Insights For Success

Strategy, Innovation, Leadership and Security

Strategy

Achieving Work-Life Integration: Tips, Tricks, and Strategies for Managing the Blurred Boundaries

GeneralEdward Kiledjian

Due to the blurring of boundaries between work and personal life caused by technology and the rise of remote work, the concept of work-life balance has been replaced by the concept of work-life integration. Achieving a work-life balance in the past meant striking a balance between the time and energy spent on work and personal life to avoid burnout and enhance well-being. However, with the proliferation of smartphones, laptops, and remote work, it has become increasingly difficult to separate work from personal life, causing a shift toward work-life integration.

The concept of work-life integration refers to the integration of work and personal lives in a sustainable way that promotes well-being. It recognizes that work and personal life are intertwined and cannot always be separated. The focus is not on balancing work and personal life but maximizing the overlap.

Setting boundaries, creating a schedule, and finding ways to disconnect are some tips and tricks employees can use in the new work-life integration model. You should set boundaries regarding when and how work should be performed and communicate them with your employer and colleagues. It is vital to develop a schedule that includes time for work, personal life, and rest to ensure you balance all aspects of your life. Finding ways to disconnect from work, such as turning off notifications, is also important to achieve a better work-life balance.

Work-life integration is associated with positive outcomes for employees, such as improved well-being and job satisfaction. In a study published in the Journal of Occupational Health Psychology, it was found that individuals who reported higher levels of work-life integration reported higher levels of psychological well-being and job satisfaction than those who reported lower levels (Kossek et al., 2011). In addition, a study published in the Journal of Applied Psychology found that work-life integration was positively associated with employee well-being and negatively associated with employee burnout (Allen et al., 2014).

In a study published in the Journal of Occupational Health Psychology, work-life integration was positively associated with job satisfaction and negatively associated with turnover intentions (Kossek & Ozeki, 1998). In a study published in the Journal of Vocational Behavior, Greenhaus & Powell (2006) found that work-life integration was positively associated with psychological well-being, job satisfaction, and organizational commitment.

The integration of work and life has also been shown to have positive effects on organizations. For example, according to a study published in the Journal of Applied Psychology, work-life integration was positively associated with organizational citizenship behaviour and negatively associated with turnover (Allen et al., 2014).

However, it is important to note that research also suggests that work-life integration can lead to adverse outcomes, including work-family conflict, burnout, and stress, if not properly managed. The Journal of Occupational Health Psychology found that work-life integration may lead to work-family conflict and burnout if employees cannot set boundaries and disconnect from work (Grzywacz & Carlson, 2007).

5 Tips

  1. Take care of your physical and mental well-being by getting enough sleep, eating a healthy diet, and exercising regularly. As a result, you will be able better to manage the demands of your work and personal life.

  2. Communicate effectively with your employer and colleagues about your work-life integration needs and expectations. As a result, you will be able to set boundaries and find effective ways to work together.

  3. Technology can be a double-edged sword in integrating work and life. Organize your time and stay organized by using tools such as calendar apps and project management software.

  4. If you need assistance, do not hesitate to ask for help. You can manage your work and personal lives more effectively by delegating tasks, finding a mentor, or speaking with a therapist.

  5. Work-life integration can be unpredictable, so it is vital to be adaptable and flexible. It is essential to be open to trying new things and experimenting with different ways of working to find what works best for you.

Conclusion

Although work-life integration has been linked to positive outcomes for employees and organizations, individuals and organizations must find ways to effectively manage and maximize the overlap between work and personal lives. This can be accomplished by setting boundaries, creating a schedule, allowing time for disconnecting and providing the necessary support and flexibility in the workplace.

References:

  • Kossek, E. E., Lautsch, B. A., & Eaton, S. C. (2011). Work-life integration: An examination of conceptualization, research, and practice through the lens of business travel. Journal of Occupational Health Psychology, 16(2), 230–250. 

  • Allen, T. D., Herst, D. E., Bruck, C. S., & Sutton, M. (2014). Consequences associated with work-to-familyenrichment and spillover. Journal of Applied Psychology, 99(6), 1401–1416. 

