MIT has a storied history regarding hacking where the act is viewed as a “clever, benign, and ethical prank or practical joke” at the University. Hack is also defined as the act of breaking into computers or computer networks. My definition is a combination of both.
“The primary goals of these operations are typically to get access to capabilities that would make it easier for them to hack companies all over the world,” he said. Days after several US agencies confirmed their networks were compromised in a massive data breach, federal officials are still struggling to understand the scope of the damage - highlighting the.
To me, a hack is a clever or unexpectedly efficient means of getting something done. A good hack should feel like cheating because the value created by the hack feels completely disproportionate from the work done.
With this definition in mind, I present five leadership hacks I regularly use. These are not practices designed to redefine your leadership philosophy. They are hacks.
Two minutes early. For everything.
Let’s start simple. I attempt to show up for every single meeting approximately two minutes early, and it has to do with Apple. It may have changed since then or been team dependent, but the expectation at Apple was that every meeting started roughly five minutes after the scheduled start time. It was assumed. We called it “Apple Standard Time.”
If everyone is aware that “Apple Standard Time” is the standard then no big deal, everyone ends up accounting for this handy five-minute buffer. But everyone is not aware. There was no onboarding were we learned about “Apple Standard Time,” so there were not infrequent meetings where half the people showed up and stared at each other for five minutes wondering, “Where the hell is everyone?”
The origins of “Apple Standard Time” are unknown to me, but I bet it started decades ago when someone important, someone with an impressive title kept… showing… up… late. No one said anything because everyone assumed there was good reason for the tardiness. There was a reason: this leader was bad at running their schedule. Worse, this behavior was allowed to exist and – even worse – it became part of the culture.
Two minutes early. For everything. This means I look at my calendar at the beginning of the day and account for transit time. This means I gracefully leave the prior meeting five minutes before the scheduled end. This means I profusely and honestly apologize for wasting people’s time when I walk in two minutes late and this means I don’t let this failure become a habit.
The clock faces you.
Ending a meeting that is going well is tricky. Laura is in the middle of a soliloquy about the powers of a good engineering program manager. It’s great. She’s on a roll, but I need to be across the building for a 2pm meeting, and it’s 1:55pm right now, and I can not hear an ending to Laura’s speech.
Laura knows nothing about my internal scheduling turmoil and she’s looking straight at me because she knows my support for program managers is critical and if I’m busily checking my calendar rather than listening, I am telling the rest of the room, “This thing she is talking about is not that important.”
The first thing I do when I sit down in a conference room is to find easy sight lines to the clock. Hopefully, it’s on a wall, or maybe I need to turn it face me on the desk. The hack is: “I should be able to know the precise time of day at any moment without a single human noticing.”
By having an intimate understanding of the time, I can shape my exit. I can listen for the ever-so-small pause Laura lands at 1:58pm. She’s not stopping, she’s taking a deep breath, so I can jump in and say, “This is great. I have a 2pm across the building, can we continue this discussion later?”
Whether you’re running the meeting or attending the meeting, being frictionlessly aware of the time is the first step to getting a meeting to end on time.
Office hours.
At my last gig, I wanted to meet everyone. First all hands, I committed, “I will personally meet with each and every one of you.”
Admirable. Doesn’t scale.
I started with 1:1s, but it was quickly obvious it’d take six months to get through the entire team, so we quickly pivoted to round tables. Five to ten folks plus me – every week. These meetings were more time efficient, but in each, it was clear that there were always a handful of folks who simply didn’t want to be there. I have work to do.
You can flatten your organization by creating as many communication conduits in as many unexpected directions as possible, and this was the goal with my flawed “meet everyone” strategy. The question is how do you create this communication serendipity for all the humans?
Office hours. They’re announced broadly every two weeks. Two hours total. 30-minute slots. Google Calendar makes this super easy.
The result: my office hours are filled every time I announce them by the folks who want to talk and have an agenda. These are some of the most interesting meetings that I have with the team on a week to week basis. Random thoughts. Emerging concerns. Criticism. Growth conversations. Deep strategic concerns. Communication that only happens 1:1 and in person on a regular basis.
Three questions before any meeting.
Another morning calendar hack: I glance at my day and make a quick assessment: what is the value being created by each of the meetings on my calendar? In a moment, I should be able to answer that question. It’s a new director and we’re going to get to know each other. It’s a weekly sync with a team in crisis. It’s a regularly scheduled 1:1.
Once I understand the why, I then focus on the what. Whether I run the meeting or am a participant, I write three questions that I’d like to get answered at this meeting. For a day full of meetings, the three question exercise should only take a few minutes and it achieves two important outcomes:
The Reading Block
First, it frames my goals for this meeting. What is top of mind for me and what am I going to ask when given a chance?
Second, if I am failing to come up with three questions, I ask myself, “Why am I going to this meeting?” Meetings are a virus. They infect and they multiply. The longer they exist, the more likely the humans forget why the meeting was called. If it takes more than 30 seconds to think about my three questions or if I can’t think of a single question that I want to ask, I decline the meeting with a clear explanation.
Continually fix small broken things.
There’s a stack of books on the right side of my desk. They’ve been slowly growing over the past month; I keep telling myself I’ll deal with them, but today I’m dealing with them. The one good book goes in my backpack for reading; the rest go to the bookshelf because I have decided I will likely never read those books.
