The Fallacy of Being Irreplaceable

Robert Broxup

Imagine if one person held the only keys to a vital system, and then went on sudden sick leave. How long would it take before things ground to a halt?

A Dangerous Fallacy

There is a persistent fallacy in some workplaces, the belief that if you keep your knowledge to yourself, you become indispensable. That by becoming the only person who knows how to do a task, run a process, or fix a problem, you’re creating job security. In reality, this mindset introduces fragility, not strength. It’s a short-term tactic that fails the long game of career growth, leadership, and organisational resilience.

In a previous article, Winning the lottery or failing the bus test (8th June 2015), I explored a simple resilience thought experiment: What happens if a key person wins the lottery or gets hit by a bus? Whether someone leaves for joyful reasons or tragic ones, the point remains. Businesses must be prepared to continue functioning without any one individual.

That article focused on assessing the risk, whereas this one focuses more on one of its root causes – knowledge hoarding.

The Hidden Cost of Knowledge Hoarding

The idea that hoarding knowledge makes you valuable is deeply flawed. It’s understandable that people want to feel needed, but locking knowledge inside our heads doesn’t protect our position. In practice, it limits our growth, introduces single points of failure or single points of success into the business – situations where one person’s absence could derail critical operations or progress. These points of fragility are the antithesis of good governance, risk management, and succession planning.

I have experienced many situations over the years where we have discussed specific topics and issues, identified information that we needed to proceed, assigned tasks in the meeting, and scheduled a follow-up meeting, only to discover a week later that someone already had all the information but didn’t share it, allowing us to waste valuable time.

Understanding the Motives

People hoard knowledge for many different reasons. Sometimes fear-based, other times it’s due to past experiences or organisational dynamics. Here are some of the most common causes:

  • Fear of being replaced
  • Belief that knowledge equals power
  • Job insecurity
  • Ego or status-driven behaviour
  • Lack of trust in colleagues or leadership
  • Past experiences of being overlooked or unrewarded after sharing
  • Competitive or toxic workplace culture
  • Unclear job boundaries or expectations
  • Lack of recognition for knowledge-sharing efforts
  • High workloads and time pressure
  • Absence of easy-to-use documentation tools or systems

The Power of Shared Knowledge

But all of these are based on a fallacy, that being the only one who knows something creates job security. In truth, this behaviour can backfire spectacularly. The real value comes from empowerment, not from exclusivity.

Sharing knowledge also depends on trust. In organisations where people feel safe to ask questions, admit what they don’t know, and share openly, knowledge flows more naturally. This psychological safety underpins a learning culture and strengthens resilience.

I once had a conversation with someone who told me that, because I’d gone to university and earned a degree at great personal expense, my knowledge was my property — something to sell, not share. I’ve never fully agreed with this mindset. I’ve always felt that knowledge becomes more valuable when it helps others. It is one of the reasons I continue to write and publish articles here on Integritum; not because I have all the answers, but because collective thinking helps us all improve.

In resilient teams:

  • Knowledge flows through cross training
  • Processes are documented, shared, and improved collaboratively.
  • Team members cover each other’s workload during sickness and annual leave
  • If someone receives a promotion, resigns, or retires, they can do so without the business suffering.

The Path to Growth

If someone else can do what you do, that doesn’t make you replaceable – it makes you promotable. Consequently, the objective is not to cling to tasks, but to enable others so we can move on to high-value work. It is not about guarding secrets, but creating capacity in others.

For succession planning, every role should have a shadow, a backup, or at least a process manual. Onboarding new staff, covering holidays or sickness, or responding to emergencies – shared knowledge builds resilience.