  • Kossek, E. E., & Ozeki, C. (1998). Work-family conflict, policies, and the job-life satisfaction relationship: A review and directions for organizational behavior-human resources research. Journal of Applied Psychology, 83(2), 139–149. 

  • Greenhaus, J. H., & Powell, G. N. (2006). When work and family are allies: A theory of work-family enrichment. Academy of Management Review, 31(1), 72–92. 

  • Grzywacz, J. G., & Carlson, D. S. (2007). Reconceptualizing the work-family interface: An ecological perspective on the correlates of positive and negative spillover between work and family. Journal of Occupational Health Psychology, 12(2), 167–178. 

Keywords: Work-Life Balance, Work-Life Integration, Tips, Tricks, Strategies, Managing, Blurred Boundaries, Burnout, Well-being, Remote work, Boundaries, Schedule, Disconnect, Self-care, Communication, Technology, Support, Flexibility, Prioritize.

What is an OODA Loop?

GeneralEdward Kiledjian

The OODA loop is a decision-making process developed by military strategist and the United States Air Force Colonel John Boyd. The letters in the acronym stand for Observe, Orient, Decide, and Act.

The basic idea of the OODA loop is that to be successful in any situation; you must first observe the situation and gather information about it. Once you have gathered this information, you must orient yourself to the situation, understanding what is happening and why. With this understanding, you can then decide what to do next. Finally, you must take action based on your decision.

The OODA loop is a powerful tool because it helps you to make decisions quickly and efficiently. It is especially useful in situations where there is a lot of information to process, and you need to make a decision quickly.

The OODA loop can be applied to any situation, but it is particularly useful in situations with uncertainty or ambiguity. For example, it can be used in business decision-making, military strategy, or personal decision-making.

The OODA loop is a core part of the US Air Force's combat operations. The Air Force uses the OODA loop to help pilots make decisions quickly and efficiently in the heat of battle.

The Air Force also uses the OODA loop to train its pilots. By teaching pilots how to use the OODA loop, the Air Force can ensure that its pilots can make quick and effective decisions in combat situations.

What are some other applications of the OODA loop?

The OODA loop can be applied to any situation with ambiguity or uncertainty. Some other examples of situations where the OODA loop may be useful include:

  • Business decision-making

  • Military strategy

  • Personal decision-making

The OODA Loop Process

  • The first step in the OODA loop is to observe the situation. This means paying attention to what is happening and gathering information about the situation. Gathering as much information as possible to orient yourself correctly in the next step is important.

  • The second step is to orient yourself to the situation. This means understanding what is happening and why. It is important to have a good understanding of the situation before deciding what to do next.

  • The third step is to decide what to do next. This step is where you will use the information you gathered in the first two steps to decide what action to take.

  • The fourth and final step is to take action. This step is where you will take the action you decided on in the previous step.

It is important to note that the OODA loop is not a linear process. You may find yourself going back to previous steps in the loop as new information arises or as you rethink your decision. The important thing is to be flexible and adaptable in your thinking to make the best decisions possible.

What are some benefits of using the OODA loop?

There are many benefits to using the OODA loop. Some of these benefits include:

  • Quick decision-making: The OODA loop helps you to make decisions quickly and efficiently.

  • Improved situational awareness: The OODA loop helps you gather more information about a situation to orient yourself more accurately.

  • Better decision-making: The OODA loop forces you to think through a situation before making a decision. This leads to better decisions overall.

What are some drawbacks of using the OODA loop?

There are some potential drawbacks to using the OODA loop. Some of these drawbacks include:

  • Overthinking: The OODA loop can lead to overthinking a situation if you get stuck in the cycle of observing, orienting, and deciding.

  • Tunnel vision: The OODA loop can also lead to tunnel vision if you focus too much on one situation aspect.

  • Missing important information: The OODA loop can also cause you to miss important information if you move too quickly through the steps.

Despite these potential drawbacks, the OODA loop is still a powerful tool that can be useful in many different situations.

