2. On Shared Purpose (Part 1)
Stand together or else you stand alone
Soft Skills
I have spent most of my career as an individual contributor and a red team operator. Learning new coding languages or adversarial techniques was how I marked my technical progression, a narrow and focused mindset that stopped me from exploring soft-skill topics such as leadership or emotional intelligence.
It wasn't until I moved into the role of a manager that I started reading books on non-technical subjects like productivity, talking to people, how to listen, biographies on leaders, and leadership in all forms. I realized I had been missing critical learning by not reading these types of books from early on in my life. If you take only one lesson from this letter, it is this: soft-skills are the glue of a well rounded life, and always worth your time to master in all stages of a career.
“…soft-skills are the glue of a well rounded life, and always worth your time to master…”
Cyber Generalship
Coming from an Army background, I tend to gravitate towards military case studies: battles, tactics, biographies. Like many others, I see cyber as a theater of war. Reading about combat leaders provides me with accelerated learning on strategy, cooperation, and tactics in the real world that I adapt to cyber. I read these books through the lens of a security specialist, changing details around until the scenarios fit teams and situations in my career.
Defending a city?
I see the Blue team defending against an attack!
The attacker tactics used in the real world example we could adapt and add to our offensive red team capabilities. Maybe there are tactics that we should avoid too, as the attacker.
Admirals negotiating a ceasefire or peace treaty?
Adapted to Cyber, that could be negotiating headcount from peers who are normally friendly, but now are placed in a difficult position to fight for desperately needed resources.
“…negotiating headcount from peers who are normally friendly but are now placed in a difficult position…”
Call Sign Chaos
When I read the book Call Sign Chaos by former US Secretary of Defense Jim Mattis there was a chapter that really hit home: Chapter 5 - Rhino, described how Gen. Mattis brought multiple service elements, countries, and dignitaries to the table to launch a backdoor invasion all within 28 days. What resonated with me was that he did it all through a usage of loosely written policy, while not technically breaking any rules.
Thinking about the policies to which I am beholden as an offensive security leader, the mission that a red team has, the shared purpose of all cybersecurity elements helped me identify the policies can't be broken no matter what. More importantly, it showed me what policies could be bent without being broken to further the mission. Gen. Mattis bent the rules by framing the Rhino invasion not as an invasion, but as a raid. And at that time, raids were an authorized activity.
Framing the request in the right way was almost as critical as the raid itself.
“…usage of loosely written policy while not technically breaking any rules…”
Clear Raid Chat
You see, a raiding party has to return back from a raid with spoils; that’s what a raid is! If the raiders go get something and don’t come back, that’s called an occupation which comes with different rules. What’s fascinating about the Rhino raid is it included no withdrawal plans. Gen. Mattis initiated action upon a shared purpose: to defeat enemies that would further do them harm. As Gen Mattis led through his peers to convince stakeholders to sign off on a raid with no end, he did so by framing and using relationships with peers and first team.
A diplomatic success such as Rhino was accomplished because of the shared purpose and understanding in the post September 2001 world. This raid with no end, Operation Rhino, was the manifestation of what the country needed the most: a shared purpose, understood by all, realized.
“…a shared purpose, understood by all, realized.”
Good Copy
I write to you in this letter about the specifics of the Rhino campaign that motivated me, and how Rhino inspired me to adapt its lessons to cyber. Mattis’ genius in putting together Rhino inspired me to find the shared purpose of our cyber teams, and then work to align ourselves to it. I have taken key areas of Chapter 5 and refined them into smaller sections, packed with various examples and how they influenced my growth as an offensive security leader. My hope is that, similar to how I was able to apply Mattis' examples to my own scenarios, my experiences can help spark new ideas with your unique situation, cyber or otherwise. But the Stoic in me prefers cyber.
“…Rhino inspired me to find the shared purpose of our cyber teams…”
While this letter may touch on a geopolitical situation at the time, it is by no means a political letter. Context around the time period is important to understanding why certain actions were required. But fear not! I’m not arguing for or against a particular viewpoint, other than the one that brings us together: a shared purpose.
What’s up next?
Part 2 of “On Shared Purpose”
All parts of “On Cyber Philosophy” aggregated and released in one complete work