Home  |  Sarah  |  Services  |  Blog  Contact

Friday, 02 Jan , 2015

The Mauve-ish Moo

Share this article

Is a 'cult of difference' letting us and our businesses down? The ‘something’, the one thing that captures imaginations, can become at once drug-like and a lead weight.

purple-cowIs a ‘cult of difference’ letting us and our businesses down?

Aireni Omerri recently published a post on LinkedIn entitled “To All The Purple Cows”. For anyone not familiar with the phrase (including – until a hasty web search – me), Seth Godin has made it synonymous with folk who stand out and succeed by being remarkable, or with folk who proclaim themselves to be remarkable and therefore worthy of success.
Now I have great respect for Aireni, she is one of the rare bodies in our industry squarely focused on people risk and she has done incredible work in Africa advancing the cause of information security, but I do sometimes struggle with our passion for difference. That may come as a surprise to some who read this blog. It has, after all, been praised for being a ‘fresh voice’ and when scanning the social mediaverse, what I put here does seem to fall between a few of the more vociferous and echo-chambery camps. So am I a purple cow?
I’m certainly not pulsatingly puce like Russell Brand, lethally lilac like Infosec Taylor Swift, or voraciously vibrant like the handily named Violet Blue. At best I’m probably a mauve-ish moo. Possibly because I’m not really a fan of difference for difference’s sake.
This isn’t a critique of the folk who hit the right groove and own it, it’s more about the cult of individuality that can push others to exhibitionist, egotistical and even dictatorial extremes. But differentiation is essential if you have (at base) fairly generic value in a crowded market. As a personal brand, you need public exposure to make a desired difference. Working hard to find that USP or (if very smart/lucky), USPs. The trouble is that the ‘something’, the one thing that captures imaginations, can become at once drug-like and a lead weight. When the formula has been distilled there’s a gravitational pull towards it, to the exclusion of almost all else. A pull I’ve felt and tried to resist (not always successfully).
If, as I would vehemently argue, purpleness is in the eye of the beholder, here’s a bit more about what makes me tick (I removed, then added, then removed this section from the LinkedIn version of the post. In the end I felt it belongs here, for the folk who venture as far as the blogging mothership. If it bores you to death have a look around. The me, me, me below is the exception not the rule for posts).

Why do I ‘put myself out there’?

I’m a product of a comedically balanced and middle-class upbringing. Folks stayed together, us two kids, university education, never poor, but never rich. Not a usual springboard for social separatism. There’s also the fact i was a fat kid (I’m a none too svelte adult too). No-one tries harder to fly under the radar than a fat kid…usually. tumblr_lmmd6nCACy1qzk1g7o1_500
I was a thorn in the stereotyper’s side, utterly refusing to accept that what I had to offer was somehow less valuable because of how I looked. It’s what started me writing – trying to make sense of it.
A few of the freer thinking kids broke ranks, but it was Judo that prompted the sea change. I excelled at it, it removed my reliance on school for a sense of self-worth and as a consequence I ran the social gauntlet on far more equal terms. The result is my solid belief in meritocracy, an abiding dislike of social game playing and a hatred of ignorant judgement.
I have applied the same beliefs to my career in the overwhelmingly male dominated worlds of IT and InfoSec. Always working on the premise that my gender and appearance made no difference if I was bringing valuable skills, experiences and insights to the table. Something, just over a year ago, I took a chance would work here too. So far it’s served me well.
Why am I laying my soul bare like this? To give you a sense of why I can’t help writing like I do and why I take the social and professional risk of writing as myself. Right now there’s no real end in sight apart from re-injecting some clarity for InfoSec and calling out good and bad practice in as non-biased a way as possible. That may not make me purple and cow-ish, but I kind of don’t care.
My small but growing following are a fantastic bunch. Even if my next follower is the last, I’ll still re-invest the huge amount I’m learning in giving folk the best info and analysis I can. So, I applaud individuals who use their charisma, skills and experience to make a positive difference in the world. I aspire, in my own small way, to do the same. But may I humbly suggest some caution. A cult of difference can (has?) become boring, off-putting and sometimes destructive.

Are you a self-proclaimed ‘Thought Leader’?

thought-leaderLeaving the Purple Cows to graze for a while, I had a similar conversation with Kai Roer, Wolfgang Goerlich and Jenny Radcliffe about the term ‘Thought Leader’.
I was bemoaning the growing number of people including it in their personal profiles on LinkedIn. As I said then and still believe, the accolade ‘Thought Leader’ (or if that’s already been spoiled for you, some other term for leading your field with original perspectives), is something you earn. It’s not a ‘fake it till you make it’ kind of thing.