Keywords:

OODA Loop, US Air Force, Combat operations, Quick decision making, Military strategy, Business decision making, Personal decision making, Orienting, Deciding, Taking action, Flexibility, Adaptability, Situational awareness, Overthinking, Tunnel vision, Missing information, Powerful tool

Your cloud provider is making you a target

GeneralEdward Kiledjian

Phishing is a powerful and effective tool and a favorite in the threat actor arsenal. So what happens when your cloud provider gives threat actors a roadmap to steal from you?

A couple of weeks ago, Workday sent a security advisory to its customers regarding a phishing campaign targeting its customers. Although details of the attack campaign are light, here is what I believe is happening based on discussions on various darknet forums.

What was the Workday phishing attack model?

First, none of this is a weakness or vulnerability in Workday or any of its systems or processes. The threat actors send an email to employees, pretending to originate from a high ranking executive (CFO, CEO, SVP HR, etc.) and are asking, asking them to log into "Workday" to fix an issue. This fake Workday site harvests the credentials which then allow the threat actors to log in and change direct deposit accounts for employees thus stealing money. 

Based on reports I have seen, these emails are professionally written (so they do not contain the telltale signs of being a scam) and are currently not being caught by many large spam filtering services.

How did Workday facilitate this attack?

Like many SAAS and cloud service providers, Workday proudly displays a ling list of satisfied customers on its webpage. This marketing list basically becomes an attack plan for these threat actors by knowing exactly which customer to target with which SAAS provider name and which attach to use. 

Security is a balancing act. It always has been and always will be. Ultimate security means severely reduced usability and no marketing. More marketing and usability means less security.
 

Security is a balancing act

Marketing is tasked with growing the business and nothing helps more than social proof (aka showing others that have made the same decision you are thinking about). The fact Workday marketing is publishing hundreds of customer names on its website is aligned with their objective of supporting business growth. After all, why should marketing avoid using all of the tools available to it just to protect the business from some attack that may or may not occur?

Even if marketing hadn’t published an exhaustive list, they probably would publish a press release when a new big-name customer was signed. This means a determine attacker could build his own list of high-value targets. Right?

As an example, they published this press released in April entitled “Workday Continues Momentum in Canada.” This wonderful piece of marketing includes this section:

To be clear, this is not a Workday issue but a generalized cloud services provider issue. As an example, a service provider called CVM solutions has a customer search on its webpage:

 

Where does marketing end and security start? 

Stop making it easy

In addition to publishing a customer list, most Software As A Service (SAAS) companies publish a custom login page for each customer (which is usually pretty easy to find).

In Workday's case, you go here

Enter the customer name of a customer and find their login page

Again this is a common practice by many large SAAS providers. Even a giant like Microsoft does this for their Office 365 in the cloud offering. I searched the web for Microsoft Office 365 success stories and stumbled on blog post. 

So I know the American Cancer Society uses Office 365. I then need an email address to plug into the portal page so Microsoft switches me to their customized Office 365 login portal. In this case, I chose to use a service called Jigsaw.com (from Salesforce.com) and found the email address of their CEO.

Keep in mind that finding email addresses is easy. There are billions of them on the web. There are dozens of hacked site database dumps every week. This is trivial but I chose Data.com just to show it visually here.

You then are sent to the appropriate login page for authentication.

If you are a threat actor, you scrape this page, register a close-looking URL and then target all of the users of Cancer.org you can find (remember there are huge lists everywhere on the web and darknet if you know where to look).

Let's be real

Marketing is a business necessity and every company has an obligation to maximize its top line by leveraging everything it legally can. As a potential customer, I love hearing about other customers that have already chosen the product I am evaluating and learning how they leveraged it to improve their operations (Social Proof - Social Influence). If a vendor tells me that one of my main competitors chose their product and that it is contributing to their success, I really want to know more. How can I leverage their tool too?

