Kill Chain Analysis for a Toxic Meeting
Source: Dev.to
You’ve been in a meeting that felt wrong in a way you couldn’t articulate.
Not hostile. Not explosive. Just… off. Something subtle was happening beneath the surface, and you walked out feeling smaller, foggier, or strangely drained.
Security professionals recognize this pattern because it mirrors the structure of a kill chain. Let’s walk through one.
The Scenario: A High‑Pressure One‑on‑One
You sit down with your manager for what should be a straightforward check‑in. You’re prepared. You know your work. But within minutes, the ground shifts.
Reconnaissance
Your manager starts probing:
- “Walk me through your thinking again.”
- “Why didn’t you consider X?”
- “Are you sure this is the right direction?”
These aren’t neutral questions; they test for hesitation, uncertainty, and emotional tells.
Access
The tempo changes. Questions come faster, expectations shift mid‑sentence.
- You’re answering one thing and suddenly defending another.
Your cognitive boundaries get bypassed, and you feel yourself slipping into fog.
Execution
Pressure lands hard:
- “We really need you to step up.”
- “This shouldn’t be that hard.”
- “I need an answer right now.”
Your breathing tightens, your posture shrinks, and you find yourself saying “yes” to things you don’t agree with.
Persistence
Every attempt to clarify is met with moving goalposts. Every effort to slow down is met with accelerated tempo. You’re no longer in a meeting; you’re in a loop.
Exfiltration
You leave the room drained. Clarity is gone, confidence dented, and boundaries feel quietly rewritten. No yelling, no threats—just a subtle, structured erosion of your emotional integrity.
The Emotional Kill Chain
| Kill Chain Stage | Emotional Equivalent |
|---|---|
| Recon | Probing questions, testing vulnerabilities |
| Access | Rapid‑fire questioning, cognitive overload |
| Execution | Pressure, urgency, boundary erosion |
| Persistence | Repeated destabilizing patterns |
| Exfiltration | Loss of clarity, energy, agency |
This isn’t a metaphor; it’s a structure. Just as a system can be compromised without malware, a person can be compromised without overt hostility.
TTPs: When Your Manager Runs Techniques on You
Security practitioners talk about Tactics, Techniques, and Procedures (TTPs)—the behavioral fingerprints of an attack. In this meeting, the TTPs look like:
Tactic: Pressure
- Technique: Urgency framing
- Procedure: “I need an answer right now.”
Tactic: Boundary Erosion
- Technique: Implied consequences
- Procedure: “We really need you to step up.”
Tactic: Cognitive Overload
- Technique: Tempo manipulation
- Procedure: Rapid‑fire questioning
Tactic: Emotional Manipulation
- Technique: Mood signaling
- Procedure: Sighs, disappointment, subtle disapproval
These aren’t always intentional, but they are effective and trigger measurable responses.
EIOCs: Emotional Indicators of Compromise
During the meeting, several emotional indicators fire:
- Cognitive Drift – fog, confusion, over‑explaining
- Boundary Integrity Breach – pressured agreement
- Relational Distortion – guilt, hypervigilance
- Autonomic Stress – tight chest, shallow breathing
If this were a SIEM, you’d see a cluster of correlated alerts; if it were a SOC, you’d escalate. Because it’s emotional, most people walk away thinking, “Why am I like this?” instead of recognizing a compromise event.
Why This Matters
The scenario isn’t rare, dramatic, or traditionally abusive, but it is a breach—a human‑layer compromise that drains clarity, agency, and emotional stability. Until now, there hasn’t been a framework for detecting it. That changes next week.
Coming Next Week—Part 2
EIOC: A Detection Framework for Human‑Layer Security
I’ll introduce:
- the severity matrix
- the correlation rules
- the time‑windowing model
- the persistence logic
These components turn the scenario into a formal detection system. If Part 1 made you feel seen, Part 2 will give you the language to understand why. Part 3—the runbook—will give you the tools to respond.