So simple, even the CEO can do it

Once upon a time, I used to be able to do useful things. As a CEO I have now forgotten how to do anything useful, except asking other people who still know how to do useful things, to do them.

I was recently reminded that I used to know a bit about hacking. So, when I discovered that a password of mine that I thought was reasonably secure (10 character, uppercase, lower case and special characters) had been breached super quickly I decided I needed to take myself back to school. I learnt password cracking about 15 years ago and the highlight of that experience was cracking the common local admin password of a big defence contractor. It took nearly two weeks and used an embarrassingly large amount of electricity. There are better ways of heating your house, though few that are so satisfying.

When I broke that first password it was done by ‘brute-force’. A process where you essentially try every possible password to see if it works. Computers are pretty good at this. In 2005 my PC could try about 5,000,000 passwords combinations a second. Seems like a lot but a 10 character complex password like my recently broken one could have approximately 60,000,000,000,000,000,000 combinations.

In the last 15 years things have changed. PCs have got much more powerful and you don’t use your CPU to crack passwords any more, but rather a graphics card which is much, much faster. I can now get 840,000,000 tries a second using not very special hardware. But even at that speed, with so many combinations, it’s long hard work to try every combination. And this is where my eureka moment came. You don’t have to try every possibility, because like almost every human being, I am flawed and utterly useless at remembering random passwords. Any reasonably short and memorable password has probably already been cracked and the result published. You can just look it up! Try and make it more difficult with an initial capital letter, so does everyone else. Add some numbers at the end? Yes, everyone else does that too. Going to add a special character. Don’t use a _ or a – because they are the most common.

If you can remember it, it’s probably useless. A few days ago I sat down with a list of 1 billion of the most common passwords that I found on the internet. Then I took half a million encrypted passwords from LinkedIn (that were leaked in 2016) and asked my computer to try the combinations from my passwords list against the encrypted passwords. It took about 10 minutes. Not to break one of them, but to break all of them. This isn’t really a surprise because passwords from a breach as big and well-known LinkedIn are likely to already be in the public domain and thus on my list of common passwords.

Passwords suck, but people suck more. In 2018 the most commonly used password was 123456. In 2013 it was 123456. We don’t learn. 4% of all passwords are still 123456 where complexity or length aren’t enforced.

What if you have a great, complex, long and frankly amazing password? Its only any good if you don’t share it. A 2015 study by Intel found that only 65% of people could identify malicious ‘phishing’ emails designed to capture their personal data. Only 3% of people in the study identified all 10 of the test emails. That great, complex, long and frankly amazing password you had – you just gave it away. And now it’s on the internet for everyone to see. Just like mine.

We don’t need to invent a better password; we need to invent a better human.

Giles Letheren – Chief Executive Officer

Thursday War

I am not a morning person, so the alarm going off at 5am was properly unpleasant. Within the hour I was on my way out to sea with 3 other civilians and a couple of dozen professional sailors. As signatories of the Armed Forces Covenant Delt have long supported both former military personnel and reservists and we’d been invited to join HMS Albion for the day. As part of Flag Officer Sea Training the crew of Albion had spent the previous four weeks training, not just for everything that could go wrong but for when it all goes wrong at once. Today was exam day where all the practice was going to be tested.

Arriving on board to hear a warning of mines would have been truly alarming if it hadn’t all been pretend. It didn’t feel much like pretend though. The crew had been up for hours at ‘action stations’ and were all wearing anti-flash gear and looking serious. Albion was surrounded by a number of smaller ships, apparently protecting us from a marauding submarine. On a fairly regular basis throughout the day, bad things happened. The warning of ‘brace, brace, brace’ results in everyone grabbing hold of something. I caught myself hanging onto a desk despite knowing there wasn’t actually going to be an impact. There were fires, there were floods, there was the constant threat of incoming missiles (which were fast jets pretending to be missiles). Helicopters came and went. Everyone stayed calm. At one point the Bridge was on fire, and evacuated. Everyone seemed to know what to do. It was astonishing to watch a team who all knew their role, whatever was thrown at them. The only degree of stress I noticed all day was a sailor swearing (rather quietly) when he found the route to his destination blocked yet again by fire. ‘Running out of routes…’ he added as we watched and then stepped through the door he had avoided. Fire apparently doesn’t prevent VIPs from getting to lunch. However, passageways were full of fake smoke, which is disconcerting. More so when all the lights go out. That makes it difficult to see the ‘injured’ sat on the floor in corridors. They always apologised nicely if we stepped on them.