Sticking with the desk. I’ve been collecting pens, and my pen cup is too full. So, I pour them on the floor and decide which pens are staying in the cup and which pens will be declared free. It takes a little over a minute, but I reduce my pen load by 50% and a lucky someone in the office is going to find a bunch of exceptional pens in our office supply cabinet.
There are five more small broken things on my desk that – in less than 10 minutes – I could fix. These are small broken things I’ve been staring at and stressing about for a month, and in 10 minutes that compounding guilt is better. That 10 minutes made standing at my desk more joyful.
As you walk around your office, you constantly see little things that are broken, but you often ignore them because you are urgently working on the big things. The last hack is the easiest and it’s the best: fix small broken things. Always. It takes seconds to clean that whiteboard, to plug in the clock in the conference room, and to stop, lean down, and pick up a piece of trash. Seconds.
The value created isn’t just the small decrease in entropy, it’s that you are actively demonstrating being a leader. I understand the compounding awesomeness of continually fixing small broken things.
‘Hack the Building’ Spotlights Vulnerabilities
Illustration: Getty
The Defense Department has long been sounding the alarm on the increased need for enhanced cybersecurity measures across its programs to protect data and communications. It has promoted better cyber hygiene among its employees and is now preparing the defense industrial base to begin hardening its networks through its Cybersecurity Maturity Model Certification regulation.
However, less attention has been paid to the physical side of cybersecurity — securing buildings, manufacturing centers and other infrastructure from exploitation via their surveillance cameras, thermostats and other gadgets and smart systems.
To tackle that, the Maryland Innovation & Security Institute, or MISI, and Dreamport — a partnership between MISI and U.S. Cyber Command — recently held an inaugural “Hack the Building” event near Annapolis, Maryland. The objective? Have remote and on-site teams try and break into a fully-equipped 150,000-square foot “smart” building, which posed as a fictitious defense company known as “BCR Industries.”
The nation’s most critical operations occur in facilities, said Armando Seay, director and co-founder of MISI and the organizer of Hack the Building.
“Everyone wants to talk about the network,” he said. “Everyone wants to talk about the weapons systems. Where are those things being developed? Inside of a building.”
There is often a disconnect between those who run a company’s network security and physical security, he said.
“The fire alarm isn’t the responsibility of the cyber person, neither is the elevator, neither is the access control — it’s left to facilities,” Seay said. “All of those systems that I just mentioned, the surveillance cameras included, are all subject to cyber attack. But they don’t really work together. It’s two separate disciplines that don’t intersect nine times out of 10 in most government [facilities] and even in the corporate world.”
In one infamous example, a massive cyber breach into retail giant Target’s computer network in 2013 was conducted via an HVAC system, he noted.
“It’s easier to get in via that HVAC system that’s got a little antenna or device that’s communicating with a network inside the building than it is to try to attack the network inside the building,” he said.
Organizers held the Hack the Building event at the former headquarters of an internet service provider. It had a data center, a security operations center, old surveillance cameras and even backup batteries in the basement that emitted noxious gases and were reliant on exhaust fans to remove them from the building.
“It was crazy. We were like, ‘This is perfect,’” Seay said.
The event differed from other similar cyber gatherings, he noted.
“Everyone simulates it,” he said of cyber attacks on physical infrastructure. “They do tabletops, and that’s better than nothing, but they’re not as effective as doing the real thing ... where you get literally a sensory reaction.”
Given the rising importance of securing controlled unclassified information — which the Pentagon aims to do with its CMMC regulation — organizers of Hack the Building included fake CUI in the networks, Seay said.
Because of the pandemic, the event was held physically and virtually. There were about 30 teams which came from industry, federal labs, academia and government agencies. Groups participating on-site out of the building’s parking lot were limited to two people, he said. The event was livestreamed on Twitch.
“Attacks were coming from all over the country,” Seay said. “The density of the ... fictitious adversarial attack was huge. It wasn’t one team.
It wasn’t two teams. There wasn’t a lab environment. There were people from all over the country, different teams, collegiate teams, military teams, commercial teams, attacking the building anyway they could.”
Some of the teams focused on breaking into the building’s IT systems, Seay said.
“They were completely missing the target,” he said. “They would spend so much time trying to hack a Linux system or Windows system.”
The groups that took that approach didn’t realize there were faster and more stealthy ways to accomplish their objective, he said.
“That’s one thing that we learned from the event was, wow, the nation needs more education, more realistic exercises around this topic, because ... everyone focuses on the IT,” he said.
However, there were teams that shined during the event such as Carnegie Mellon University, Johns Hopkins University and George Mason University, he said.
Successful teams “didn’t waste their time on frivolous attacks against IP assets or tools that would not have met their objective,” he said.
“They pivoted directly to the ... interconnected devices immediately and they were good at it and they were fast.”
In the future, organizers plan to break up Hack the Building — which was a four-day event, including a conference — into smaller exercises that will take place every few months, Seay said.
The Leading Hack For Moomoo.io
During the first quarterly event, participants will begin in the “lobby” of a building, he said. If they can get through it, they can qualify for the next exercise which will be on the second floor, and so forth.
“One of the things we realized is that we had a lot of people that did not know what they were doing,” he said. “I don’t believe there’s anything wrong with that. … Part of the exercise was to learn. But the leading, mature people who really know this, ... we don’t want to get mixed in with kindergartners. Put them in another room and let them play there.”
Topics:Cyber
Related Articles
The Learning Hack