When we share knowledge, the benefits are wide-reaching. It builds trust, supports professional development, and improves operational continuity. For example:

  • We build trust with colleagues
  • We support a culture of learning
  • We position ourselves as leaders
  • We reduce organisational risk
  • We create the conditions for personal growth and advancement

The idea that ‘if no one else knows how we do this, they’ll always need us’ may feel like control, but in reality it only serves to trap us where we are. True job security doesn’t come from being irreplaceable, it comes from being so effective, helpful, and growth-oriented that people want us to succeed, and want to give us responsibility, not less. The more people that can do what we do, the more space we will have to do something greater.

Standards That Reinforce the Message

Standards such as ISO 27001, ISO 9001, and ISO 42001 define management system frameworks that reinforce the importance of documented processes and knowledge continuity as core aspects of resilience and risk management.

As AI continues to automate routine work, the value of human roles will shift even more toward strategic thinking, mentorship, and collaboration — all of which depend on shared knowledge.

Reflections on Client Confidentiality

Robert Broxup

In 2017 and 2018, I wrote a four-part series titled “How Much Info Is Too Much?” to challenge an uncomfortable norm: professionals, especially in IT and information security, are routinely expected to share confidential client details as proof of credibility. Whether in procurement discussions or during recruitment, the pressure to disclose private information to secure the next opportunity became standard practice.

Seven years later, this article recaps the original series, ties in a follow-up article on recruitment ethics, and considers whether we have changed our professional culture or whether client confidentiality is still treated as expendable when careers or contracts are on the line.

The Ethics of Disclosure

The series began with a direct comparison that exposed the double standards applied to confidentiality in IT and other professions.

“Imagine asking a solicitor about their past divorces to prove they can handle yours – it would never happen.”

Part 1 (4th December 2017) challenged the assumption that sharing previous client information demonstrates trustworthiness. It used everyday examples like taxi drivers, alarm installers, and lawyers to make a key point. In nearly every other industry, discussing former clients would be considered unprofessional, if not a breach of duty. Why should IT and information security be any different?

Even now, procurement teams and hiring managers sometimes equate name-dropping past clients with credibility. Sharing details about past clients to win future work may signal cooperation, but it also demonstrates a lack of discretion and professionalism.

During my years running a small business, I often found myself pressured to list previous clients. This expectation not only contradicted the NDAs I had signed, but also reflected a fundamental misunderstanding of professional discretion. This isn’t to say that referencing clients is always wrong, but it must be:

  • Done with clear consent
  • Aligned with contractual terms
  • Handled with the client’s reputation and privacy in mind.

Anything less risks crossing the line from credibility to compromise. In my case, I relied on client-provided testimonials, which offered a transparent and ethical way to demonstrate value without breaching confidentiality.

  • Red flags in procurement – Requests for client names during early-stage procurement discussions could mask poor information governance practices.
  • Professional codes of conduct – While IT lacks formal licensing, many adjacent fields, including law, healthcare, and finance, would consider such disclosure a breach of conduct. Expectations in tech are starting to catch up.
  • Trust is built, not bought – Professional trust is earned through process, integrity, and insight, not by exposing others’ confidential work.
  • Cognitive dissonance – Clients who ask you to sign a Non-Disclosure Agreement (NDA) while requesting information about your past clients fail to see the contradiction.
  • Alternative marketing – Referencing industries served, or challenges solved is usually sufficient; naming clients is rarely necessary.
  • Protect client reputations – Professionalism includes protecting client reputations long after the contract ends, reinforcing trust and encouraging future referrals.

Spotting Red Flags in Early Conversations

The second article shifted from theory to practice, warning about misleading early-stage discussions.

“A 15-minute call that’s all about your past clients and nothing about current needs? This is not a sales lead; it is a red flag.”

Part 2 (12th December 2017) moved from principle to practice, focusing on identifying conversations that veer into information mining rather than genuine engagement. If a potential client spends more time asking about previous engagements than outlining their own needs, it’s likely not a real opportunity.

With AI-powered voice impersonation, deepfakes, and corporate espionage now part of the landscape, the original advice has only grown in relevance.