Commercial lessons to learn?

There are also some transferable suggestions here for corporate bosses (security or otherwise). I don’t know of a single staff member who doesn’t dread the ‘new broom’ senior recruits so often come armed with. Sweeping away established practices and sending all kinds of babies flying with the discarded bathwater.
That’s not a universal truth, but the need to establish authority and make a mark can be viciously strong. It essentially creates a strategic blinker effect. After all, when one has been in the door for all of 5 minutes and one was recruited on the basis of being ‘remarkable’ (or Purple Cow-like) in the past, where is your go-to place? It’s not often a slow start spending a couple of months finding out what’s right with your new domain before going delivery crazy. The frequent upshot is quiet (and sometimes expensive) U-turns on a number of hastily made plans after getting a true feel for the specific capabilities and needs of a business.
We can’t blame all that on recruits. It’s partly the fault of impatient boards who want to see ROI for princely salaries as soon as humanly possible.
So, where was i going with this…..oh yeah, Purple Cows. We need them (and thought leaders), but can we also spare a thought for humility and personal growth please. What we all really crave and praise is confidence to be wholly and unashamedly all that we can be. That may be quietly demonstrated, or (in the bells, whistles, gifs and sound-bites world of t’interweb) it may be digitally screamed from the rooftops. If you can find a real one of those you are onto a winner…
…unless they’ve been lulled, cornered or ego massaged into becoming an inward looking parody of themselves. A static version of their perceived ‘best’ self, forgetting to constantly scan the horizon for inspiring new people and ideas. Without which no-one will be a cutting edge colourful bovine for long.

Opinion: Paying to play with our personal data – is it ok?

We’ve migrated from ‘Hot or Not?’ to being held virtually hostage by many of the digital platforms we rely on today. In the midst of that a new processing paradigm has emerged. Myriad startups want to pay to play with your personal data. Can this tackle on-going...

In AI we will blindly trust…

...and the architects, designers, data scientists, and developers will think we are nuts I've been driven back to the blog to talk about one very specific aspect of privacy, data protection and Artificial Intelligence (exchange for Machine Learning or Algorithms as...

Data Protection, Security, and the GDPR: Myths and misconceptions #2

Welcome back! This is a shamefully delayed sequel to my first instalment of security themed GDPR thoughts: Data Protection, Security, and the GDPR: A fraught and fuzzy relationship. Here I look back again over my pre-privacy IT and InfoSec career to spot things likely...

Where and to whom does the GDPR apply?

Yeah, I doubted my sanity going at this one too, but here I am, because working out whether or not the GDPR would apply in different practical and geographical circumstances is proving harder than it really should...for everyone. This regulation has been my almost...

GDPR – You’ve analysed the gaps, but can you close them?

  There is a critical gap for most firms: An inability to interpret and leverage gap analysis, data discovery, and mapping output to actually implement technical data processing change. This article is about the challenges most large firms are facing when trying...

GDPR – The Compliance Conundrum

There is one question related to the General Data Protection Regulation that will arguably cause more ulcers than any other: How much is enough? In some portions of the GDPR 'good' is straightforward. In many others we are asked to respect principles of fairness and...

Opinion: The role of automated data discovery in a GDPR programme

Do you have any online profiles or posts featuring those 4 magic characters: G D P R? If so, whether you are a business decision maker, IT body, security body, charity boss, employed data protection pro, or job seeking data protection pro (less and less likely), you...

When Business Culture Eats Cybersecurity For Breakfast – Part One

A four-part story of budget cuts, blamestorming, breaches and massive bumps in the road to mature security. Wild Speculation & IT Transformation Do you remember Nick Leeson? On February 23rd 1995 he sent a fax telling bosses at Barings Bank he was ill and wanted...

Cyber Insurers Dictating Cybersecurity Standards?

A run down of the key challenges with choosing and using cyber insurance called out in the last few months. It looks entirely possible you will have 'adequate' security dictated by your insurers, so it is your job to understand the risk based yardstick they're using...

There Is No Such Thing As Information Security Risk

Having worked in IT and Information Security for 13 years, I've come to the conclusion that there is no such thing as information security risk. There are just business risks that have one or more security or IT related causes. There is a fundamental and persistent...