Son Of Sun Tzu blog

Son Of Sun Tzu blog

They keep saying my audience will find me…

08 Aug 2022

How Can We Help Each Other?

How can we help each other?


What’s your preferred working situation - completely alone and self-driven? As half of a pair, as a leader or advisor in a group, or as a “cog” in a much larger hierarchy?

For me I believe I’m much better at working in a pair, or in a small team, rather than purely on my own, be it co-writing something, or brainstorming with a customer on a project or solution.

So in an effort to more actively seek out those opportunities, I’ve worked through how I could help you, how you could help me, and where I think we should think through projects or problems together.

If you’re interested in these please email ; thank you.

Three asks of you

1. Give me interesting and difficult problems

If you’re stuck on something, and are tired of the same answers from the same kind of people, or not even sure who to ask, then please get in touch for us to work out a meeting - and then I’d appreciate feedback on the answers I provide.

I’ve always been intrigued by wicked problems. As many of you know, I used to be a penetration tester, essentially someone who emulates a cyber criminal to forewarn an organisation about weaknesses in their computers or processes. My favourite work in that area were the Social Engineering tasks, where the goal was as vague as “get onto the target’s network”, and the means were any method that fell within the budget and timeframe without breaking the law. I always found that work more intriguing than the purely technical work, because there were so many options, the methods were “free form”, and there wasn’t much in established tools or doctrine.

What in your life feels too big for any one specialist to solve, and where I could provide a fresh viewpoint?

2. Would you ever use “adversarial analysis”? Have you used it?

I’ve always been strong at being a “Critical Friend”, finding issues or hidden assumptions in ideas or projects, but with the overall aim of helping the project - a “shift left” approach to solving problems quickly and cheaply by fixing them as early as possible. Put very simply, this is “adversarial analysis”, a method for analyzing a project, but from an adversarial point of view - either to find problems before they happen, or literally from the point of an adversary such as a criminal or business competitor.

But is there any kind of market for this approach? While I hear about “pre-mortems”, “scenario planning”, and similar approaches to “adversarial analysis”, these seem to be the domain of existing experts within the specific field - when having existing specialists within a project consider issues feels like it will limit the ideas to be considered. A book I recently finished, David Epstein’s Range, illustrates this well - how specialists can be limited in what they can conceive of. But would you counter-intuitively consider an outside source for this kind of approach?

Similarly project managers or entrepreneurs or investors can be superstitious about allowing negative thinking into a team, or may even put themselves at personal risk by doing so. Plausible deniability is useful from a career perspective, you can’t be blamed for taking and ignoring advice to mitigate risk on a project if you never received it. So while there is a business need, there’s no advantage to any individual to advocate for this?

On reading this are you intrigued by the “adversarial analysis” concept? I’m interested in what you think, public conversations on LinkedIn and Twitter are especially welcome.

3. What opportunities am I missing?

Looking at this late stage of my career, working for myself as a freelancer, I’ve got sufficient work by word of mouth. This is purely from friends and contacts saying to other people “you should discuss that with Nick”. But that’s not the best sales pipeline, and also does mean people recommend me on the basis of what I’ve done, rather than what I can do.

If you’re reading this we’ve probably worked together in the past, or know each other to some degree online or offline, where did you expect me to be now? What opportunities do you see that bring me to mind? What career options are you surprised I’ve not taken? All constructive feedback is welcome.

If you can answer any of those three asks listed above, please email ; thank you.

Three offers from me

1. Cyber security strategy advice.

I’ve worked in cyber security for around twenty five years, so at a high level I’m familiar with the concepts, strategies, vendor biases, and so on. And I’m familiar with the threats, as a penetration tester I’ve emulated them too.

I don’t believe many companies have a strategy, a thought through plan of what they’re going to do, what they’re prioritising and why, and most importantly, what indicators they’ll monitor to change that strategy.

I can help you answer anything from “what should my multinational company do over the next couple of years” to “cyber security is one of my five responsibilities, what are the easiest options for me to make the most impactful improvements” - I’m happy to work under implied or formal NDAs.

I’m also very conscious of how CISOs and similar security leaders are expected to have all the answers, while similarly having severe burnout rates, and with every source of advice apparently having an ulterior motive. If you want someone who understands the space you’re in, I can help.

2. Exercise or game design

I strongly believe that “gaming” or “playing through” a situation can help decision makers make better decisions. Anything from a formally designed game, to just an informal but rules based discussion, can help. As my work increasingly moves into this kind of design, I see two distinct benefits:

Firstly it means that the participants gain what Matt Caffrey calls “synthetic experience” - wouldn’t you rather face a situation having gamed it in some way twenty times before, rather than handling it without any previous experience?

Secondly there are all kinds of risks with experimenting in real world situations, but in a game you can try different techniques, different strategies, or you can turn the clock back and try a different option if it’s obvious you’ve made a mistake or learnt something important.

What can I design and/or run that will make a situation you keep facing be simpler for you to deal with in future?

3. Uncommon ideas and analogies.

My interests are relatively diverse and can be unusual - I was once kindly described as the only cyber security practitioner someone had met with an interest in both TRIZ and American Football, and the ability to see the connections between all three. Combine diverse interests with an innate ability to forget… and sometimes that means I miss the obvious, but sometimes it means I’ve forgotten the unjustified assumption everyone else uses, and I can take an idea where few others can.

Of course it feels ridiculous to state this out loud - but I’m reassured by having recently finished reading David Epstein’s book Range, and the requirement to obtain an “outside view”:

Our natural inclination to take the inside view can be defeated by following analogies to the “outside view.” The outside view probes for deep structural similarities to the current problem in different ones. The outside view is deeply counterintuitive because it requires a decision maker to ignore unique surface features of the current project, on which they are the expert, and instead look outside for structurally similar analogies. It requires a mindset switch from narrow to broad.”

Or, of course, informed commentary is welcome on whether I’m wrong, whether I’m right but no-one cares, or whether I’m right and people care but no-one will pay for it. Or to please the online algorithms, “at” me on social media about your nascent idea or startup or business model, and let’s see if we can either find a new way forward, or find new people who should see what you’re thinking.

If you’re interested in any of the offers below please contact me on and we’ll work out timing for a “chemistry call”, and determine how I can be useful to you.

Thank you kindly:

The initial idea was Sarah LeFevre’s, you can see her piece here: ; and I was inspired to do this by Rina Atienza’s version: .

You should work through their posts too.

And thank you to the members of Foster who provided feedback: John Lanza, JG, and Leo Ariel. If you’re a writer who wants to see the benefits of sources a variety of views on your work, I highly recommend looking at Foster as a solution.