Human Element

Hostage negotiation skills translate directly to threat intelligence work in ways most security leaders never consider, Duaine Labno, Director of Special Investigations & Threat Intelligence at TIG Risk Services tells Ben. His 26-year evolution from patrol officer to his current role demonstrates how crisis psychology techniques enhance modern threat assessment capabilities. Duaine's hostage negotiation background provides foundational skills for threat assessment work that most security professionals lack, including reading psychological trigger points in subjects under investigation, maintaining emotional control when third-hand information creates operational hysteria, and asking probing questions that separate factual evidence from assumptions. 
His four-question decision framework around ethics, morality, legal compliance, and community impact prevents emotional reactions during critical incidents when information is fragmented and stakes are highest.
Duaine also explains his team's 260 hours of mandatory annual training creates what he describes as "control during chaos" — security professionals who coordinate through technology rather than verbal commands during critical incidents, with silence indicating peak performance rather than confusion.
Stories We’re Telling Today: 
How hostage negotiation principles translate directly to threat intelligence work.
The systematic approach to building "elite" security teams through 260 hours of mandatory annual training focused on scenario-based exercises with realistic environmental stressors.
Rapid operational redesign after an emergency, demonstrating how security teams can implement real-time employee tracking integration.
The mental models for critical decision-making under pressure, emphasizing evidence-based analysis over third-hand information.
Why "control during chaos" represents peak team performance, with effective communication happening through technology channels.
The challenging transition from hands-on investigator to security leader, particularly learning when to step back and trust team training.
Advanced screening techniques for identifying tenacity in security personnel, using stress-situation interviews to evaluate both technical competence and human interaction capabilities.
Building trust within security teams through the "family philosophy" approach that balances high performance standards with open communication and mutual accountability.
The evolution of physical security threats requiring constant intelligence monitoring through multiple news sources and real-time threat feeds.
Mentoring approaches for developing the next generation of security leaders, including succession planning and the importance of evolving threat landscapes.
Too busy; didn’t listen: 
Duaine Labno's hostage negotiation background directly enhances threat intelligence work through pattern recognition, de-escalation techniques, and comprehensive situational assessment skills.
The 2023 Michigan State shooting exposed critical gaps in employee accountability, leading to complete system redesign within 24 hours integrating real-time tracking with risk management software.
Elite security teams require 260 hours of annual training focused on "control during chaos" where silence during critical incidents indicates peak performance rather than confusion.
The hardest leadership transition involves stepping back from hands-on investigative work and trusting team training, requiring deliberate development of delegation skills over natural problem-solving instincts.
Screening for tenacity through stress-situation interviews reveals both technical competence and human interaction capabilities, essential for security professionals who deal with people during traumatic situations.
Skip to the Highlight of the Episode
[8:10-9:22] And when we do scenario-based training, I'm all about control during the chaos, everyone has to stay calm. So it's great walking into the room when they are working as a team and you have silence, I mean, there's not a lot of talking. They are communicating with each other, they're using technology to communicate with each other, but they've really honed in on that skill set to be able to work under a chaotic situation. So that's one of the things that I try and push towards my people. And as probably you've seen throughout your career, many of these events sometimes can be reported as being more chaotic than they really are. So we have to take control of our own emotions, have a clear mindset, have a process in place, and everyone needs to know how to do their job and be very proficient at doing their job. And I think the more you practice that, the better you become during the stressful situations.
Listen to more episodes: 
Apple 
Spotify 
YouTube
Website

The most effective security leaders don't abandon their technical foundation when they move into management — they transform it into strategic advantage while treating leadership itself as a discipline worthy of rigorous investigation. 
On this episode of Human Element, Robert McArdle, Director FTR & Cybercrime Research at Trend Micro, tells Ben how applying analytical thinking to human psychology and team dynamics creates more impactful security leadership than traditional management approaches. His teams investigate future threats and operational intelligence across distributed locations, requiring leadership methods that build genuine trust and collaboration without traditional hierarchical proximity. 
Robert's approach centers on leading people to their success rather than positioning himself as the central authority, extending beyond typical coaching to actively helping team members transition beyond his organization when it serves their career growth.
Stories We’re Telling Today: 
Treating leadership development as a research discipline enables technical professionals to transition into management roles without sacrificing their analytical strengths.
The strategic approach to maintaining technical credibility while scaling impact through delegation, including which technical knowledge to retain versus outsource to team members.
Engineering trust and psychological bonds in distributed security teams through designed experiences that create shared positive memories and laughter.
Why authentic leadership consistently outperforms attempting to fit predetermined management personas, especially when leading teams of highly skilled technical investigators.
The Hedgehog Principle framework for developing security professionals by identifying intersections between passion, capability, and business value.
Debunking the "too small to be targeted" myth and why opportunistic attacks make every organization vulnerable regardless of perceived value or size.
Building effective team cultures around clear lighthouse vision statements that inspire multi-year commitment while maintaining tactical flexibility.
Balancing lifelong learning commitment with leadership responsibilities through dedicated daily learning blocks and strategic knowledge consumption.
Remote team meeting methodologies that prioritize problem-solving over status updates, including agenda sharing and systematic participation management.
 
