Ask anyone about “infosec tools” and the list will depend on red/blue perspective and experience but will usually include the likes of BloodHound, Metasploit, Burp, Mimikatz, Cobalt Strike, Nmap, and Netcat. These are all great but, too often we ignore that there is a separate side to infosec: there is a “non-technical” dimension we all should participate in as we work with others. How do we diagnose what kind of problem we’re dealing with? How do you help others? How do you improve yourself? This is where thinking about mental models and personal improvement really helps. This talk will introduce different mental models and frameworks that can be useful to a practitioner in multiple scenarios, from working on a team, to project management, to planning their careers.