In 2002 I was driving to a hedge fund manager’s house to hopefully raise money from him. I was two hours late. This was pre-GPS and I had no cell phone. I was totally lost.
I kept playing over and over again “Lose Yourself” by Eminem.
I was afraid this was my one shot and I was blowing it. I was even crying in my car. I was going broke and I felt this was my one chance. What a loser.
Finally I got there. The hedge fund manager was dressed all in pink. His house was enormous. Maybe 20,000 square feet. His cook served us a great meal. I had made him wait two hours to eat. And he had cancer at the time. I felt really bad.
Then we played chess and it was fun and he gave me a tour of the house. One room was just for toys made in 1848. He had a squash court inside the house.
Another room had weird artifacts like the handwritten notes from when Lennon and McCartney were first writing down the lyrics for “Hey Jude.”
Another was the official signed statement by Ted Kennedy in the police station after he reported the Chappaquiddick accident that may have ultimately played a part in his decision to not run for president.
Eventually I did raise money from this manager and it started a new life for me.
But that’s not why I bring up Eminem at all.
The song “Lose Yourself” is from the movie “8 Mile.” Although I recommend it, you don’t have to see it to understand what I am about to write. I’ll give you everything you need to know.
Eminem is a genius at sales and competition and he shows it in one scene in the movie.
A scene I will break down for you line by line so you will know everything there is to know about sales, cognitive bias, and defeating your competition.
First, here’s all you need to know about the movie.
Eminem plays a poor, no-collar, self-proclaimed “white trash” guy living in a trailer park. He’s beaten on, works crappy jobs, gets betrayed, etc. But he lives to rap and break out somehow.
In the first scene he is having a “battle” against another rapper and he chokes. He gives up without saying a word. He’s known throughout the movie as someone who chokes under pressure and he seems doomed for failure.
Until he chooses himself.
The scene I will show you and then break down is the final battle in the movie. He’s the only white guy and the entire audience is black. He’s up against the reigning champion that the audience loves.
He wins the battle and I will show you how. With his techniques you can go up against any competition.
First off, watch the scene (with lyrics) before and after my explanation.
Ok, let’s break it down. How did Eminem win so easily?
Setting aside his talent for a moment (assume both sides are equally talented), Eminem used a series of cognitive biases to win the battle.
The human brain was developed over the past 400,000 years. In fact, arguably, when the brain was used more to survive in nomadic situations, humans had higher IQs then they had today.
But one very important thing is that the brain developed many biases as short-cuts to survival.
For instance, a very common one is that we have a bias towards noticing negative news over positive news.
The reason is simple: if you were in the jungle and you saw a lion to your right and an apple tree to your left, you would best ignore the apple tree and run as fast as possible away from the lion.
This is called “negativity bias” and it’s the entire reason newspapers still survive by very explicitly exploiting this bias in humans.
We no longer need those short-cuts as much. There aren’t that many lions in the street. But the brain took 400,000 years to evolve and it’s only in the past 50 years maybe that we are relatively safe from most of the dangers that threatened earlier humans.
Our technology and ideas have evolved but our brains can’t evolve fast enough to keep up with them. Consequently, these biases are used in almost every sales campaign, business, marketing campaign, movie, news, relationship, everything.
Almost all of your interactions are dominated by biases, and understanding them is helpful when calling BS on your thoughts or the actions of others.
You have to learn how to reach past the signals from the brain and develop intuition and mastery over these biases.
1) In-group Bias
Notice Eminem’s first line: “Now everybody from the 313, put your mother-f*cking hands up and follow me”.
The 313 is the area code for Detroit. And not just Detroit. It’s for blue-collar Detroit where the entire audience, and Eminem, is from.
So he wipes away the outgroup bias that might be associated with his race and he changes the conversation to “who is in 313 and who is NOT in 313″.
2) Herd Behavior
He said, “put your hands up and follow me.” Everyone starts putting their hands up without thinking. So their brain tells them that they are doing this for rational reasons.
For instance, they are now following Eminem.
3) Availability Cascade
The brain has a tendency to believe things if they are repeated, regardless of whether or not they are true. This is called Availability Cascade.
Notice Eminem repeats his first line. After he does that he no longer needs to say “follow me.” He says, “look, look.”
He is setting up the next cognitive bias.
