The Parable of the Oranges is a powerful metaphor for leadership and teamwork, and it can be especially relevant to those working in information technology and cybersecurity. The story goes like this:
An ambitious man who has been with a company for years is passed over for a promotion by a person with only a few months experience. Angry, the man went to his director to find out why. Instead, the manager asked the ambitious employee to go buy some oranges for his wife. The man returned a little while later with a bag of oranges.
“What kind of oranges are they?” The boss asked. “I don’t know,” the employee answered. “How much did they cost?” The boss asked. Still the employee didn’t remember, “Here’s your change” he said, giving the boss what he had left in his pocket.
“Now, watch closely,” the boss said and called the new employee who had just been promoted into the office. “Can you buy some oranges for my wife?” the boss asked. After a few hours the employee came back into the office without any oranges. When the boss asked what kind of oranges he had bought and where they were, the new employee said there were too many varieties, so he called the boss’ wife to ask what kind she wanted, what she needed them for, and how many she needed. She was making fresh squeezed juice for a party, so he bought them and delivered them to the house before the party.”
While this story feels a little dated, especially since in the modern workplace we don’t ask employees to run personal errands, this parable teaches us about the importance of attention to detail within a team. When one member merely does what is asked without understanding why, it can have serious consequences for everyone. In the context of information technology and cybersecurity, this means that it is crucial for team members to be able to rely on each other to follow best practices and adhere to established protocols.
One way to foster a culture of trust and accountability is through the use of Zero Trust teams. These teams operate on the principle of “assume breach,” meaning that they assume that there is always the potential for a security breach to occur. This mindset allows them to take proactive measures to secure networks and prevent attacks, rather than relying on reactive measures after the fact.
In a Zero Trust team, every member is responsible for their own actions and is held accountable for their contribution to the team’s success. This means that team members must be proactive in identifying and addressing potential security vulnerabilities, rather than waiting for someone else to do it for them. It also means that team members must be willing to speak up if they see something that could potentially compromise the security of the network.
Zero Trust means taking the extra time to harden servers or to create a hardened server image to build new servers from. It means limiting access to servers by only allowing them access to talk to the handful of other servers they need to communicate with rather than every server in the data center or any IP address in the world. It means finding your blindspots by asking questions rather than just doing the bare minimum of what was asked and letting someone else take responsibility for the big picture.
By adopting a Zero Trust mindset, teams can create a culture of trust and accountability that is essential for effective network security. This can help to ensure that everyone is working towards the same goal of protecting the network and preventing breaches, rather than operating in silos or trying to cut corners.
The example in the parable of the oranges helps show us that there is a big picture and although we’re all busy with our day to day work, we save time in the long run by pursuing excellence in every small task that we take on. The corporate motto in my book, Project Zero Trust was that “every step matters”, because even the small steps we take can help us to take the next one, which enables the one after that.