Kill Chain Analysis for a Toxic Meeting

Part 1 of the EIOC Series

You’ve been in a meeting that felt wrong in a way you couldn’t articulate.

Not hostile. Not explosive.

Just… off.

Like something subtle was happening beneath the surface, and you walked out feeling smaller, foggier, or strangely drained.

Security people know this pattern better than most—because it mirrors the structure of a kill chain.

Let’s walk through one.

The Scenario: A High‑Pressure One‑on‑One

You sit down with your manager for what should be a straightforward check‑in.

You’re prepared. You know your work.

But within minutes, the ground shifts.

Reconnaissance

Your manager starts probing:

• “Walk me through your thinking again.”
• “Why didn’t you consider X?”
• “Are you sure this is the right direction?”

They’re not gathering information.

They’re testing for hesitation, uncertainty, emotional tells.

Access

Then the tempo changes.

• Questions come faster.
• Expectations shift mid‑sentence.
• You’re answering one thing and suddenly defending another.

Your cognitive boundaries get bypassed.

You feel yourself slipping into fog.

Execution

Now the pressure lands.

• “We really need you to step up.”
• “This shouldn’t be that hard.”
• “I need an answer right now.”

Your breathing tightens.

Your posture shrinks.

You hear yourself saying “yes” to things you don’t agree with.

Persistence

Every time you try to clarify, the goalposts move.

Every time you try to slow down, the tempo accelerates.

You’re no longer in a meeting.

You’re in a loop.

Exfiltration

You leave the room drained.

Your clarity is gone.

Your confidence is dented.

Your boundaries feel like they’ve been quietly rewritten.

And the worst part?

Nothing “bad” happened.

No yelling. No threats. No explicit harm.

Just a subtle, structured erosion of your emotional integrity.

The Emotional Kill Chain

Mapped to a cybersecurity kill chain, the parallels are unmistakable:

This isn’t metaphor.

It’s structure.

The same way a system can be compromised without malware, a person can be compromised without overt hostility.

TTPs: When Your Manager Runs Techniques on You

Security practitioners talk about Tactics, Techniques, and Procedures (TTPs)—the behavioral fingerprints of an attack.

In this meeting, the TTPs look like:

• Tactic: Pressure

  • Technique: Urgency framing
  • Procedure: “I need an answer right now.”

• Tactic: Boundary Erosion

  • Technique: Implied consequences
  • Procedure: “We really need you to step up.”

• Tactic: Cognitive Overload

  • Technique: Tempo manipulation
  • Procedure: Rapid‑fire questioning

• Tactic: Emotional Manipulation

  • Technique: Mood signaling
  • Procedure: Sighs, disappointment, subtle disapproval

These aren’t always intentional.

But they are effective.

And they trigger something measurable.

EIOCs: Emotional Indicators of Compromise

During the meeting, several emotional indicators fire:

• Cognitive Drift—fog, confusion, over‑explaining
• Boundary Integrity Breach—pressured agreement
• Relational Distortion—guilt, hypervigilance
• Autonomic Stress—tight chest, shallow breathing

If this were a SIEM, you’d see a cluster of correlated alerts.

If this were a SOC, you’d escalate.

But because it’s emotional, most people walk away thinking:

“Why am I like this?”

Instead of:

“A compromise event occurred.”

Why This Matters

This scenario isn’t rare.

It’s not dramatic.

It’s not abusive in the traditional sense.

But it is a breach—a human‑layer compromise that drains clarity, agency, and emotional stability.

And until now, there hasn’t been a framework for detecting it.

That changes next week.

Coming Next Week—Part 2

EIOC: A Detection Framework for Human‑Layer Security

I’ll introduce:

• the severity matrix
• the correlation rules
• the time‑windowing model
• the persistence logic

…that turn this scenario into a formal detection system.

If Part 1 made you feel seen, Part 2 will give you the language to understand why.

And Part 3—the runbook—will give you the tools to respond.