice um just just uh at a micro level but realize that the the burnout the depletion of the this intense work this hyper vigilant experience followed by boom or crisis um that's a an incremental process of depletion as well it's okay to think in terms of incremental steps that we can take to restore we can't wait for the vacation that never comes now that that's that's absolutely true and um i think that to your point the labeling you know a lot of people go through shock and numbness and label and they go through anger and here's what anger can look like and lots of times under the anger is the fear we have for our own mortality but your point

labeling that because a lot of people feel like i don't i must be crazy because i'm having these thoughts and feelings about what's happening and so you're right labeling and normalizing it oh other people really feel this way okay i feel a little better and then what i've done after a crisis sometimes also um i've offered one-on-one and i told will about an experience they the the employees were spread all over they were working on optimum lines whatever for optical lines for a tech company um but the manager walked me around the floor was early in the morning 7 30 saying since no one lying is here she's available if you want to talk and interestingly enough um

several people came to my office um the employees were mostly men by five or six men one woman individually and as we talked they were like oh my god i had no idea it was wow this is what i'm feeling and here's it triggered like a loss of a parent or a loss of whatever and they said wow i've never thank you so much i had no idea because i put the pieces of the puzzle together for them in a way because they've never saw counseling lots of people and maybe some in the audience is like i don't need it i'm not weak i can do this myself you know um are like this was really and

i got several emails at post of that saying i don't know that i could have done it without having that option so you're right that was the follow-up that because of the depletion and they were like how do i do this um so that was how we did it and it was very helpful for those people because none of them never had counseling before ever yeah susan i think that's a that's a great point and bob i want to kind of throw it over to you because i know in in our world that kind of we're supposed to be the specialist in crisis management i mean that's on people's resumes so it's easy to do it for somebody else

how do you do it for your for yourself and for your team so um so since you started talking about this this panel i've been thinking a little bit about this and as i was trying to to write down some of the things that i thought i had done either well or maybe not so well as an individual um you know you'll laugh a little bit at this but i i started to think like oh so you have to like identify various things that are going on like what are what are my goals and i have to find ways to protect myself and then if i can't protect myself because there's there's going to be a

security incident of some sort i have to detect that and then i have to respond and i have to recover and i was thinking wait a minute where have i heard all of that before and so i started really trying to break down the the things that i needed to do as an individual to uh to against that you know what what basically is the the five continuous defender activities from this cyber security framework and uh so i started writing things down and i was like oh so what am i doing with my daily habits what am i doing to protect myself up front around sleep by the way nobody's told me i don't get

enough sleep on this panel so i'm sure you're going to go there at some point yeah i got it okay i'm sure i love being like psychoanalyzed in public it's great so like sleep managing your diet and you know thinking about uh you know one of the things that i'm sure we'll we'll bring up later which is alcohol consumption in this in this profession um and then things to do to detect those um those stressors so i i was like i said i was looking back at how i how i personally respond to different kinds of stress and on the one hand there are parts of this that i really like i like that stress and then there

are other times when it becomes um it becomes prolonged and so then how do i how do i respond to that with either breathing sometimes i go for a walk or i try to get sleep but frankly in the middle of an incident it's that's that's very difficult and then how have i made how have i recovered how have i learned from those incidents to go back and improve my overall program um and so i don't know if that's a useful model for other people and i think like a lot of metaphors you can't stretch it too far but i started to to kind of break things down in into that for my my personal experience

um and i think for teams it it's also similar to that um you know teams can learn how to understand what happens left of boom versus right of boom and they can do things up front to uh inoculate themselves a little bit so they can think about what they can do today that will cause fewer problems later down the line one of the things i i tell people who may not have had all of my experiences is when you're writing things down in texts uh in emails in presentations is to focus on on facts in the future and that's because you're left of boom now and you don't understand how people right of boom are going to

either misconstrue or misunderstand the things that you wrote so if you write things down like we should have upgraded the server by now that seems like a fact but it's actually more of an opinion or an assessment and if you compare that to a phrase like allison upgraded server 19 from version x to version y on december 2nd that's that's much closer to a fact and again you know right of boom people will have a very different set of incentives and so um uh obviously like you know lawyers or investigators and so you know it's this is just sort of a really small example but the more people can focus on things like writing down

facts and thinking about the future as opposed to assessing the past i think that framing can can really help inoculate the team later down the line when a new group of people come in to second guess all of their work and that second guessing can can last for years so it's it can be pretty painful yeah i think about reframing your thinking reframe your thinking from because our brain gene would know goes to worst case scenario when there's a potential like oh it's going to happen we automatically quote a worse game oh my god it's worse than a scenario instead of reframing your thinking your point bob what are what are the facts what do i know to be true