4) Distinction Bias Or Outgroup Bias
Brains have a tendency to view two things as very different if they are evaluated at the same time as opposed to if they were evaluated separately.
Eminem wants his opponent “Papa Doc” to be evaluated right then as someone different from the group, even though the reality is they are all in the same group of friends with similar interests, etc.
Eminem says: “Now while he stands tough, notice that this man did not have his hands up.”
In other words, even though Papa Doc is black, like everyone in the audience, he is no longer “in the group” that Eminem has defined and commanded: the 313 group.
He has completely changed the conversation from race to area code.
5) Ambiguity Bias
He doesn’t refer to Papa Doc by name. He says “this man.” In other words, there’s “the 313 group” which we are all a part of in the audience and now there is this ambiguous man who is attempting to invade us.
Watch presidential campaign debates. A candidate will rarely refer to another candidate by name. Instead, he might say, “All of my opponents might think X, but we here know that Y is better”.
When the brain starts to view a person with ambiguity it gets confused and CAN’T MAKE CHOICES involving that ambiguity. So the person without ambiguity wins.
6) Credential Bias
Because the brain wants to take short cuts, it will look for information more from people with credentials or lineage than from people who come out of nowhere.
So, for instance, if one person was from Harvard and told you it was going to rain today and another random person told you it was going to be sunny today you might be more inclined to believe the person from Harvard.
Eminem does this subtly two lines later. He says, “one, two, three, and to the four.”
This is a direct line from Snoop Doggy Dogg’s first song with Dr. Dre, “Ain’t Nothin But a G Thing.” It is the first line in the song and perhaps one of the most well-known rap lines ever.
Eminem directly associates himself with well-known successful rappers Dr. Dre and Snoop when he uses that line.
He then uses Availability Cascade again by saying, “one Pac, two Pac, three Pac, four.” First, he’s using that one, two, three, and to the four again but this time with Pac, which refers to the rapper Tupac. So now he’s associated himself in this little battle in Detroit with three of the greatest rappers ever.
Eminem points to random people in the audience and says “You’re Pac, He’s Pac,” including them with himself in associating their lineages with these great rappers.
But then he points to his opponent, Papa Doc, makes a gesture like his head is being sliced off and says, “You’re Pac, NONE”. Meaning that Papa Doc has no lineage, no credibility, unlike Eminem and the audience.
8) Basic Direct Marketing: List The Objections Up Front
Any direct marketer or salesperson knows the next technique Eminem uses.
When you are selling a product, or yourself, or even going on a debate or convincing your kids to clean up their room, the person or group you are selling to is going to have easy objections.
They know those objections and you know those objections. If you don’t bring them up and they don’t bring them up then they will not buy your product.
If they bring it up before you, then it looks like you were hiding something and you just wasted a little of their time by forcing them to bring it up. So a great sales technique is to address all of the objections in advance.
Eminem’s next set of lines does this brilliantly.
He says, “I know everything he’s got to say against me.”
And then he just lists them one by one:
“I am white” “I am a fuckin bum” “I do live in a trailer with my mom” “My boy, Future, is an Uncle Tom” “I do have a dumb friend named Cheddar Bob who shot himself with his own gun”. “I did get jumped by all six of you chumps”
And so on. He lists several more.
But at the end of the list, there’s no more criticism you can make of him. He’s addressed everything and dismissed them. In a rap battle, (or a sales pitch), if you address everything your opponent can say, he’s left with nothing to say.
When he has nothing to say, the audience, or the sales prospect, your date, your kids, whoever, will buy from you or listen to what you have to say.
Look at direct marketing letters you get in email. They all spend pages and pages addressing your concerns. This is one of the most important techniques in direct marketing.
9) Humor Bias
Eminem saves his best for last. “But I know Something About You” he says while staring at Papa Doc.
He sings it playfully, making it stand out and almost humorous. There is something called Humor Bias. People remember things that are stated humorously more than they remember serious things.
10) Extreme Outgroup
“You went to Cranbook.” And then Eminem turns to his “313 group” for emphasis as he explains what Cranbook is. “That’s a private school.”
There’s no way now the audience can be on Papa Doc’s side but Eminem makes the outgroup even larger. “His real name’s Clarence. And his parents have a real good marriage.”
