• United States



Dr. Jekyll and Mr. Hyde: Managing online indulgence

Aug 29, 20116 mins
IT LeadershipNetwork SecurityPrivacy

Michigan CTO Dan Lohrmann on anonymity, integrity, and corporate culture

I recently read an intriguing Harvard Business Review blog post, The Three Ps of Online Indulgence, by Alexandra Samuel. This guidance begins with the topic of well-known adults displaying split personalities online. While their public activities follow socially accepted norms, their darker “shadow selves” behave very differently. Samuel’s witty analysis artfully exposes the online hypocrisy of certain family-values politicians and the now-famous tweets of Congressman Anthony Weiner.

But moving quickly beyond the list of celebrities behaving badly, Samuel accurately unmasks the relentless disease that inflicts all who regularly enter cyberspace—namely the temptation toward online duplicity. This challenge is the 21st-century manifestation of the internal battle dating back to the beginning of time. Each of us must answer the age-old question: Who am I, really?

[Also see Lohrmann’s 7 reasons security pros fail (and what to do about it)]

Always-connected adults are especially vulnerable to the smorgasbord of temptations offered on the Net. Samuel writes: “Social media enthusiasts need to be extra cautious about online vices: We’re more likely to indulge (because we’re online more), more likely to get caught (because we’re widely watched) and more likely to disappoint others when we do (because they’ve seen us as the online standard-setters).”

I agree. There seems to be a never-ending supply of stories about educated adults, people who should know better, or even leaders in society getting into serious trouble because of their virtual-world behavior. The real-world results are showing up all around us: broken relationships, shattered careers, and even jail time.

What’s to be done? Samuel says, “You can manage the personal and professional risks of online indulgence by remembering the 3 Ps: Principled, Private and Planned.”

This is where I part ways with the blogger. I wonder: Can we really control online vices in this way? The overall effect of her words is to compartmentalize each of us into two (or more) distinct identities using online privacy. This approach may work for a time, but surely it leads to eventual disaster. In a sense, this guidance treats online privacy as the potion that allowed Dr. Jekyll to change into Mr. Hyde.

In Robert Louis Stevenson’s The Strange Case of Dr. Jekyll and Mr. Hyde, Jekyll wants to separate his good side from his dark impulses and develops a potion that transforms him into another version of himself, one with no conscience, who is known as Mr. Hyde. But although there is no good in Hyde, there is still evil in Jekyll. At first the doctor enjoys becoming Hyde, with all his freedom from moral and societal restrictions. But Hyde becomes increasingly violent, horrifying Jekyll, who is further dismayed to discover that he is transforming into Hyde in his sleep, even without taking the potion.

One message the book makes crystal clear is that we are each one person. My shadow self is still me. This is true even in virtual worlds, and studies have shown that people often act out their online activities in the real world.

There are many pragmatic questions raised by Samuel’s three P’s. Here are a few:Can online identities really be kept private to pursue online indulgence? I seriously doubt this is feasible over long periods of time, because the Internet has a great memory. Also, hackers abound—WikiLeaks, for example.

Do you really believe that Congressman Anthony Weiner (or most others) could be open and honest with his spouse about his secret tweeting to women around the country? People often go out of their way to hide online acts from the ones they love and lie to those who love them.

If integrity is doing what you say and saying what you do, how is Samuel’s approach truly principled? Isn’t duplicity the opposite of integrity?

Does being principled only mean not violating your own ethical bottom line? What if your ethical bottom line allows sending inappropriate pictures of little children? Are my principles merely reflections of federal or state law or company policy? Is that the best we can do?

Are there no principles that transcend our personal sense of right and wrong? Can’t we say that the hypocrisy of Ted Haggard or the perversion of Anthony Weiner is wrong, whether it violated their core principles or not?

More important than these objections is the fact that there is actually a better way: Surf your values. Connect your offline values and convictions with your online world. Practice virtual integrity. This means real transparency and accountability for online actions. Yes, we can still have fun and be anonymous on the Internet. But we must be wary of using browser controls, proxy servers, other privacy tools and online anonymity to feed a conscienceless shadow self or we will suffer a similar fate to that of Dr. Jekyll.

Every major tech and security company is trying to build a way to ensure the trustworthiness of online identities (see or end-to-end trust (see How can we have end-to-end trust if people have false identities and are creating separate accounts to deceive others and hide their activities? Many critics point out that Mr. Hyde is a play on words for someone who “hides” their darker side’s actions and motives. We can’t stop this behavior, but does that mean our best employees should be encouraging it?

[See Lohrmann on GovSpace, Dan Lohrmann’s blog on]

No doubt we all have made (and will make) mistakes. Humbly acknowledging our weakness and vulnerabilities is a good place to start. When we see the appalling headlines about our leaders and celebrities behaving badly in cyberspace, we can say: “There but for the grace of God go I.”

Cybersecurity teams see it all the time. Regular visits to the Internet’s dark side will be found out.

In terms of dealing with these behaviors among employees, what’s to be done?

1. We need more honesty and transparency in Internet transactions. Create a more trusting environment at work.

2. Talk to your boss, coworkers and staff about online boundaries and what’s appropriate when surfing. Don’t just post policies. Train and mentor.

3. Use your Web monitoring and filtering software to encourage the right behaviors and discourage those that are not allowed. Whether you use Websense or something else, build a culture of trust and openness at the office and with company assets. (This topic is definitely worth its own post.)

Ultimately, honesty, accountability and forgiveness are still the only approaches that work.


Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist and author. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan State Government. Dan was named: "CSO of the Year," "Public Official of the Year," and a Computerworld "Premier 100 IT Leader." Dan is the co-author of the Wiley book, “Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering From Inevitable Business Disruptions.” Dan Lohrmann joined Presidio in November 2021 as an advisory CISO supporting mainly public sector clients. He formerly served as the Chief Strategist and Chief Security Officer for Security Mentor, Inc. Dan started his career at the National Security Agency (NSA). He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US / UK military facility. Lohrmann is on the advisory board for four university information assurance (IA) programs, including Norwich University, University of Detroit Mercy (UDM), Valparaiso University and Walsh College. Earlier in his career he authored two books - Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD For You: The Guide to Bring Your Own Device to Work. Mr. Lohrmann holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

More from this author