that i can then begin to decide what are my options for dealing with right of boom or whatever is going to happen but it's reframing it okay it's a problem to be solved i i've got experience i'm going to fact check and i'll i'll look at what how i've been successful in the past can i use that now that so that reframing and janine i think that that resets the brain a bit to get it closer to that zone that i can i can still perform yeah the two things i i would underscore well said susan i would just underscore that that future orientation and a sort of a uh acknowledging that the state the

state of the reader in the future may be different um gives you gives you some opportunity to take control of something that is otherwise vastly uncertain the future so getting clear on you know what is your what is your intended use of this this record this comment this communication is a actually a really helpful we call it a certainty reward um humans are uh we are undone by uncertainty and and um an unknown you know an uncertainty is actually worse than a known bad like if we can know know what's coming even if it's not something we would desire we feel better than not knowing at all so just converting that's like a little mental trick that actually can buy a

little bit of of energy back a little bit of restoration just being able to take that mindset of picturing the future user the future scenario where someone's going to rely on the communication we're generating or the record we're generating um i think it's a very wise technique that's an interesting yeah i think this ties in i've heard a lot of things about you know consequence management from susan and and and what janine just said kind of reminded me of the after actions that we always do and they're usually very technical have you ever seen one that you know talks about the performance behaviors of the the actual emotional and human behavioral aspects of this and the

the leadership behaviors in an after action i i don't know that i've seen it to the degree that i think you're hinting we probably should think about it um you know one of the things that i do encourage people to do is to read up on on various breaches and responses and one of the challenges that we'll be familiar with but i don't know if jenny and susan are fully familiar with this but it is often the case that we don't have a ton of public information about various breaches and so one of the things that organizations want to do is figure out how to learn to improve just the basic operations of their security programs

and so you might think you can just go read a book about it and it turns out that's that's not as easy as you would think um and so there are a few uh a few places where the information is is documented um so for example and i i can talk about this a little bit in the in the in the reddit but uh if but but the yahoo breach is interesting in that it was documented in a department of justice indictment of foreign for foreign nationals and it goes into great detail about exactly what they did and then there's also um a 10k report that the board produced which has some interesting information and so i've gone to various groups and

i've spoken about how to take a look at these and other breaches to inform what we're doing and it's it's not a skill that i think that is is really common in our industry because there is so little uh information truly available i should also get a give a shout out to neil desjuani who's writing a book on breaches which i think will actually help solve a small part of this problem but we don't have an nstb for um for cyber incidents and so they're really we don't have that kind of structure and i think really you're talking about yet another layer which is even deeper than just understanding the breach itself and what the what the root causes were

but how the teams responded at an emotional and human level um you're i think that's some next generation uh stuff that you're you're proposing uh and i think it's probably a good one but i don't know that i've i've heard of anybody actually going as far as i think you would like us to go so maybe somebody in reddit will tell us would that be going with your to with your teams like well to your point what did we learn what did we do that worked and but what did we learn that we can use and go forward does that make sense because that's what the effort would be i think there is a lot of that

i think there is a lot of that but it's very technical it may talk about the process and the timeline and the technical but the piece that's missing is this the you know how did we perform as a team the as individuals etcetera um have you in your since you've been you know widely looked at multiple different done a lot of research on this and looked at different um industry industrial sectors have you seen groups that do this well what's coming to mind for me is um it is a probably a modification of a 360 review for leaders um that executive coach many executive coaches work with teams to do that and and so for a team to do an after

action review that really gets at the the behaviors uh that that and choices that were made the decision-making processes from a behavioral um or interactive standpoint um that's the kind of approach that's coming to mind for me that might be useful yet i think bob that talks to your point earlier about kind of that transparency from the get-go creating that environment and that culture ahead of time not after the fact so when you do have something like that you know it's actually people feel free to talk honestly and give good feedback so they can and be supportive of everybody else on the team there are additional benefits to that vulnerability on the part of the leader

or the leadership team as well um to show even in even if they do it relative to some smaller events um or minor events that vulnerability and getting practiced at saying i could have done better here or we as a group could have anchored on the facts and gotten out of our emotional space a little bit better um that vulnerability builds the trust that that feeds back on that question we were talking about earlier someone just being willing to say my head is not in the game today i'm at a level three threat just uh that comes from the practice over time of saying we could have done better how can we get better well and that's

the practice of a leader saying you know i i know and you know that's not necessary i know a lot but i don't know everything so i depend on the various expertise of my team members because some every team member has a different gift that they probably bring to the child and so that's that vulnerability i know a lot but i don't know everything and i'm open to saying that i'm open to learning and that's why this team is we can work together to find the answers you know respond to those responses here's a little tidbit in terms of the emotional behavioral piece after the fact is and in general as leaders is to express appreciation and