BAM and BAM! Two more things that separate Papa Doc from the crowd. He’s a nerdy guy, who goes to a rich school, and his parents are together.
Unlike probably everyone in the audience, including Eminem. No wonder Papa Doc doesn’t live in the 313, which was originally stated somewhat humorously but is now proven without a doubt.
11) Credential bias (again)
Eminmen says, “There ain’t no such thing as”… and the audience chants with him because they know exactly what he is quoting from “Halfway Crooks!” a line from a song by Mobb Deep (I did their website back in 1998), another huge East Coast rap group. So now Eminem has established lineage between himself and both the West Coast and the East Coast.
And by using the audience to say “Halfway Crooks” we’re all in the same group again while “Clarence” goes back to his home with his parents at the end of the show.
The music stops, which means Eminem has to stop and let Papa Doc have his turn. But he doesn’t. He basically says “F*ck everybody”, “F*ck y’all if you doubt me.” “I don’t wanna win. I’m outtie.”
He makes himself scarce. After establishing total credibility with the audience he basically says he doesn’t want what they have to offer.
He reduces the supply of himself by saying he’s out of there. Maybe he will never come back. Reduce the supply of yourself while demand is going up and what happens? Basic economics. Value goes up.
He’s so thoroughly dominated the battle that now, in reversal to the beginning of the movie, Papa Doc chokes. He doesn’t quite choke, though. There’s nothing left to say. Eminem has said it all for him.
There’s no way Papa Doc can raise any “objections” because Eminem has already addressed them all. All he can do is defend himself, which will give him the appearance of being weak. And he’s so thoroughly not in the “313 Group” that there is no way to get back in there.
There’s simply nothing left to say. So Eminem wins the battle.
And what does Eminem do with his victory? He can do anything.
But he walks away from the entire subculture. He walks off at the end of the movie with no connection to what he fought for.
He’s going to Choose Himself to be successful and not rely on the small-time thinking in battles in Detroit.
He’s sold 220 million records worldwide. He discovered and produced 50 Cent who has sold hundreds of millions more (and is another example of “Choose Yourself” as Robert Greene so aptly describes in his book “The 50th Law”).
Doesn’t it seem silly to analyze a rap song for ideas how to be better at sales and communicating? I don’t know. You tell me. I’ve exposed myself so much in my blog posts. In fact, I don’t hit “Publish” on something unless I’m afraid of how people will react.
When you expose yourself there are many many ways for people to attack you. People will stab you and hurt you. But you can’t create art unless you show how unique you are while being inclusive with others who share your problems.
I’m still scared when I hit publish. But I love that final feeling of risk and fear. The rush. The carriage return. Click.
About the Author James Altucher is an investor, programmer, author, and entrepreneur. He is Managing Director of Formula Capital and has written 6 books on investing. His latest book is I Was Blind But Now I See, & Choose yourself.
This paper discusses the importance of IT security for
enterprises especially as they deal with challenging business conditions. The
consequences of not having proper IT security measures in place can result in
substantial losses – both financial as well as intangibles such as diminishing
reputation, credibility and so on. It is imperative for enterprises to embark
on a holistic security program in their SOC. At the same time, enterprises need
to be aware of which technology and service is relevant for their kind of
business to get the maximum returns. This paper throws light on this topic too.
Security - a key
Technology has become the pivot to an organization’s success
in today’s demanding business environment. And within that, IT security has
assumed significant importance –to handle the compliance and regulatory demands
along with the myriad threats and vulnerabilities that businesses are exposed
to continuously. The consequence of not allocating this importance can be quite
expensive –the recent Sony PlayStation Network incident resulted in damages of
$171 million to Sony. Similarly, Citigroup lost $2.7 million to hackers who
accessed information of 200, 000 clients illegally. To appreciate the
seriousness, consider this finding from PwC - the cost of information security breaches
just in the UK was a whopping £5 - £10 billion in 2011. Clearly, the findings
from a survey conducted by the Enterprise Strategy Group is no surprise then
which states that IT security is among the top five priorities identified by IT
professionals for 2012. To compound matters, threats and attacks are only
becoming more complex and sophisticated and so a well-equipped Security
Operations Center (SOC) with the required security technologies and services is
the order of the day. Many enterprises plan to increase security budgets to
deal with this situation and enhance the capabilities of their SOC.