Rather than a silver service lunch in the wardroom we joined the rest of the crew in ‘Action Messing’, which is how you feed the whole crew when in the midst of battle. 25% of the crew are fed at any one time, you have seven minutes to collect your food, eat and clean up and then it’s back to work. We were done in just over six minutes. In eating at least, we could keep up with the best of them.

After lunch things got properly serious. We watched from a location that manages damage control. There was a big display showing all the decks of the ship. Anything in red was on fire. Anything in blue was filling up with water. Almost constantly, alarms were going off identifying some other problem. The display got more red and more blue. Everyone was calm. The lights went off again.

To cut a long story short, we didn’t sink or stay on fire. I didn’t fall into an open hatchway or get wet whilst testing my non-existent night vision by stepping off the side of the ship whilst boarding a landing craft, in the pitch black. The ship achieved its mission and dispatched Royal Marines by landing craft and helicopter. It was a genuinely impressive display of people working together and I was left thinking about what lessons the corporate world could learn from the way we train our military. The thing that surprised me most was that throughout the day I never saw anyone ask anyone else what they should do or if it was ok to do it. They simply informed others what they were going to do. Lots of information was communicated and constantly filtered. If it didn’t impact the mission the Captain didn’t need to know.

This level of confidence and trust is something I haven’t seen in business. We could learn from this. In my world you often find that everyone wants to know everything, but in the midst of battle, this crew were only concerned about what they needed to know to do their own job.  The absolute focus on mission, which is perhaps more common in the corporate world was as elegant as I’ve ever seen. Many corporate management teams would benefit from seeing this sort of real teamwork.

It was both an honour and a privilege to spend a day at Sea with the Royal Navy and I’d commend it to anyone who gets the opportunity. I’ve tried to lead my life in a way that results in people shooting at me on a very irregular basis but I do know that if I ever find myself in a sticky spot and in need of rescue – of anyone in the world I’d want the British Armed Forces to be the ones to come get me.

Giles Letheren – Chief Executive Officer

Lies Matter

Over the last couple of days I have been thinking about truth, lies and the Delt value of ‘Transparency’. The only way to be truly transparent as an individual would be for everyone to be inside my head. Trust me, that would be a disappointment. Corporate transparency is not that different. Unless you sit at every Board meeting, every meeting of my leadership team, every conversation about any opportunity, change, decision or process then there is always part of what is going on that will be opaque. What we see is filtered and in more ways than we think.

I understand the human eye captures about 10 million bits a second, roughly 10 Mb/s – or twice the speed of my Cornish superfast broadband. The average human brain can process roughly 50 bits per second. That’s some serious filtering/compression going on. Just for our brain to work, we filter out the vast majority of what we see. Add to that what we feel, taste, smell and the compression gets even more impressive.

If you apply this sort of maths to humans doing anything complicated it’s both fascinating and alarming. How about something complicated but common, like driving? If you are a Tesla Model S, this requires a GPU capable of processing of 36 Trillion bits per second. And a second GPU, just in case the first one fails. It’s no wonder I am so bad at driving.

My point is that everything is always filtered. Nothing is ever truly transparent. In the corporate world, transparency is just as impossible. There is just too much information. We make decisions all the time about what we think matters and should be shared vs what doesn’t and isn’t. I love our value of transparency but it’s aspirational rather than ever truly reachable.

‘Not lying or effectively lying through omission’ is probably a more deliverable value but it’s just not as catchy. So, we will continue to try to be transparent and always be honest. Given that vast array of untruths we are presented with daily, which some call marketing, political messaging or even just alternate facts, we are already surrounded by lies. I and Delt don’t need to add to that. We have to filter but we should never have to lie. To quote from the fantastic Sky Drama ‘Chernobyl’:

We’re on dangerous ground right now, because of our secrets and our lies. They are practically what define us. When the truth offends, we lie and lie until we can no longer remember it is even there, but it is still there. Every lie we tell incurs a debt to the truth. Sooner or later, that debt is paid.

Photo by AbsolutVision on Unsplash

Giles Letheren – Chief Executive Officer

Expect the Unexpected

Five years ago, a betting man (at least one who was any good) would not have expected Delt to be here at it’s fifth Birthday. Yet on the 1^st October 2019, here we are.

Most new businesses fail. 60% of them fail within the first three years. We are twice the size we were on day one and have delivered more financial, more operational and more social benefit than projected. That’s pretty unexpected.

Shared Services can deliver great results but landing one in that Goldilocks zone is tricky. Rather too many fail. A shared service that works? That’s certainly unexpected.

Cross sector partnerships. You’d think that different bits of the public sector would love working together but just like most things in life, you tend to stick with what you know and cross sector partnerships that work (and last) are rare. Yet here we are with the NHS and Local government still working hand in hand for the greater good. That’s unexpected.