  • AI-enhanced phishing – Voice cloning, spoofed job interviews, and fake procurement exercises are becoming advanced tools for corporate surveillance.
  • Context matters – If the caller avoids basic discovery questions like “What are your current pain points?” it’s likely not a real opportunity.
  • Pretexting attacks – Attackers now use believable personas (recruiters, clients, journalists) to harvest sensitive business intelligence.
  • Mutual due diligence – Ethical conversations involve reciprocal openness. You shouldn’t share anything confidential if they are unwilling to share anything about their needs.
  • Training needed – Professionals don’t always know how to identify social engineering, which happens before the obvious red flags; it needs to change.
  • Process, not paranoia – Having a clear discovery script or intake process can help deflect and detect bad actors while remaining professional.

When Disclosure Becomes Expected

Part three took a more candid tone, acknowledging that indiscretion is sometimes rewarded, even incentivised, in the workplace.

“Those who break confidentiality are often rewarded with a contract opportunity, not because they are professional, but because they cooperate in breaching confidentiality.”

Part 3 (18th December 2017) took a sharper tone, acknowledging the grim reality that disclosing confidential information helps people win work. This behaviour has become normalised in sectors like IT and information security, where no professional licence to revoke and no external body enforcing ethical standards.

We still see this today, especially in competitive bids where clients and employers reward name-dropping and logo slides. ISO standards, frameworks, and organisational codes of conduct are slowly shifting this culture by embedding expectations of privacy, discretion, and ethical information handling.

  • Reward structures misaligned – Selection teams often reward evidence of previous client activities over ethics, perpetuating indiscretion as a competitive advantage.
  • Governance maturity gaps – Many organisations still treat confidentiality as optional unless regulated, a sign of weak internal controls.
  • Contractual ambiguity – Vague NDA terms or lack of policy enforcement can open confidentiality to interpretation.
  • Culture shift in motion – Society is slowly reframing discretion as a strength, especially in vendor risk assessments.
  • Risk of litigation – In regulated sectors, disclosing client details without authorisation now carries legal risk, not just reputational damage.

A Professional Alternative

To counter the trend of oversharing, the fourth article offered a proactive solution: shifting the focus to structured, client-first engagement.

“Credibility should come from solving real problems, not showcasing someone else’s private history.”

Part 4 (4th January 2018), and the final article in this series, offered a way forward: a professional five-step process for engaging with clients. It helps avoid off-topic digressions about past work and puts the focus where it belongs, on solving the client’s current problems through a structured, ethical dialogue.

As procurement and supplier due diligence processes become more rigorous, driven by regulatory scrutiny, AI governance, and Environmental, Social, and Governance (ESG), structured professional processes are no longer a luxury. They’re essential for resilience, trust, and legal protection.

  • Credibility through repeatable processes – A professional engagement process builds more trust than any client list ever could.
  • Focus on expertise, not exposure – Clients want insights into their problems, not a retrospective on someone else’s problems.
  • Structured onboarding protects both sides – When done well, it guards against phishing and reputational risk for both parties.
  • Modern due diligence expectations – Clients are increasingly judged by what they ask and how they conduct vendor selection ethically.
  • Buyers expect maturity – Especially in regulated or AI-governed environments, buyer organisations are now penalised for lax supplier onboarding.
  • Resilience through process – Repeatable processes ensure you maintain credibility through moments of pressure, ambiguity, or inconsistency.

Recruitment: A Parallel Problem

The follow-up article expanded the issue into recruitment, highlighting the ethical risks of sharing confidential information when changing jobs.

“If you’re willing to use your current employer’s clients now to get a new job, you’ll likely do the same to your next employer.”

In this follow-up article, Avoid Revealing Employer’s Clients (12th April 2018), I explored how the same confidentiality breaches play out during recruitment. Candidates sometimes list their employer’s clients on public profiles and CVs or refer to them in interviews, thinking it shows breadth of experience. However, the ethical problem is the same: those clients aren’t theirs to share.