No doubt that IT security is gaining much needed attention;
however, the road ahead is replete with challenges. Most IT security
professionals seldom take a holistic view while securing their organization.
Typically, they adopt a siloed approach and secure the entire network without paying
attention to individual host systems. It is assumed that access controls
implemented across the network will, by extension, be sufficient to protect
host systems and associated information. Unfortunately, this approach falls
short in protecting business and technology services against attacks, threats
and vulnerabilities comprehensively. In addition, SOCs today have to contend
with not only the physical networks, computers and applications, but extend
their purview to the online realm and mobile devices too - no easy task.
Verizon’s “2011 Data Breach Investigations Report” reports alarming news that
the number of online attacks increased by a factor of five between 2005 and
2010. Plus, there is the issue of mobile malware and anti-theft measures
especially with the growing popularity and acceptance of the BYOD trend that
needs to be addressed.
Some hard facts:
• According to McAfee, there were 8 million new
kinds of malware more within the space of a quarter in 2012.
• Mobile vulnerabilities rose by 93% in 2011
• Estimated losses due to phishing attacks was
$687 million in the first half of 2012 as per RSA
The way forward
Organizations must view the security portfolio holistically
to provide a comprehensive cover enterprise-wide. Consequently, every host
whether it is service oriented devices/servers or user oriented workstations,
should be considered as a potential target and its vulnerability to attacks
It is therefore essential to consider different technologies
and services that can help mitigate these risks. The key technologies and
services required in an SOC are as follows:
A practical framework
to determine the right mix of security technology and services for enterprises
While the security elements introduced above are essential
to protect enterprises and meet compliance requirements successfully, the choice
and implementation of these technologies depend both on the industry they
belong to and the size of the enterprise. For instance, large enterprises
require security of a higher order and have stringent compliance requirements
such as ISO 27001, SOX, HIPAA, and SAS 70. Such enterprises typically face a
large volume of transactions resulting in terabytes of data which has to be
managed securely. In specific cases such as in the financial sector, there is
the added complexity of handling sensitive data. Failing to secure critical
data can not only result in monetary losses but also lead to intangible
consequences such as loss of reputation and credibility which can be equally
• BFSI – Compliance requirements
such as ISO 27001, PCI-DSS, SOX, GLBA, HIPAA, SAS 70 and Regulatory compliances
such as RBI, SAMA, FRB, FSA
• Telecom – Compliance requirements
such as ISO 27001, IEC15408, 3GPP, SAS70, Telecom Regulatory Authorities
same norm is not necessary for mid-size and smaller enterprises or those
belonging to other industries such as manufacturing or CPG.
Not only is
the volume of transactions much lesser, the resources required to manage a
comprehensive security portfolio is generally not available warranting a
different approach to security. Clearly, a “one-size fits all” approach will
not be effective.
framework has been conceptualized keeping in mind the specific needs of
different kinds of organizations.
framework can be applied across industries, it becomes particularly critical
for the BFSI and telecom owing to the nature of their business.
enterprises belonging to the BFSI industry, all the above services are
recommended; however, the Identity and Access Management, Fraud, Forensic Analysis
& SIRT and Wireless IPS are optional for smaller banks for obvious reasons.
Similarly for enterprises in the telecom industry, other than Wireless IPS
service, the rest of the elements are mandatory
Essential elements for your SOC
Basic Security Implementations
organizations need to implement a basic list of security technologies for
overall protection. This includes a strong firewall, anti-virus and spam
software, VPN devices for site-to-site and remote access as well as physical
security checkpoints such as CCTVs, security guards etc.
360-Degree Security Incident/Event Management and Analysis
Security Incident and Event Management
requirement for SIEM tools is to monitor security incidents in real time and
generate reports in case of any lapses. This tool also functions as a centralized
security incident management framework as it can be easily integrated with
other security technologies and services
Database Activity Monitoring (DAM)
database administrators and other privileged users in organizations can access
and modify sensitive information. DAM provides privileged user and application
access monitoring, helps improve database security by detecting unusual
activities, triggers alarms and meets compliance requirements.
