During an interview last week I was asked to define the difference between a Threat and a Risk using language that a non-technical CEO would understand. I gave a good answer and made it to the next round. And then I got to thinking—in my answer, I also talked about a third factor that should have been called out: Vulnerabilities.
Let’s start with some definitions:
A vulnerability is a weakness in a system that exposes the system to a threat. A threat is anything that could exploit a vulnerability. A risk is the likelihood of a negative event and the likely impact.
Risks are found at the intersection between vulnerabilities and threats.
I had the opportunity to watch the ALA awards broadcast at Loganberry Books this year and that filled up my to-be-read stack, even more so than usual.
Simon Sort of Says
I went to Mac’s Backs one Saturday in late 2023 and stumbled upon local author Megan Whalen Turner posing as a bookseller. I mentioned that I try to read all of the Newbery Medal books and many of the Honor books (one of hers, The Thief, is a 1997 Newbery Honor) and so she recommended her friend Erin Bow’s Simon Sort of Saysas a possible 2024 contender. Megan did a great job as a bookseller — I bought three more books than I had intended that day. And until 2024, I’d never read a Newbery before it won the award. Started in December and finished before the 15th, I can now check that goal off my list.
Simon Sort of Says is about a kid who is (for horrific reasons) internet-famous, so he and his family hide out in a fictitious National Radio Quiet Zone so he can restart his life (offline) as an ordinary seventh grader. It’s a great book and a worthy Newbery Honor.
This is the first of six posts on Cybersecurity for small businesses. Click here for the Introduction and links to the others.
Make it Harder
Make the attacker’s job harder, starting with passwords.
Strengthen your passwords
The goal here is “easy to remember but hard to guess”, so length becomes more important than complexity. Consider passphrases rather than passwords. Pick a memorable phrase and use it (or some variation on it) or some random words as your password. (There’s even a web comic about this: https://xkcd.com/936/)
This series of posts started as an outline for a short presentation on Cybersecurity for small businesses that I would eventually give multiple times over a couple of years in the northeast Ohio area. At the time, I was advised to be hard on the listeners, effectively an attempt to scare them into action. I’m no longer certain that was the right approach and future versions of this presentation would rely more on persuasion and story-telling than on fear.
A recent online experience with a large department in my state government left me scratching my head and wondering who was watching what.
The relevant page was easy to find and, while I had to click through two more pages to get to the SaaS application, I was able to get through the first four pages without any problems. But the next page presented me with a “something went wrong” notice.
During my cybersecurity consultations with owners and leaders in small businesses, the initial discussions generally center around five topics. The order in which they’re introduced isn’t intended to imply any relative importance but instead represents a conversational flow as we walk through an abbreviated initial risk assessment and get into some of the common first steps in implementing a small business security program.
I’m reading two other books on the “whitespace” in organizations at the moment when I came across this HBR article that I had clipped some time before. In my experience, “whitespace” in an organization is usually defined as the space between blocks in an org chart or the hand-off space in processes—both places to go looking for great operational efficiencies. Maletz and Nohria take a different approach.
Managing in the Whitespace
In their article, Maletz and Nohria define whitespace as “the large but mostly unoccupied territory in every company where rules are vague, authority is fuzzy, budgets are nonexistent, and strategy is unclear” (p. 103).1 It’s a place “where entrepreneurial activity that helps reinvent and renew an organization takes place.” This sounds more like skunkworks to me than anything else, and the management suggestions outlined in this paper match my skunkworks experience in several efforts over the years.
The article outlines three preconditions for moving an effort to the whitespace: great uncertainty over an opportunity, organizational politics and a high chance of internal disruption. The writers then outline four challenges when operating in the whitespace and suggestions on how to overcome, concluding with criteria for deciding which of three paths to follow next.
I read much but finished little in December. Sometimes that happens—I have a tendency to have too many books going at once.
Amazon’s Antitrust Paradox
In an effort to better my understanding of monopolies and antitrust, I picked up an article1 by Lina Khan, published in 2017, a few years before her bait and switch nomination to the Federal Trade Commission in early 2021. At that time, she was nominated to a seat on the FTC, then confirmed as a Commissioner with bipartisan approval and then was rapidly (and unexpectedly) tapped to lead the agency as Chair. It’s not clear that her approval would have been so strong had it been known from the beginning that she was being put forward as the Chair.
I read it slowly since I was unfamiliar with many of the legal concepts and jargon in her Yale Law Journal note. And I slowed down even further as I found myself unexpectedly agreeing with her arguments. My synopsis is this: we can’t currently levy traditional antitrust policies against Amazon, largely because Amazon is intentionally structured to not trigger the characteristic defining today’s antitrust doctrine: consumer welfare measured by low consumer prices.2
And it’s true: Amazon allows consumers to acquire more stuff, more cheaply, (and more quickly) than probably at any other time in history.
If that emphasis on “harm to consumer welfare” as today’s defining characteristic of monopolistic behavior is new to you, don’t be surprised. Reading her Note required me to revisit many of my long-held thoughts on monopolies and anti-trust doctrine. ↩
Posted inOther Thoughts|Taggedbooks|Comments Off on Off The Shelf: December 2021 (antitrust and Amazon)