recognition for whatever he did everybody did to get through the crisis now that they're on the other side um an employee said to me long ago an incident you know appreciation recognition for a job well done to the best of our ability is high octane for the soul you know this is a great motivator so that can be a post response but ongoing you know as people are you know smaller things doing well whether it's another things whether it's a call but in a meeting post response it's another thing to do excuse i i love that because as bob can attest in our in our world in the security world um it's very much uh

you know break get break class in case of fire so there's not like you know nobody's necessarily they know we're there they're antici they expect us to respond we respond people go through everything that we've just talked about and then afterwards it's just like okay well that was your job you know now we put you back in the glass until the next time around that whole idea of gravity yeah that's that's awesome i had an employee i worked with and she was responsible to you know ceo whatever and it was constant constant i know if she was in communication whatever constant she did working on this project working working her whole team together they finished the project they presented

to the ceo he goes great good job now can you get going on this she said we had no time to breathe and not an ounce of just appreciation or recognition for the amount of time and effort everybody put into it and she said to your point janie she was completely depleted you know i just that but that's where that just recognition of what you did as a job thank you i appreciate you you made a good give out i value we value your contribution so that's a true true example actually do you need or bob have either of you seen examples that's done really well like that could be the benchmark jean you want to take that um so

in terms of doing this well yes i have actually i have seen people do this very well and actually work very diligently to improve their practices because it does not come naturally to any of us someone mentioned earlier our brains go negative very readily i think evolution yep yeah and we will stay there right we will end the end and uh you know bob you mentioned you you lean on your training well some of your training is to look for the look for the novel event that is different and potentially negative and so part of part of the system is designed to to actually um affirm our our tendency to deplete ourselves so i think

um you know as we're as we're kind of um bringing this and bringing this toward a close uh one of the things that's really coming up for me is the notion of depletion and the um the issue bob you mentioned earlier alcohol alcohol use for example or other self-medicating strategies that are some of our go-to's when we don't have a whole system that is helping us to restore on a regular basis we will default to some readily available strategies that aren't as positive and so um kind of uh bringing awareness to that to that risk of depletion and the fact that we can't afford to deplete these people we can't afford to deplete bob and team

and all participants on on the line today um we need to be more proactive and intentional in order to to break some of those habits and protect ourselves and our most powerful assets in cyber defense thank you well what you're talking about sorry a whole lot of points season sorry about that um i love that jeannine thank you very much i think that's a great segue we're coming up on uh just a couple more minutes so i want to go and just ask everybody what their their one thing is what the big takeaway is um if the audience can only remember one thing what what would that be and susan i'll go straight to you

uh my one big thing is be aware of the gap that many of us have between our head and our heart what our head knows we should be doing to your point to to manage stress more effectively eat healthy get sleep versus our core going yeah but i don't have time i'm okay i'm okay when i'm when they're really not which takes me to the big thing is it's a sign of courage and inner strength to ask for professional help i need guidance to help me not get so depleted and to get and to restore me and it's a sign of strength when you're open to getting to asking for help from a professional and

and the long term is you then have more skills and strategies for when to your point which energy when things happen in the future back to you anything yeah so i'm i'm thinking uh my big takeaway would be we slide on this spectrum from extreme threat to extreme reward um it's especially important that we cultivate the habits of checking in not only with ourselves and labeling where we are but also with others on our teams and and finding the common language building the common language to check in and acknowledge uh that when we are getting depleted we need to take micro steps to restore and not wait until uh until it is too late that's great bob final thought

yeah i think um you know one of the things that i appreciate about will you be pulling this panel together is is helping me think through uh the things that we talked about here we talked about sleep we talked about alcohol moderation and eating right we talked about all those different elements but i i continue to wonder i'm speculating that a lot of the same skills that we use to plan for and respond to and recover from security incidents if those aren't some of the same processes that we should use for ourselves and our teams so that for me is the the take away i don't know if i have the takeaway for for the rest of the audience but for me

i'm actually going to start writing some of these things down and trying to partition them so i understand where i'm going to be spending some of my energies and and how i can actually prepare left of boom for all the things that happen right of boom uh to myself and to the team so thank you for that yeah definitely thank you all uh there's some there are so many important things i think that we've said we're set here i i really appreciate everybody's time um and just want to take this last minute to thank everyone in the audience for joining um thank netflix for sponsoring this this panel uh and especially to you the panelists for all the time you put into

preparing for this and for uh just the really important thoughts that you've uh shared with us on this important topic for those of you who have questions for the panelists or want to share your thoughts and join the conversation please join us on the switch on subreddit immediately after this and also please give us your feedback on whether you'd like to further explore human behavior at future b-sides other than that everyone thank you again and enjoy the con you