Web Application Firewall (WAF)
necessary to ensure secure internet based (HTTP) communication and can detect
common attacks such as Injection Vulnerability, Cross Site Scripting (XSS),
Broken Authentication and so on. It is particularly useful in detecting and
blocking out unwanted content when dealing with sensitive HTTP data and the
logs generated by WAF can be used for forensic analysis and reporting.
Network Behaviour Anomaly Detection
NBAD is used
for monitoring the network traffic behavior in real-time to protect the
organization against zero day attacks that are not detected by
signature/rule-based security systems like firewalls.
detects malwares through traffic analysis in all devices including those not
discovered by the OEM vendor products and subscription services.
Vulnerability and Risk Management and Analysis
Vulnerability Management (VM)
the software and hardware systems from attacks and exploiting inherent
vulnerabilities, a security team must know what vulnerabilities are present.
This means that organizations should have effective vulnerability management
tools and processes as part of their IT security.
Intelligence Service is essential for the organizations to track, update and
integrate the evolving threats and vulnerabilities for monitoring and
mitigation. It would track global threats and vulnerabilities, chart an action
plan and notify stakeholders through advisories.
management services would ensure all the identified security incidents,
vulnerabilities and threats are tracked and closed. It would also monitor
technology related risks like design, configuration, security baselining, etc.
These services would also regularly upgrade employee skills in dealing with
security challenges, process violations and unauthorized changes/access.
Anti-Malware Service for Critical
is to ensure that the websites are proactively monitored and protected from
malicious attacks particularly defacements, malwares, etc. Through real time
crawling and behavior analysis of a website, this service helps avoid
blacklisting of the website in search engines.
Anti-Phishing Service for Critical
attempts to acquire information like usernames, passwords, credit card details
etc., through emails/sms to direct users to fake websites. Anti-phishing
services are essential to proactively monitor, identify, detect and protect the
user’s identity and sensitive data from malicious elements.
Security Matrix & Dashboard
Matrix and Dashboard provides a consolidated security status reporting of all
the security technologies and services along with key metrics through a portal.
This is very critical in enabling a comprehensive understanding of the security
posture of the organization and typically includes dashboards for
vulnerabilities, risks, security incidences, compliance, Anti X and patch
management reports, and so on.
to the key technologies, enterprises should invest in a SOC customized to their
organization’s environment for a drill down on business and technology risks,
vulnerabilities, trends and comparisons with global practices.
It is evident
that enterprises need to implement the right set of security technologies and
have a robust Security Monitoring Framework in place in their SOC. By adopting
the proposed framework, enterprises stand to gain significantly – they choose
the right set of technologies and hence secure their organization effectively.
By doing this, they also invest wisely and this is critical in today’s tough
the right set of tools and technologies, the SOC becomes easier to manage and
services business requirements better.
K. is the Practice Head for Managed Security and Network Services, Global
Infrastructure Services (GIS).
From Adobe to Facebook, security breaches continue to be top-of-mind for both companies and users, and organizations around the globe are all wondering if they are next in line to deal with a breach of their own. Hackers may always be a few steps ahead of companies when it comes to cracking codes and stealing information, but as we dissect breach after breach, it's clear that companies are not helping their security cause – they are actually jeopardizing it in more ways than one. With a few simple steps, companies can take back control of their infrastructure and assure that their next breach is merely an inconvenience rather than a multi-million dollar catastrophe.
Why do companies need to know a user's mother's maiden name, the date their father was born and their favorite color when they were in kindergarten? Organizations that collect numerous forms of identifying information think they are creating a more secure user experience when in fact they are putting themselves at greater risk for security breaches. Users expect that when answering those levels of questions that their data is going to remain private; however because of the way the information is stored, they are at greater risk of their online identities becoming compromised.
There are few solutions when considering the collection of data. For those organizations that choose to continue asking for identifying information, they should reduce the number of questions asked and turn to data encryption to store the user's information. Please realize that data encryption is a well understood science, as is the analysis of encryption with the intent of breaking it. You cannot simply apply basic obfuscation to your data, and expect it to be secure in the event of a real hacking attempt. Instead organizations should use proven and reliable encryption implementations and techniques, utilizing salt and other entropy to make it more secure. When encrypting the data, organizations need to collect less information to ensure that in the event that there is a security breach, passwords will not be jeopardized and online identities will remain private.
