I wanted to take a break from our regularly scheduled programming of technical content to make an article discussing career and life resiliency.

One of the first concepts we get introduced to our in our cybersecurity careers is that of the Confidentiality, Integrity and Availability Triad, often called the “CIA Triad”.

In short, it emphasizes the key focus in cybersecurity is protecting the Confidentiality, Integrity and Availability of systems and data.

As the cybersecurity and more broadly, the digital landscape has evolved it has become much more dynamic.

Sounil Yu, one of the most respected thought leaders in Cybersecurity several years ago been advocating for what he dubbed the “D.I.E. Triad” - standing for Distributed, Immutable and Ephemeral.

(Sounil is also the Author of the “Cyber Defense Matrix”, an amazing model and book for rationalizing your cyber program and portfolio of vendors, tools and capabilities. I wrote a comprehensive article on the Cyber Defense Matrix in the past you can find here)

The concept is a nod to the dynamic and ephemeral nature of modern systems and architectures, underpinned by technologies such as Cloud, Kubernetes and Containers.

Sounil has delivered several talks advocating the merits of embracing the D.I.E. Triad, and in the image about you can see it involved making systems more resilient.

However, perhaps due to living and breathing cybersecurity on a daily basis, I started realizing this mental model applies much more broadly to our life and being resilient in our careers as well.

2023 was one of the more volatile years on record for venture funding in cyber, layoffs, economic headwinds and more.

Perhaps embracing the D.I.E. Triad is a great way to ensure you remain professionally (and personally) resilient, much like the systems and data we all seek to protect.

Distributed

It’s often quipped “it’s not what you know, it’s who you know”.

I’ve grown to realize in our careers, it is actually much more accurate to say “it’s not who you know, but who knows you”.

This means it is critical for your career resiliency to ensure you have established a “personal brand”, or put in a less cringy social media context, you have established a robust distributed network of practitioners and professionals who you know, your area(s) of expertise, passion, work ethic and commitment to delivering outcomes.

This comes in handy whether you run into layoffs, reductions, or stagnation in a current role and find yourself seeking a new opportunity, either voluntarily or involuntary/unplanned.

If you had remained “Confidential”, or siloed to your specific organization and closest circle of peers, you would have a significantly harder time finding other desirable roles and opportunities and finding a “soft landing” from a layoff or other unfortunate circumstance.

Unlike our codified modern infrastructure, this isn’t something that can happen with the press of a button or execution of an Infrastructure-as-Code (IaC) script.

Building this distributed network of peers you can rely on, and who are familiar with you and what you bring to the table requires persistent discipline and diligence. It requires regularly publishing your thoughts and expertise, either verbally, in audio form or visually. It requires writing, speaking, engaging and putting yourself out there and demonstrate what you’re learning, how you’re learning, where your passions lie and ultimately your utility and value as a professional.

There’s a Chinese proverb that says:

So, get out there, and start building that distributed network of peers who know you.

Immutable

Immutable in the context of cyber from Sounil’s model means “changes are easier to detect and reverse”.

This means unauthorized changes stand out and can be reverted to a known good state. Think of Containers and IaC, and the shift from pets to cattle.

In the career context, there are many things that will be far from immutable. Technologies change, new methodologies get introduced, ways of working evolve.

We’ve seen this with the evolution from Mainframes, PC’s, Endpoints, Virtualized Infrastructure, Cloud and now AI. (You’ll see why this is relevant in Ephemeral as well).

That said, while the technologies and methodologies change, some things in your career and how you conduct yourself professionally and personally must remain immutable.

The true definition of Immutable is:

What are some of those things about you personally and professionally that must be immutable to have career resiliency?

Your work ethic, your determination, discipline, commitment and resolve.

Technologies and methodologies will come and go, you’ll inevitably have various roles with various organizations, different peers, bosses and customers.

That said, if you want to have a resilient career, your commitment to first principles as mentioned above must be immutable, immovable and unbreakable, no matter the circumstances.

For a good example, see OpenSSF’s Omkhar Arasaratnam.

Omkhar recently made a post on LinkedIn about waking up January 20th 2023 and finding out for the first time in his very accomplished and successful career, he had been laid off.

Omkhar could of crumbled, panicked and thrown his hands up.

Instead, he utilized his Distributed network (remember the first pillar of the triad), and his immutable commitment to professional and personal excellence to pivot to a new role, ultimately landing an amazing opportunity to serve as the General Manager of OpenSSF, all at a time when software supply chain and open source security we’re becoming massive industry focus areas - talk about timing!

Another excellent example is Vulnerability Researcher and visualization expert Patrick Garrity, who recently shared he also found himself in search of his next role. Rather than throwing his hans up in dismay, Patrick quickly engaged his network, highlighted his robust portfolio of accomplishments, talent and commitment, and now finds himself likely with several promising opportunities to pursue for his next role.

In both cases, the individuals employer and role changed but the defining characteristics that made them successful so far, and will continue to make them successful remained immutable.

So remember, many things in tech and cyber evolve and change but don’t let your discipline, work ethic, attitude and aptitude be among them, and much like the Distributed pillar, it takes constant work.

Ephemeral

This brings us to the final pillar of the D.I.E Triad, which is ephemeral.

Ephemeral in Sounil’s D.I.E. model involves making attackers persistence hard and reducing the concern for assets at risk.

More specifically, ephemeral is defined as:

Other words with similar meanings involve transient, fleeting, passing and short-lived.

Again, similarly to our discussion about Immutable, your domain specific knowledge, especially on the technology specific front is just that, fleeting.

As technologies evolve, your niche expertise around Kubernetes Ingress, or a specific version of Windows/VMware/Cloud Service are all short-lived.

Products change, software evolves, versions iterate, configurations change and the list goes on.

While it is crucial to develop domain technology specific expertise to pursue specific roles and opportunities, this domain technology specific knowledge doesn’t take the place of the key characteristics we have discussed above, such as work ethic, discipline, consistency and commitment.

Agile Methodology - You’re the Product

There’s a certain irony to the fact that in a career field of software and cyber where the agile methodology reigns supreme, and has been the dominant methodology embraced over the past decade+ that we don’t adopt this same approach in our careers and life.

In short, agile is a methodology used for products, services and systems that involves sprints, iterations and continuous improvements.

Yet when we look at our personal and professional lives we’re often so reluctant or begrudgingly willing to adopt the same agile methodology.

Worse, we don’t recognize that we’re the the most important product we will ever work on.

We’re a continuous work in progress, that requires iteration, MVP’s and pivoting.

Personally, so many of us just concede “I’m not an X person” (could be things such as being a morning person, public speaker, extrovert, writer, technical, fit/healthy and the list goes on).

The harsh truth is, this is a decision you are making, and accepting, rather than being willing to do the hard work of iterating and continuously improving on our weaknesses and doubling down on our strengths.

You have to be willing to accept that much like “software is never done”, you’re never done either.

We’re all a constant work in progress, and much like in Agile and User Centered Design, we should be engaging the stakeholders around us, both personally and professionally, seeking feedback so we ensure we have a multi-disciplined perspective on where we can be improving, and where we’re doing well.

The things you’re focusing on, learning, specializing in, and the roles you are positioning yourself for should all be Agile, and ever-evolving to keep pace with the digital landscape, relevant technologies, threats and skills and competencies demanded.

Doing so allows us to be a more competent, capable and valuable professional and individual.

If you want a resilient career, you need to embrace the D.I.E. and Agile concepts discussed above and apply them to your career and life.