Well, that didn't last long. Last week I wrote about the influx of catfights and pigeons into my back garden. Then on Thursday afternoon, I met Mabel - a 1-year-old rescue pup - and since then, it's been about gaining and building her trust.
For Mabel, it's being prepared to let her sit on my knee for 2-hours. Feeding her. And reassuring her that she doesn't need to go into situations that scare her.
Signals and signalling are a critical part of the human/animal side of trust and security.
Van Halen's Brown M&Ms
At every venue, artists have a rider - a contract covering everything they need to perform. Van Halen's rider famously contained a clause requiring a bowl of M&Ms... but no brown ones.
While easily dismissed as rockstars being picky - it was anything but.
It was an insignificant test. A test to check if the venue had read the rider accurately - and ensured that all of the essential, safety-critical points had been covered.
In his memoir, David Lee Roth - Van Halen's lead singer - said, "When I would walk backstage, if I saw a brown M&M in that bowl, well, we'd line check the entire production. Guaranteed you're going to arrive at a technical error... Guaranteed you'd run into a problem."
The absence of brown M&Ms created a reliable signal of trustworthiness - that the venue had paid attention to the small details... and increased confidence that the critical tasks had been dealt with.
How Do I Know if I Can Trust My Team to Do The "Right Thing"?
An honest question that is often answered by glib, unhelpful responses...
- "Well, you hired them, didn't you... so you have to trust them." - Erm... not always, it's more common to inherit a team. 🤔
- "You can't. As the saying goes... To 'ere is human. To forgive, divine." - An absolutist answer and equally useless.
So what is a better answer?
Regular phishing simulation and security awareness training are crucial for all cybersecurity programs. Yes, some people will be caught in each simulation - a momentary lapse of judgement. But a repeated pattern of failures across multiple simulations and a dismissive attitude toward security awareness and understanding the risks your business faces are signals and tell a different story.
This is why phishing simulations, security awareness training, and Fresh Security's Human Security radar (this email) contribute to a high-quality signal. One that shows you can or cannot trust certain people within your team to do the "right thing".