If I am a threat actor and determined to phish a particular company, there are other means for me to collect the data I need. A popular technique is called Open Source Intelligence (OSINT for short) and the folks at Rapid7 provide a nice example here

Using OSINT techniques, they provide a list of customers that include SAAS providers in their publicly available SPF records.

So the question is how easy to we want to make it for threat actors? OSINT is intelligence gathered from public legal sources but it still requires a more sophisticated attacker. Publishing a list of customers on your website means even the most garden variety kiddy "attacker" can easily target your customer.

I've spent half my career on the consulting and services provider side and understand the hugely powerful tool of social proof. If I tell a small shop owner other small shops (like his/hers) are using a tool and have found it immensely useful, that is a huge motivator. People love seeing others like them making the same decisions. It validates their choices. 

The company I work for recently conducted product reviews for various security tools, and  having spoken to another large multinational customer was one of the reasons we chose that product. It validated our findings and also showed others (like us) made the same conclusions.

There is no real answer

I'm going to disappoint you and say there is no magical silver bullet . Obviously user awareness is critical, since most often, the human firewall is what will allow or prevent an attack. 

Companies have and will continue using customer names to convince the next prospect to jump on-board. Threat actors will always continue to be create and find news ways to do bad things to good companies.

I believe the only solution is to ensure marketing and security are talking regularly and openly about strategy and impact. It is only through tight collaboration built on mutual respect and trust, that companies can decide what the right balance is between public disclosure and security.

To a hammer, everything looks like a nail. To a security professional, everything looks like a security vulnerability, but it is important to remember that sales is the only reason you are around. Our job as security professionals, is to provide enough security to protect our customers and support our business objectives. 

9 most important questions to determine if a project is worthwhile

GeneralEdward Kiledjian

George H Heilmeier was a DARPA director and developed 9 questions to help the agency determine the worthiness of project being submitted to it for funding. These 9 powerful questions as referred to as the "Heilmeier Catechism" and have become a core operating paradigm for DARPA [Defense Advance Research Projects Activity] And IARPA [Intelligence Advance Research Project Activity].

These questions are so powerful, they are used in the business world day in and day out. I first learned about these questions while having lunch with a VC in San Francisco. He explained that many of his peers also use these questions when determining the funding worthiness of a proposal.

There have been variations to the questions but I recommended sticking with the original 9:

  1. What are you trying to do? Articulate your objectives using absolutely no jargon.  What is the problem?  Why is it hard?
  2. How is it done today, and what are the limits of current practice?
  3. What's new in your approach and why do you think it will be successful?
  4. Who cares?
  5. If you're successful, what difference will it make?   What impact will success have?  How will it be measured?
  6. What are the risks and the payoffs?
  7. How much will it cost?
  8. How long will it take?
  9. What are the midterm and final "exams" to check for success?  How will progress be measured?

This is a variation on the journalists who, what, where, when, why and how strategy. Obviously answering these questions will not change the world or guarantee the success of a project. They will greatly reduce the risks you take by ensuring the key concepts are thought off and understood

The dangers of using that Facebook personality game

GeneralEdward Kiledjian

Image by Ludovic Bertron used under Creative Commons License

Tends to find fault with others o these questions look familiar?

  • Tends to find fault with others
  • Is relaxed, handles stress well
  • Is emotionally stable, not easily upset
  • Is easily distracted
  • etc

A large percentage of Facebook users have played with these "personality analysis" games at least once in their life (some do them regularly). Why not? It's a fun way of finding out if a "test" will evaluate you the same way you evaluate yourself... right? WRONG!

These online games and questionnaires are known as the OCEAN test and rate you against 5 psychological traits:

  1. Openness
  2. Conscientiousness
  3. Extraversion
  4. Agreeableness
  5. Neuroticism

What may seem like a fun way to spend a few minutes and then boast to your friends about the results may be a firm performing deep psychometric analysis of you. 

We believe companies like Cambridge Analytica have been using these Facebook games as a toolkit to build psychological profiles representing millions of users worldwide. 