Bipartisan initiatives seem nearly impossible (at the time I’m writing this anyway) yet we’ve had political stakeholders from both sides of the House and they’ve all been equally supportive. That’s unexpected.

I started my career, more than 30 years ago, in the public sector. The public sector is brilliant but can be a little frustrating when you want to get things done at pace. I then went to the private sector and reveled in getting things done quickly. The private sector is brilliant but doesn’t always seem to be doing the right thing for the right reasons. I tried both public and private sector on the other side of the Atlantic too. Same brilliance, same frustrations. If only there was a way you could take the mission and the values of the public sector, the absolute commitment to doing the right thing, the driver of working for the greater good and join that up with the pace, agility and fearlessness of the private sector. That would be something truly unexpected. That unexpected thing is Delt. Five years old today and full of enthusiasm for the road ahead. Where it will go nobody knows for sure but whatever happens, we should probably expect the unexpected.

Giles Letheren – Chief Executive Officer

12 Months Since TUPE

You are being redirected to 12 Months Since TUPE.

If you are not redirected after a few seconds, please click on the link above!

From Green to Amber

On Saturday, at least according to statistical averages, I will have about 27% life remaining. The reality of course is that I’m unlikely to be average. I rather like cake and strongly dislike pointless exercise. Public health advice suggesting less cake and more exercise implies my life remaining will therefore be somewhat lower.

As my personal battery indicator changes from green to amber perhaps it is not unreasonable to take a moment to look back.

I don’t remember anything from 50 years ago, which is probably for the best. I do clearly recall 19 years later though, where I sat alone on Boston Common, pondering my first week in full time employment. The life plan was clear: Work hard for 30 years or so and then hopefully look forward to an early retirement. Well, 31 years have gone by quickly and ‘early’ retirement is at least another 20 years away. So much for planning.

At the time I am sure I had a definite idea about what I wanted to achieve, about what I was going to do with my life that would matter. Unsurprisingly, none of those things came to pass. In reality what has given me the most joy and left the most lasting (though ultimately fleeting) impact on the world are the things I didn’t intend or plan. My children will turn into good people I think. My love for my wife and her love for helping anything furry or fluffy has led to more than 50 rescue animals having a much improved life (and me having a much less tidy home).  My inadvertent actions have led to at least three marriages (and probably at least one divorce). I’ve had responsibility for the working lives of a decent number of people, many of whom have gone on to do truly exceptional things. That’s much more indirect than I expected my impact on the world to be. 31 years ago I had no idea that what would make me most proud was the unpredictable outcomes of the butterfly effect.

To that exact point I have a confession to make. More than 35 years ago I accidentally inspired somebody to make a choice of career direction. That ‘sliding doors’ moment set them on an unavoidable path with destiny. They could have gone on to create a miracle cure for some previously incurable disease.

But they didn’t,

They could have become an inspirational leader who created a much needed new kind of politics.

But they didn’t do that either.

They could even have played a critical role in the development of a type of quantum computer that somebody could actually explain the workings of.

But no.

Instead, they created Strictly Come Dancing. And for that world, I am truly sorry.

Giles Letheren – Chief Executive Officer

The Delt Family

Yesterday morning at a new staff induction I talked, hopefully with some passion, about how our objective of sustainable socio-economic development mattered not just to our staff but to a much wider community.

Later in the day saw our annual Delt Family Barbeque. We do family events all year but this one remains my favourite. Unusually we were gifted with torrential rain and threatened with gale force winds. In true best of British spirt this dampened only our clothes, not our spirit. Too dangerous for a bouncy castle outside? Put a bouncy ball pond in the workroom! Slippery handles make axe throwing towards the nursery high risk? Setup an indoor casino. Meeting room displays work with video games just as well as PowerPoint. Indoor Sumo wrestling in a crowded environment full of high value technology. What could possibly go wrong?

Loads of staff came. Many of them brought children. Some of them even brought their own children. I saw spouses, girlfriends, boyfriends, partners, fiance’s and in one case, an ex-wife. I saw parents, my own Dad embarrassingly turning up in shorts ‘because it’s the summer’. We had future members of staff show up, members of staff who had retired came too. There was at least one person who seemed to have no connection at all to Delt. They apparently came alone, enthusiastically played the games, ate the food, talked to everyone and then left alone.

If there was any downside to this year it was that nobody brought their dog, Normally the car park is full of assorted hounds, drooling at the smell of barbeque, stealing people’s sausages and eating unattended children. The dogs clearly had more sense than to venture out in the terrible weather. On the plus side, nobody had an excuse to poop under my desk.

Delt is much more than the people it employs and the services it provides. I love it.

Giles Letheren – Chief Executive Officer