LinkedIn’s social algorithms are awful at determining true experts. So what makes one truly an expert? One perspective is the depth of knowledge in a given domain, but the other is one’s ability to organize that knowledge to facilitate the understanding and discovery of new depths.
In my experience of gaining expertise, I have found that having a mental model for understanding is more important than the ability to absorb expert level content. These mental models allow me to organize bits of content into meaningful categories that assist with recall and help me connect the content to the bigger picture.
Most mental models have a one-dimensional structure, usually consisting of a list of categories that simplify our processing of the world around us. These lists are useful, but as we encounter cases that defy available categories, we tend to add more categories. Unfortunately, if we add too many categories, it can make the list less useful and harder for non-experts to understand the bigger picture..
One way to avoid this outcome is to add another dimension instead of more categories on the same dimension. This new dimension should ideally be a different mental model that is tangentially connected but mutually exclusive with any other dimensions. The merger of these mental models creates a way to systematically capture more categories and also reveals undiscovered categories.
The Cyber Defense Matrix is such an example of the merger of three mental models that adds more structure and thus more depth to our understanding.
However, we can't just add any mental model. There must be some logical overlap among the different models. For the Cyber Defense Matrix, what creates the intersection of the three mental models is actually a hidden mental model.1
The hidden model that brings the full Cyber Defense Matrix into view is the grammatical sentence construction of interrogative pronouns (who, what, when, where, and how) with a verb and its direct object:
When we combine this sentence structure, the Cyber Defense Matrix allows us to methodically ask the following types of questions:
By applying this same sentence construction for all the boxes of the Cyber Defense Matrix, we can see how the merger of these four mental models establishes most of what is currently referred to as GOVERN in the NIST Cybersecurity Framework.
Starting with a single mental model, it may be challenging initially to find a second model that intersects, but once you merge those two models, the increased surface area of your combined model enables you to easily find more intersecting models. If you can find that overlap and merge mental models, many new discoveries await.
The Cyber Defense Matrix has a large surface area, which affords us the opportunity to merge in many more models. Stay tuned for my next blog where I'll share how other models merge together and the new things we can discover from that merger.
1 There are a few other hidden mental models in the Cyber Defense Matrix, but I won’t cover those now. Maybe later.