Most of the security professionals I’ve worked with over the course of my career have been sincere, talented, constructive players. These types of people know that the whole is greater than the sum of the parts, and they work collaboratively to build up both their peers and the broader teams that they work within. Unfortunately, I have come across a few charlatans as well. These types drag down both their peers and the broader team, though it can sometimes take a while before they are seen for who they really are.
In case you don’t know that a charlatan is, dictionary.com defines it as: “a person who pretends or claims to have more knowledge or skill than they possess; fraud; quack.” Sadly, by the time most people catch on that there is a charlatan in the team, grave damage has been done to both the morale and progress of the security team. That being said, there are some clues that charlatans leave behind from time to time. If we are astute and perceptive, we can pick up on these clues and work to contain the damage that charlatans cause.
Here are 10 tactics that charlatans use that we can be on the lookout for:
- Identify and target: While talented security professionals look to their accomplishments to lift them up, charlatans do not, unfortunately. Charlatans see successful, accomplished co-workers as a threat. They see them as people who might see through the charade that the charlatan is putting on. As such, they identify those people and target them in a variety of ways, some of which I’ve listed here.
- Cut down: Most talented security professionals I’ve worked with have a healthy amount of self-doubt and insecurity. This is completely normal, of course. Charlatans take advantage of this, cutting down talented professionals that they see as a threat. This causes those targeted to recoil in a moment of thought and introspection, which is all the charlatan needs to retake the spotlight.
- Take pot shots: One of the strategies of a charlatan is to throw their perceived threat off their game. One way in which they do this is by taking pot shots. Charlatans throw subtle slights, passive-aggressive insults, and unpredictable surprises at their targets. If the targeted individual reacts to the tactic or calls the charlatan out, the target then seems like the aggressor. The best response is to ignore the pot shots and try to stay focused. In many cases, when the charlatan realizes they cannot rattle you, they will slowly lose interest.
- Invent accusations: Rather than dealing with the issue at hand or taking responsibility for their own actions, charlatans often invent accusations out of thin air. The idea is simple: If the charlatan is on the line for something, then a bigger problem or crisis must be created and blamed on someone else. Then, everyone will be talking about that and will forget about the issue that the charlatan is responsible for. This can be particularly frustrating until people catch on, at which point, the charlatan will be forced to remain on topic.
- Limit outside input: Part of the trickery of charlatans is limiting people’s access to outside input and data that might show the charlatan for who they really are. They do this by suggesting that seeking external opinions from others that are knowledgeable is a bad idea, or naysaying the source or sources that someone has gone to for input and data. This is one of the harder tactics to become wise to, but once you spot it, it will really stand out.
- Distract: There is really no secret to improving the state of security within an enterprise. It requires a disciplined, focused, strategic approach that may course-correct when necessary but does not veer sharply off-course for the distraction of the day. This does not work for charlatans who require a constant stream of distractions to keep the light off of the fact that they overpromise and underdeliver.
- Overpromise: Charlatans know that most of us have a short-term memory. Because of this, charlatans will often suggest one idea after another. Each suggestion is a “must do”! Yet, charlatans are notorious for underdelivering. When the time comes to follow-through on their promises, they have likely already overpromised a number of other items. Those who aren’t wise to the ways of the charlatan will get excited by the newer promises and forget that prior promises resulted in zero progress.
- Bury: A charlatan will always let you know when you’ve done a particularly good piece of work. How? They bury it. What do I mean by that? If a talented security professional releases a great piece of work (be it analysis, writing, code, or anything else), the charlatan will work to cloud the work environment with anything at all that will cause others to miss the work you’ve done.
- Speak in cliches: Speaking in cliches is an easy way to bond with people, but it is a lazy and unintelligent way of speaking. Cliches allow charlatans to win the support of people without needing to speak substantively. The masterful charlatan will fill the conversation with cliches, and only after the other parties have left the room will they realize that they essentially talked about nothing at all during the entirety of the meeting. They’ll feel like a million bucks though while the charlatan is throwing one cliche after another at them with a smile on their face.
- Bat back: Rather than listening to others or engaging in bilateral conversation, charlatans are on the lookout for themselves. They are looking to “survive” the conversation without being exposed for who they really are. As such, the conversation becomes about “batting back” any points that are made, rather than internalizing what the other parties are saying and doing their part to add to the dialogue.
Even with careful and deliberate hiring, enterprise security teams will find themselves with a charlatan from time to time. When this happens, it can be a long and frustrating road until a critical mass of people catch on. During this time, trying to call the charlatan out will only cause people to think that you are the problem. A better approach is to be wise to the tactics of the charlatan and to ensure that you do not let those tactics throw you off your game. Eventually, the truth will come out, the charlatan will move on, and others in the enterprise will realize who the serious players were all along.
Related: Beyond Immature Rhetoric: The Case Against Mockery and Ambulance Chasing
Related: Should Cybersecurity Leadership Finally be Professionalized?
Joshua Goldfarb (Twitter: @ananalytical) is currently Field CISO at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.