Bringing Zen into Cybersecurity

Lance James (Founder and CEO at Unit 221b) is an infosec specialist with more than 25 years in the field. His company performs investigations and counterintelligence operations for both the private and public sector, offering a discreet, sophisticated service – with specialisations including forensics, law enforcement, cryptography, and more.

With a fresh approach to security and leadership, James is also a sought-after thought leader in cybersecurity. We asked him about how he integrates Zen principles into leadership, and what he loves most about his job.

Here’s what he told us.

Could you share your career journey so far?

“From a young age, I was always captivated by computers and had a natural curiosity to explore their capabilities. At the age of eight, my parents introduced me to the Apple IIe, a device that required programming knowledge to fully utilise beyond its basic functions. As a child with a vivid imagination and a penchant for detective and spy stories, I stumbled upon an exciting realisation while perusing the Apple IIe manual on x and y plotting (drawing and movement) – I could transform the joystick into a combination lock for safeguarding my games.

“This discovery, coupled with mischievous tendencies, led me to indulge in playful pranks like transforming a toy walkie-talkie into an FM radio station and toying with people's phone lines during my teenage years.

“As I reached the age of 18 or 19, my enthusiasm for computers had grown immensely, propelling me towards a career in the computer industry. Serendipitously, my journey took flight when someone from San Diego flew me down after hearing my music abilities, which I had diligently honed since the age of five. It was during a casual moment, while getting some air outside of my hotel, that I overheard a conversation about the need for a Linux expert. Recalling that I had requested the Linux Unleashed 2.0 book as a Christmas gift from my parents and used Linux as my main operating system, I mustered the courage to claim proficiency in Linux. Surprisingly, the company offered me a job the very next day, marking the beginning of my fruitful journey in the computer industry. Since then, the rest is history!”

You use Zen principles in your approach to leadership – could you tell us about that?

“So you may know Shunryu Suzuki, the Zen teacher who brought Zen to the west. He authored a book called Zen Mind, Beginner’s Mind, which primarily focuses on meditation but also offers an outlook on life. This book has had such a profound impact on me that I even have the Japanese Kanji for ‘Shoshinsha’ (beginner) tattooed on my left inside arm. The core principle of approaching everything as if it's our first time, even if we've done it a thousand times before, resonates deeply with me. It reminds us to always be fully present, open to new opportunities, and eager to learn.

“Unfortunately, our industry often suffers from imposter syndrome, where individuals feel like frauds or believe they aren't good enough. This issue arises from constant comparisons to others, which the hacker community and hierarchical tech environments inadvertently reinforce due to their achievement-based structures. On the flip side, the process of immersing oneself in the flow and engaging in hacking (in the sense of tinkering or discovering) creates a state of joy and childlike wonder, as it is a constant journey of learning.

“To me, Zen is about mastering oneself, whether in a leadership role or as an individual contributor, as it entails leading one's own life. Great leaders also create more leaders. I embrace Zen for various reasons, but the primary one is that it allows me to see the world as it truly is, to be present in everyday moments, and to live a life filled with compassion. These qualities also happen to be effective for leadership, and I firmly believe that Zen and leadership are inseparable, just like Zen and living.”

How important are relationships to effective security – and how do you work to build functional, positive relationships with clients/colleagues/employees?

“In my humble opinion, relationships play a crucial role in anything involving logistical flow and coordination. What I mean by this is that the root cause of security problems does not primarily lie with computers, but with people. Computers are merely tools that carry out their designated tasks efficiently.

“As the CEO of a rapidly growing cybersecurity firm, I have made it a priority to cultivate a positive organisational culture. This question is particularly relevant to me because it all starts with self-reflection.

“Am I functioning effectively and maintaining a positive mindset? Am I leading by example? If not, I can't pretend, so I make sure to embody these qualities.

“As CEO, my daily routine includes waking up early, meditating, exercising, enjoying a cup of tea, setting goals for the day, assessing my emotional state, determining my approach, and expressing gratitude for at least three things. These are the most important routines for myself as a person, and as the CEO. They do not separate. Through my studies, I've learned that practising self-compassion and self-love is the foundation for fostering positivity, functionality, and relatability. Once that foundation is built, it's difficult to articulate, but it seems to attract like-minded, compassionate, focused, and talented individuals, like a flow.

“Has it been perfect? No. We have our disagreements, but we also know how to apologise, learn from our mistakes, and strive for improvement the next day. Recognising that we are all beginners, learners, and humans, true compassion requires embracing both our accomplishments and our shortcomings.

“To answer your question more succinctly, rather than adhering to a hierarchical structure with top-down organisational flows, I prefer to think of it as planting a tree (metaphorically speaking). The visionary/co-founder plants the seed of their vision for their organisation, and the tree grows, branch by branch.

“Each member of the organisation becomes an essential part of the tree's growth and success. Responsibilities are shared. By nurturing the seed with love instead of money and power, we can still solve significant problems and generate profits, but we will also create a fantastic work environment where people embody and practise the same compassion they observe within the organisation. This compassion will ultimately extend outward to our partners and clients. It is an organic process that begins with embracing your true self. Simply put: be perfectly you!”

What's the best thing about your job?

“It's challenging to pinpoint just one aspect, but my greatest joy, which I also find applicable to life, is witnessing the personal and professional growth of others. In my role, I assume the role of a Zen gardener, tending to the development of individuals by pruning, watering, guiding, observing, and appreciating the organic process of people collaborating and flourishing.”

What's one thing you wish everyone knew about cybersecurity?

“Respect the mundane. It will be what everyone needs from you. Many individuals these days may have the misconception that cybersecurity is a glamorous field that makes you appear cool simply because you’re a ‘hacker’. However, being a hacker is just a small aspect of the overall picture, and without the ability to effectively document their actions, these individuals would be incapable of holding a job in the industry.

“The final output, the deliverable, may seem mundane but it holds utmost significance. In reality, cybersecurity professionals are not as cool as they are often portrayed to be, as there is a great deal of routine and unexciting, yet vital work involved in the trade.”

And finally, why are events like Black Hat MEA valuable to you?

“Travelling extensively helps to eliminate the blemishes of ignorance. Black Hat MEA, in particular, holds great value for me because it offers something that cannot be readily found in my current place of residence (America) – the opportunity to gain cultural and professional perspectives from a less ego/ethnocentric standpoint in an ever-evolving field.

“Observing and learning from our peers in the Middle East and Africa has provided numerous insights that I hadn't even realised were there. One must have the experience to even be aware of its existence. I deeply treasure this, along with the efforts put into diverse speakers, both culturally and in terms of topics covered.

“Moreover, in the western world, we often hold preconceived notions about other countries without truly understanding them. The conversations I had with everyone in Riyadh last year were incredibly genuine, authentic, and exhilarating. I approached the experience with a determination to let go of any preconceptions, and I was not disappointed. It was a truly magical experience for me.”

Thanks to Lance James at Unit 221B. Join us at Black Hat MEA 2023 to learn more.