But, the truth of the matter is that storing passwords – even those that are encrypted – is simply one step. Although it can be a bit more cumbersome, two-factor authentication is the approach that all companies should consider when offering users the options of using their services online. With an extra layer of security, two-factor authentication allows for usernames and passwords to serve as the first point of entry, requiring an additional secure code that has been sent to them via another device, like a mobile phone, to complete their login. The drawback? It's another step that users must take to access their information, and it may deter them from wanting to leverage that site or application because of the extra step. As more people experience the impact of data breaches and personal online information being compromised, and the conversation about two-factor authentication continues, organizations of all sizes will be forced to implement this simple solution to prevent the theft of data and personal identifying information during breaches.
The bigger issue
To truly understand the heart of the problem, organizations must take a step back and evaluate the core of their IT infrastructure. Let's face it, when it comes to developing and managing an IT infrastructure, the security layer is the least glamorous. Administrators and developers would prefer to focus their time on the parts that get the most positive recognition and attention. The security layer is likely only capturing someone's attention when there is a problem, so it's not nearly as fun to work on as designing and managing a homepage. But, as any company that has recently experienced a security breach knows, even though security may not be the most glamorous of jobs, it is certainly one of the most high profile and critical.
Outside of finding a crew of administrators and developers who have the passion and knowledge to balance sexy with mission critical, it's important to have a team that has complete visibility into the infrastructure. With all of the breaches happening, it's easy to ask why companies aren't implementing stricter policies for securing user data. Honestly, many companies aren't really aware of what is happening in their underlying systems. As a result of utilizing off-the-shelf third party software, companies don't truly understand what is happening within the depths of their infrastructure. The good news? The fix is simple. Instead of utilizing third-party software, companies can choose open source solutions. Unlike the third-party solutions, open source products offer full transparency, giving companies a clear picture of how the software is interacting with other layers, allowing for administrators to identify issues almost immediately.
Yes, hackers may always be one step ahead in the security race, but it's important for organizations to take ownership – knowing that with a few small adjustments to their security policies and management that they can prevent the next breach from turning into a major catastrophe. From the basics of spending adequate time and resources focusing on the security level of your infrastructure and knowing what is happening at all layers, to reducing liability by collecting limited information and encrypting data, the steps needed to secure your infrastructure and protect your customer, partners and employees' data are minimal compared to the inevitable consequences.
If the keys to the front door are left under the mat, it does not matter how secure the fort is! The same metaphor applies to protecting data and identities. Security is everyone's responsibility.
As a leader, you play a critical role in your organization’s
success. In large part through your positive influence with the people you
I think the best leaders are the ones that bring the best
in others. They inspire, they encourage and they take people to the next
Inspiring leadership is about believing and assuming good
intentions about people.
It doesn't mean we are not holding people accountable, but
we find ways to deliver and communicate constructive feedback in an inspiring
This article, will explore three ways to inspire and
motivate the people you lead to bring the best in them.
1.Shine a light on what is going
Great leaders look at what is going right first. Leaders do
not ignore poor performance, but they focus on the positive things people have
to offer to the world. I have seen many managers throughout the years who
really tend to focus on what is not going well for their team. They approach
this attitude because they come from a “fixing” mentality.
“…But we need to remember that “fixing’ is something we do with
machines but not with people.
We need to inspire people for change, not “fix” people for change…”
When leaders focus on people’s strengths & positive
attributes, there is more engagement.
positive encouragement for improvement
We sometimes underestimate the progress principle into our
leadership role. Great leadership does not happen when things are always going
This is an inspiring opportunity for many leaders to reach
out to the person by encouraging and reinforce improvement.
Look for opportunities to reinforce your people’s efforts
along the way. By focusing on their efforts, you are willing to believe in
a positive and supportive culture
Employee’s surveys keep showing that people perform better
for leaders who care about them.
Great leaders care by making positive connections and build
meaningful relationships. At the end of the day, we are here to build
relationships with people.
When meaningful relationships exist, the more motivating
the culture is. We have the trust and the support throughout when relationships
are a priority in any organizations.
As leaders, we need to be a resource of support and provide opportunities for learning and growth. The best
leaders provide coaching and mentoring to help people stay motivated and
interested in their jobs.
Lastly, help people make connections with other
people in the organization. Their support for each other and the information
they exchange will help people give their very best.