Too busy; didn’t listen: 
Robert McArdle treats leadership development like research — applying the same analytical approach to understanding human psychology and team dynamics that he used in technical security roles.
Delegation was Robert’s biggest leadership challenge, requiring active training to stop jumping in and solving every problem personally while maintaining strategic technical knowledge to amplify team capabilities.
Building trust in remote security teams requires engineering shared laughter experiences, understanding that positive psychological bonds form through dopamine responses rather than scheduled video calls.
The "too small to be targeted" security myth ignores that most attacks are opportunistic rather than targeted, making every internet-connected organization vulnerable regardless of size or perceived value.
Effective security leadership means positioning yourself at the back of the room during team recognition moments, leading people to their success rather than taking center stage for achievements.
Skip to the Highlight of the episode: 
“People who would say, “But our company is too small to be targeted by attacker X, Y, Z,” or “What do we have that's worth stealing from.” If you're thinking that your company is too small and doesn't have any worth stealing, your company shouldn't be in business too much longer. Because you are clearly worthless. So everybody has something of value that needs to be defended. And also, criminals don't really target. In most cases, they're a lot more opportunistic.” 15:51-16:18

In today's security landscape, decisive leadership often matters more than technical expertise. Caleb Barlow, CEO of Cyberbit, brings a seemingly unconventional but surprisingly common perspective to security incident response, drawing from his background as an EMT and firefighter, where he learned to make consequential decisions with limited data. 
His conversation with Ben on this episode of Human Element reveals why the underwhelming decision-making by executive teams during a breach often causes more damage than the threat actor — a stark reality Caleb witnessed firsthand when a CISO asked for PowerPoint slides for next Thursday's meeting during an active breach. 
From building commercial cyber ranges that create muscle memory through repetition to explaining why 80-90% of CISOs share backgrounds in military, law enforcement, or emergency response, Barlow illuminates how security professionals must develop crisis decision-making skills through experiential learning rather than relying solely on theoretical knowledge.
Stories We’re Telling Today: 
How making decisions with limited data, accepting consequences, and being willing to pivot as new information emerges creates more effective security outcomes than traditional corporate decision processes.
How pattern recognition and muscle memory developed through repeated security simulations enable leaders to identify attacker behaviors that classroom training cannot teach.
Why 90% of breaches result from basic security hygiene failures rather than advanced persistent threats, illustrated by how even training malware gets flagged as APTs by modern EDR solutions.
The critical practice of daily standups where 20% of time is deliberately "unproductive" conversation, creating connections that prevent surprise resignations and conflict escalation.
How security leaders must ruthlessly filter information sources to combat both the technical barrage and political noise that threatens focus on critical security functions.
Applying Colonel John Boyd's air combat decision framework (Observe, Orient, Decide, Act) to cybersecurity, recognizing that non-decisions default control to adversaries.
Why filtering candidates based on specific tool experience creates artificial bottlenecks when fundamental skills and mission orientation matter more.
Why the hardest career step is becoming a coach rather than the smartest person in the room, requiring communication and leadership skills rarely taught to technical professionals.
Too busy; didn’t listen: 
Caleb Barlow argues executive indecision during breaches often causes more damage than the attackers themselves, forcing security leaders to make decisions with limited data.
His background as an EMT and firefighter shaped his crisis-management approach, where experiential learning through cyber ranges builds the pattern recognition skills that classroom training cannot provide.
Daily team scrums with deliberate time for non-work conversation prevent communication gaps and surprise resignations in remote work environments.
Most "sophisticated nation-state attacker" claims mask basic security failures — 90% of breaches stem from negligence in implementing fundamental controls.
Technical professionals should invest in communication and "soft skills" earlier in their careers, as these become critical for leadership positions and cannot be developed overnight.
Skip to the Highlight of the episode:
[35:29-35:54] “We've got some tough competition, we've got a great product, but man, there's going to be some tough days. There's going to be some tough quarters. So you better be all in for the mission or there's going to be a Tuesday where you're like, ‘Oh, this is just too hard.’ And if you're not, if you're not really after that success factor, know what it is, and want to work together as a team, then it's not the right place for you.” 
Listen to more episodes: 
Apple 
Spotify 
YouTube
Website

In this debut conversation on Human Element, Lance James, Chief Innovations Officer & Founder of Unit 221B, joins our host Ben April, CTO of Maltego, to explore the human side of security leadership and the transformative experiences that shape effective leaders in the industry. Lance shares his unique pattern recognition abilities that span from technical systems to human behavior, explains his first principles approach to complex security challenges, and details why deliberately slowing down during incident response leads to better outcomes than rushed decision-making. 
Through practical examples from his career journey, Lance illustrates how his background in music enhanced his security leadership, why he structures his work week to separate technical deep-work from leadership responsibilities, and how creating psychological safety in teams while maintaining clear boundaries has become his leadership foundation.
We look forward to sharing stories like Lance’s — ones that resonate with security leaders facing similar challenges and foster a sense of community by sharing the human side of these journeys and the lessons learned along the way that have shaped their guests’ careers and contributed to today's security landscape.
 
Topics Discussed: 
Implementing a "slow down" methodology during cybersecurity crises that counterintuitively leads to better outcomes by preventing compounding errors that occur during rushed decision-making.
Strategic allocation of dedicated days for technical deep work versus people management to optimize leadership effectiveness without cognitive switching penalties.
Leveraging observational skills traditionally used for threat detection to identify underlying motivations in adversaries and team members alike, creating more effective intervention strategies.
Implementing a structured "commit to three" framework with feeling acknowledgment and gratitude components that transforms potential attention challenges into leadership advantages.
Applying Zen principles to cybersecurity leadership that enable fresh perspectives on familiar problems, preventing complacency and encouraging continuous discovery.
Modeling transparent knowledge gaps and establishing collaborative rather than hierarchical relationships that accelerate growth in emerging security professionals.
Establishing clear boundaries and rejecting hero-complex tendencies to create more resilient security teams that don't depend on individual heroics.