The American View: The Brotherhood of the Unflattering Pants (Redux)

News01 Jul 2025

I’d like to apologize for publishing so many columns connected to food. Last week was a double-header, with my regular Business Reporter column exploring the idea of operations management via a deli scene, and my inaugural column for The European Information Security Summit site discussing the Panera Bread vulnerability remediation issue. I realized yesterday that food and eateries have been coming up a lot more often in my writing recently because I’ve started finding most of my inspiration for my columns at lunch. I’ve been terribly busy lately between work, family, Scouts, preparing my next audiobook, and general life maintenance. Lunchtime tends to be the only time that I can afford to let my mind wander and find interesting associations.

This week was no exception. The idea for this column came to me while I was scarfing down a mediocre burger on Friday. I was minding my own business and scanning the crowd when a pair of young businesspeople took the next table over and captured my attention. The young lady was stylishly dressed in a colourful summer getup that impressed without being gaudy. I thought she was quite fetching while still looking wholly professional. Her companion, however, looked like a confused rodeo clown.

Specifically, the young businessman had made an extremely poorly wardrobe choice. His starched white dress shirt was fine, but his trousers … Dear God! The man went out in public in a pair of hopelessly oversized and wrinkled black polyester dress slacks that seemed to have been made for a man at least double his waist size. This was a fellow of medium build wearing trousers that could easily be converted into a personal flotation device. They billowed. They snagged on every knee-height object that he passed. They qualified as ‘rugose’ as if torn from the purple prose of an H.P. Lovecraft story. These were awful trousers.

I don’t mean ‘garish’ in an insulting fashion; I mean that they were so awful in fit, finish, colour, and cut that I couldn’t find a comparable stock photo to represent them.

Forgive me for being a dyed-in-the-wool security person, because the first thing I thought of on seeing that poor fellow’s awful attire was ‘That dude looks like he just declared himself to be a very low potential security risk.’

To be clear, I’m not trying to draw any sort of parallel between a person’s fashion sense and their potential criminality. That’s close, but misses the point. What I mean is that security and operations leaders sometimes use small-but-meaningful practical tests of obedience to see who in their organisation they might need to keep a closer eye on. I suspect that’s why this fellow was out in public wearing a truly defamatory trouser selection. He’d been given an order to change up his wardrobe for the day, grabbed the closest thing that he had that met his employer’s new requirement in his wardrobe, and went to work.

The technique works like this: someone in authority (usually an executive) declares that the company dress code is changing for one day only to accommodate a ‘special event.’ The ‘event’ can be anything; a visiting executive, a high-profile client, a television taping, whatever. The actual reason announced is just an excuse. What the line-leaders are specifically looking for is who amongst the population obeys the new dress code order in good faith and who ignores it. The worker who bristles at being told what to do and refuses to comply is marking him- or herself as someone who prioritises their own wants above the company’s directives. In short, someone who has a predisposition to ignore security regulations when said regulation becomes inconvenient to them.

This is important. Long-time readers will recognize that this is a deliberate call-back to a book that I wrote on this subject called Office Cowboys: Cautionary Tales from the Cubicle Frontier. To quote … er, well, … myself:

I now hate myself more for quoting my own work than I hated that young businessman’s trousers.

‘I train my cyber support employees to evaluate user behaviour for evidence of petty rule violations, because each act of defiance predicts a future security breach. I strive to drum this mantra into my people: “If an employee is able to rationalize violating one rule, then they are likely predisposed to violate others.”

‘That’s why I always monitor my workplace for evidence of defiant behaviour. It’s not so much a matter of identifying an emergent threat; rather, it’s a critical indicator that leadership should take note of early on. If an employee is willing to petulantly defy the organisation’s easy rules, then they’re also likely to petulantly defy our critical security rules when compliance is difficult. I teach my security techs to watch out for and monitor these “I do what I want!” cowboys because they represent the most likely sources of human-imposed vulnerabilities to the enterprise cyber infrastructure.’

Well said, er … me. Good grief that’s pretentious. Argh! Sorry.

So, why use an altered dress code for a compliance exercise? Because the results are instantly obvious. It just takes a glance. If you announce that everyone must wear, say, a suit or an unusual colour top for one day only, you’re going to catch most workers unprepared. No one has an infinite supply of possible business compatible outfits. Closets are only so large. People tend to accumulate clothes that are appropriate to their workplace and displace work clothes that they can’t wear in their current office.

Moreover, people change shape over time. [2] Outfits that you wore regularly two or three jobs ago will likely no longer fit when you need them later. Clothes aren’t magic, either. Unlike what Ann Brashares’ best-selling, young adult, coming-of-age novel The Sisterhood of the Traveling Pants might have led you to believe, no item of clothing will ever magically re-size itself to perfectly fit your evolved shape. Ain’t happening.

Working yourself to the bone and fueling yourself with junk food has a way of … changing … a person over time. Ask me how I know …

That’s what I was on about regarding the mysterious businessman in the stunningly awful trousers. I’d bet a fiver that this man’s boss was running an internal compliance exercise on his office. Given that this bloke didn’t have anything better than that circus costume pair of trousers to wear, I suspect that his company was normally a T-shirt and jeans sort of place. Their boss probably ordered everyone to be in ‘business attire’ for one day, and this fellow was simply obeying as best he could with the old slacks that he still had stuffed in the back of his closer. Credit earned for making a valid (if failed) attempt to comply. Box checked. Moving on …

If these sorts of ‘unannounced exercises’ seem like dirty tricks, I can empathize. It is a bit sneaky. It’s not a sure-fire way to prove that a given employee might be a future troublemaker. It is, however, a fairly reliable and completely fair way to test people’s wilful compliance. A reasonable order gets issued and some people decide to wilfully disobey it. The likely miscreants out themselves.

The fact that the order isn’t truly important is entirely the point. The budding bad actors’ demonstrated willingness to ignore orders that they don’t care for is a strong indicator that these people are more likely than their peers are to put the company’s security in jeopardy someday by refusing to obey a minor but wholly necessary security protocol. From the perspective of a security chief, it’s far better to know who those people are early – before it counts! – than to wait until a preventable breach occurs. If you learn who your potential rogues are early, you can see to it that your most defiant workers are re-trained, rehabilitated, or encouraged to move on to their next adventure.

[1] Er … spoilers?

Culture/People