The company claimed it had data on around 230 million adults in the USA and approximately 4000 “data points” on every one of them, including gym and club memberships, charity donations, and card transactions.
— First Post, https://goo.gl/SxG5dK

They collect this incredible treasure trove of data by creating enticing Facebook games and questionnaires. Usually they provide a quick peak at your OCEAN score summary but then using Facebook tools, they can associate that psychological snapshot with your Facebook profile and real name. This link to your online/offline self is what makes this practice controversial and the term used to describe it is onboarding.

Cambridge Analytica has said they have 3000-5000 data points for each of the 230 million psychological profiles they track. These data points may include age, income, debt, hobbies, criminality, purchase history, religious/secular beliefs,etc.

The pedigree

Cambridge Analytica is a spin-off of British firm SCL (Strategic Communication Laboratories  https://goo.gl/iuh9gz) which is known tp have performed PsyOps (Psychological Operations) counter-terrorism in war torn countries like Afghanistan.

The Trump efffect

During the last hotly contested US election, the media repeated a fact over and over "that the trump campaign wasn't using traditional media advertising". The media was right. Instead of traditional macro targeting, Trump turned to Cambirge Analytica (first used by his adversary Cruz) to win voters or dissuade voters of his opposition.

When you bake a good cake it’s the sum of the ingredients ... it’s actually flour, and eggs, and ginger, and everything else. And that’s what we’re looking at,[...]
— Alexander Nix, CEO Cambridge Analytica to NBC News - https://goo.gl/uqs0GA

The real problem lies with lax privacy laws implemented in the US. In Europe, most countries have strict data protection and privacy laws severely limiting the second or third hand use of personal data about their citizens. The US has no such protection for its population which means data brokers can access a treasure trove of (often) very private and personal data about its targets. This is how true, powerful and proven micro-targeting is implemented at its best.

Facebook is doing very well. They successfully moved to mobile and their increased profitability from advertising shows it. They are sticky now with 1.71 billion monthly active users. Stickiness doesn't tell the true story. The question is how much was each user worth to Facebook? 

  • A global user generates $3.82 a user per year (up from $2.76 a year ago)
  • A USA user generates $14.34 a user per year (up from $9.30)

The power of Facebook advertising isn't so much the reach but the micro-segmentation it makes available is. This micro-segmentation is possible because facebook knows who you are, where you live/work, who your friends are, what you like/dislike, how much you make and much more. I wrote an article entitled Facebook knows more about you than you realize

What are dark posts?

To continue the discussion, we need to talk about something called Dark Posts or Dark Ads. In simple term, they are posts using news feed style layouts visible in your feed but not actually posted in it. Confused yet? Because they aren't traditional advertising posts cluttering up your newsfeed, you are less likely to "hide" the advertising which otherwise would look like spam. Imagine how powerful this becomes for companies performing A/B testing.  They could run multiple ads against the same person in one day without looking like SPAM.

Think of these as special newsfeed items seen only by the person being targeted, all the wile looking like "normal" posts (not jumping out as advertising) and being temporary. 

Let's make the cake

So take the power of Cambridge Analytica and merge it with the hidden advertising of Facebook dark posts and this is (we believe) what allowed Trump's digital marketing team to serve the right ad to the right voter at the right time. 

A good example is the divisive issue of gun ownership. A gun owner profiled to be anti-establishment could be shown ads about how the opposition wants to weaken the USA by taking guns away (the national anthem playing in the back with a flag waving in the wind). A gun owner with strong religious family values could be shown a pleasant message about how father and son could bond over hunting, alone in the wilderness [but that the opposition would make guns illegal and take this beautiful bonding opportunity away].

Dark ads with good psychological profiles can also be used to create apathy and encourage some opponent voters not to turn out therefore reducing the power of the opponent. Trump created anti Hillary ads pushing out negative messages (Hillary claimed to carry hot sauce with her (link))

Conclusion

What may seem as a simple and fun way to spend 5 minutes could allow a company, well funded group or government to psychologically manipulate you without you ever becoming consciously aware. 

I hope that by sharing this blog article, you will be a little more careful and a lot more distrustful about what you see on Facebook.