Today I’m switching gears to talk about something we all do but don’t often consider, LEVERAGE. This post explores ways in which we can leverage the world around us to to maximize our strengths. The areas we can leverage include our job (delegation), out career (social networks), our business (cost centers to revenue centers), and many more. Many of these are examples of chaordic frameworks, but let’s expand on a few of these to better understand them.

Martin Fisher kindly invited me as a guest on his Southern Fried Security podcast. He stipulated that we talk about something other than PCI, which made me very happy since I’ve been looking for a venue to discuss some of my ideas for leveraging the world around you.

You’ve seen it done in the movie The Matrix where Neo bends the world around him to dodge and eventually stop bullets. Let’s see how you can warp and leverage the world around you to maximize your ability to succeed in several areas of your life you.


Martin stipulated that we should focus on how “information security professionals (especially leaders) need to position themselves (e.g. subjects to learn/become more familiar with, conferences to attend, ideas/concepts to embrace) better for 2011.” Just like a life or career coach, let’s break this down into three categories we want to apply leverage:

  • Job – by leveraging delegation either assigning tasks to others or taking on tasks of others
  • Career – maintaining networks (social, physical, electronic) to help make you better (smarter, more employable, etc.)
  • Business – turning cost centers into revenue centers


Long ago I had a manager who believed you could delegate anything. I thought this strange because to me there are some things you can easily get done yourself but assigning to others will take much longer. The problem with my old mindset is that you end up thinking you are the best person to perform 80% of tasks thus taking up all your time and preventing you from leveraging the skills of others. Remember, delegating is not just about getting other people to do work it’s about assigning tasks based on area of expertise or helping someone improve and expand their skill set.

Task #1 is to delegate to others tasks that can help them grow or maximize their skills to complete a project. Sometimes you won’t even know how a task will help someone grow until they complete it.

Task #2 is to time-share between those individuals who have taken on tasks and help them complete the task in a successful manner. Assigning and walking away is often worse than never assigning at all. For delegation to work you need to foster growth in those who are taking on the task and provide them the resources necessary to be a success. Sometimes these tools are connections, access to resources, providing experience, or building confidence in their own abilities. Sometimes these tools are timelines, deadlines, project management skills – whatever it is the individual needs to get things done.


I landed my first job out of college via a job fair at the University. I landed my second job via Lee Kushner, a professional recruiter. Every job after that has been something I created myself or offered to me via my network of connections. Beyond the simple job search, leveraging your network of connections can be critical to almost every success you see in your personal career. When people talk about networks they may be discussing a wide range of topics including: social networks (twitter, facebook, linkedin); physical networks (co-workers, neighborhood friends, hackerspaces, meetups); or electronic networks (irc, email, phone calls). Everyone has a different way of leveraging these networks but we all do it – either to keep in touch with friends or build communities.

Task #1 to grow and farm your network is to make smart connections. You need to keep in touch. You need to help other build connections. Growing and farming a successful network is not about helping you get something out of it but helping your network get something out of being connected to you. It’s a strange thing in that regard that the most connected of us are not always the smartest individually but they are able to connect you to a smart or capable person in the area of your interest.

One of my end-goals is to “connect smart people” and so every time I meet someone I think of someone else I can connect them to. Working on a Bay Area art project? Reach out to Chris Rusak. Interested in lock picking? Reach out to Deviant Ollam. Want to know about creative data exfiltration techniques? Reach out to Iftach Ian Amit. Social Engineering? Mike Murray and Jayson Street. Need a job and are a skilled professional? Lee Kushner. The list goes on and on. Photography, life coach, physics, startup company … you name it and I’ve got a person for you to connect with.

Task #2 (and here is the tricky one) is to leverage your network to create a bigger/better network. But why you ask? Isn’t it time to “harvest” the network? No, never, nada. The hard thing for people to wrap their heads around with networking is that the benefits to you are natural side effects not pre-planned end-goals.

Community growth is organic and as such so should be the way you leverage them. For example, after starting Security B-Sides I though we could leverage the 10-15 events to help solve the “big problems” facing the information security community. Although not a bad goal, the idea that I could direct the solving of these “big problems” was an incorrect assumption. Instead, I encourage companies to get involved in the community and organically solicit interested participants in helping them solve specific problems they are facing. This type of involvement helps complete the organic virtuous circle of helping the community help itself.

I said it best via twitter:

Every time I think tools are for making products someone reminds me that tools are made to build more tools.


Few people other than the CEO and CFO within a company think about things such as “cost centers” vs “revenue centers.” For example, the sales and delivery departments may be revenue centers while the marketing and IT department may be cost centers. Companies need to stop accepting these as a way of life and begin to think of ways to turn cost centers into revenue centers.

Case Studies:

IBM realized long ago that their internal IT department was really good at providing one great company with IT services. If the IT department could do good things for one company why not let it do good things for many companies? IBM stopped thinking of IT as a cost center and turned it into IBM Professional Services and expanded the services offered to create an amazing organization.

Kaspersky Labs realized early on that marketing can be a cost center, but only if you let it. They created a separately branded news company, ThreatPost, that grew into an organization until itself. Instead of hiring staffers to write all the articles they turned their marketing people until content farmers, connection people who wanted to write about smart things with an audience of readers who wanted to learn. In doing so they maximized their staff abilities to create more than any one individual could. ThreatPost has since expanded from the US into Latin America with locally written articles in Spanish and Portuguese.

Goldcorp had a problem in that it didn’t know where next to mine for gold. Instead of keeping it geological data secret it opened it up to the community and offered a prize for who could come up with the best place to mine for gold. This was a big risk as no other companies were offering up their valuable geological data online for anyone, including their competitors, to access. The payoff was huge and direct in their monetary return.

Task #1 is to re-examine the parts of your company from marketing and HR to IT and supply-chain-management. Every part of your company that is a cost center may have the potential to be a revenue center. Start questioning why you do things the way you do? Why do we write our own marketing materials? Amazon has users write book reviews for them. Why do we pay people to solve problems? Many companies have developed APIs and allow others to write plug-ins to their software. Find ways of letting other people solve your problems for you.

Task #2 is to pick one thing you want to convert from a cost center to a revenue center and focus on it alone. Like a scientist trying to determine the key factor in an experiment, do not get over zealous and try to convert everything at once. Remember that you are learning and want to take it one step at a time. Find one thing to revolutionize and become very good at. Wash, rinse, repeat.