CONFERENCE Virtual Event Today: Threat Detection & Incident Response (TDIR) Summit - Join the Event
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Spotting a Norman: How to Root Out Those Wasting Organizational Resources

In the 2016 film “Norman: The Moderate Rise and Tragic Fall of a New York Fixer”, Norman, the lead character, appears to be a successful businessman on the surface. Only after we begin to dig deeper do we learn that Norman is essentially more a complexly woven web of lies and inconsistencies than he is a real person.

In the 2016 film “Norman: The Moderate Rise and Tragic Fall of a New York Fixer”, Norman, the lead character, appears to be a successful businessman on the surface. Only after we begin to dig deeper do we learn that Norman is essentially more a complexly woven web of lies and inconsistencies than he is a real person. In other words, Norman is not at all as he seems.

Unfortunately, in the field of information security, there is no shortage of Normans. How many times have you met someone full of promises and big on talk, only to be disappointed by what results from your engagement with them? Normans not only let organizations down, they adversely affect the information security postures of those organizations by taking valuable time and resources away from other value-added activities.

To help organizations avoid wasting their time with Normans, I offer ten ways to spot one:

1. Can’t get a straight answer: Normans are very good at evading tough questions by using complex, verbose monologues in place of answers or by changing the subject entirely.If you ask someone a simple question, they should be able to give you a simple answer. If you’re more confused after you ask the question than before, beware.

2. Narratives, rather than facts: It’s hard to argue with facts. Nonetheless, some people try to. Normans are quite nimble when it comes to putting together narratives and making those narratives sound like a true story. When called on their story telling or caught in an inconsistency, the narrative quickly morphs into its next version. If you find that the story keeps changing, it could be a sign that you’ve got a Norman on your hands.

3. Insults and blame:  Don’t expect praise from a Norman. They will almost never praise another professional, and when they do, it’s usually because they’re looking to get something in exchange for their praise.  Beyond that, it is quite common for Normans to criticize, belittle, and insult the accomplishments of others and to blame others when things aren’t going as promised.  All of these are mechanisms by which Normans keep the heat on others, prey on the self-doubt of their colleagues, and keep down those with low self-esteem who might be on to them.  If you know someone who has these traits, they might be a Norman.

4. Moving from one thing to the next: Many people find it challenging to stay focused and on course amidst distractions.  Normans know this and use it to their advantage.  One way to keep people from asking too many questions on any given topic is to distract them with another one.  If you find that someone constantly moves from one thing to the next without ever finishing anything, they could be a Norman.

5. No insight into what they are doing: Normans are quite good at withholding information and providing very little insight into what they are doing. If, no matter how many times you ask someone, you can’t seem to understand what it is they’ve been spending their time on, chances are, they’re a Norman.

Advertisement. Scroll to continue reading.

6. No tangible accomplishments:  If you had a dollar for every word a Norman uttered, you might stand a chance at getting back the amount of money they’ve gotten out of you. Talk is cheap though. Action, on the other hand, is contrary to the nature of a Norman. If you can’t seem to identify any tangible accomplishments, regardless of how much money you’ve spent or invested, you might be paying or funding a Norman.

7. Endless pursuit of funding: Unless they are independently wealthy, Normans, like most of us, need to make a living. Unfortunately, rather than invest their time and energy into honest work, Normans invest in fundraising. If you know someone who is always in pursuit of funding for their latest project, or is otherwise always looking for money, they’re probably a Norman.

8. Shreds of truth: As the Scottish author William McIlvanney wrote, “good lies need a leavening of truth.”  One great way to live a life of lies is to make it as difficult as possible to refute those lies. And one way that Normans can make it very difficult to refute their lies is to include a grain of truth in them. If you find yourself constantly saddled with lies that are difficult to counter, you might have a Norman on your hands.

9. Leverage: It’s a tough world out there, and Normans survive by extracting, or trying to extract leverage at every possible opportunity.  If you can’t seem to have a simple conversation with someone without that person trying to get the upper hand, you’re likely engaging with a Norman.

10. Always happy to take a favor: We all know people who call you for favors, and are then mysteriously busy or unavailable when you need one in return. True friends and true colleagues don’t keep a tally of how many favors one has done for the other, of course.  Nonetheless, if you take a step back one day and realize that the scale is tipped heavily in favor of your supposed friend or colleague, you’re likely doing favors for a Norman.

Written By

Joshua Goldfarb (Twitter: @ananalytical) is currently Field CISO at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

SpecterOps has appointed Tim Bender as CFO, Pat Sheridan as CRO, and Bryce Hein as CMO.

CISA has officially announced the appointment of Madhu Gottumukkala as its new deputy director.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.