Our company takes security seriously.
So we did a surprise phishing test.
We sent everyone an email titled:
“CONFIDENTIAL: Layoff List Attached. DO NOT SHARE.”
If they clicked the link, it was marked as a failure.
At the end of the week, we downloaded the results.
We fired everyone who didn’t click.
If you see the words “Layoff List” and don’t want to know, you clearly lack hunger.
Those who click?
We cut their salary by 15%
Never compromise company's security.
Last week our CISO asked me to present on “zero trust architecture.”
I don’t know what that means.
I make $340,000 a year.
I haven’t touched a firewall since Obama’s first term.
But I have a CISSP.
I passed by memorizing acronyms.
I still don’t know what half of them stand for.
I opened my presentation with “assume breach.”
Everyone nodded gravely.
I said “defense in depth” three times.
The board was captivated.
Then a junior analyst raised her hand.
She asked how we’d implement microsegmentation.
I felt a cold sweat.
I said, “Great question. Let’s take that offline.”
She persisted.
I said we should “leverage AI-driven solutions.”
She asked which ones.
I said, “The cloud-native ones.”
She looked confused.
I told her confusion was natural.
I said, “Security is a journey, not a destination.”
The CEO started clapping.
I don’t know why.
But others joined in.
The analyst stopped asking questions.
I ended with “security is everyone’s responsibility.”
This meant it was no one’s responsibility.
Especially not mine.
We got breached two weeks later.
I blamed the analyst for “creating a culture of doubt.”
She got put on a PIP.
I got promoted to VP.
Resilience isn’t about preventing failure.
It’s about surviving it.
Preferably while others don’t.