Today, these disclosures can end careers before they start. Many firms now treat unauthorised disclosure of client identities as a breach of NDA, contract, or even data protection law, and rightly so. Confidentiality applies just as much when leaving a company as when engaging with a new one.

  • CV red flags – Listing employer clients without authorisation can violate contracts and raise character concerns — even before the interview stage.
  • Reputation risk in hiring – Employers increasingly filter out candidates who appear to treat sensitive data as a personal asset.
  • Due diligence extends to applicants – Some roles now include applicant-level risk profiling — where client name-dropping is seen as a security weakness.
  • Confidentiality clauses apply post-exit – NDAs, employment contracts, and professional ethics don’t expire when you change jobs.
  • Professionalism – The best candidates increasingly demonstrate judgement, not just experience.
  • Culture fit matters – Organisations with strong governance cultures actively avoid hiring people who treat discretion as optional.
  • Recruiters need clarity – Some recruitment agents still encourage “name-dropping” for profile strength, but this can backfire for both candidates and the agency.

Additional Thoughts

Whether in recruitment or procurement, the heart of this matter remains unchanged. Professionalism in this context is about discretion, not disclosure. We can’t gain trust and establish credibility by revealing what we did for others; we can only demonstrate what we can do for future clients or employers.

That said, one fact remains the same. Suppose people and businesses are forced to choose between disclosing client names (along with what was done and when) or risking the conversation about future work ending abruptly. In that case, they often choose the opportunity first.

Unfortunately, many professional cultures still reward indiscretion while overlooking integrity, especially when disclosure offers a short-term advantage. This isn’t just a question of professionalism; it’s a systemic problem.

It reminds me of the UK smoking ban in pubs. Many landlords wanted to implement a smoke-free policy years before it became law, not just for the health benefits but also to create a better environment for their customers and staff. They couldn’t because if one pub acted alone, the smokers would go next door, taking away a significant portion of their revenue. There were a few exceptions, but it wasn’t until the ban became a legal standard that everyone could act without fear of competitive loss.

Confidentiality suffers from a similar imbalance. Clients, employers, and recruiters are legally entitled to ask questions. Employees, consultants, and small business owners often feel compelled to respond, as not answering might mean losing the opportunity.

Change will remain slow until our professional culture matures to reward discretion and due process rather than indiscretion and shortcut credibility. It will remain impossible to lead alone, and the cycle will continue.

The minefield of buying and selling online

Robert Broxup

Online marketplaces have transformed over the past decade. While it’s never been easier to buy or sell, it’s also never been riskier. Artificial intelligence, mobile-first commerce, and peer-to-peer platforms have created new opportunities and new threats. Whether you’re an occasional user or an online trader, staying safe in 2025 means understanding modern risks and adopting secure behaviours. This article highlights some of the essential areas for both buyers and sellers. I also refer to some older security awareness articles that are still relevant today.

How online threats have evolved

Online scams have evolved far beyond basic phishing and fake listings. Fraudsters now use AI-generated content to impersonate people, automate conversations, and create fake websites that closely mimic trusted brands. At the same time, there are many new entries to the market. Amazon and eBay were the pioneers, but they no longer dominate the marketplace.

  • Threat actors use AI to create convincing fake profiles, listings, and customer service chats. It is harder to spot fakes because tell-tale signs such as poor spelling and grammar are becoming a thing of the past.
  • Traditional auction sites are now part of a much larger, more fragmented ecosystem.
  • Email protection and spam filtering have evolved, but so have fraudsters with more convincing emails, social media profiles, text messages, instant messaging, and in-app messages.
  • Scammers now behave like real users, mimicking platform language, branding, and interfaces with ease, making scams harder to spot than ever.
  • The Website Credibility Test (5th March 2018) – Not all websites deserve your trust, even if they look professional. This article explores how poor design choices, such as fake search boxes (containing links), pop-ups, and sneaky opt-out purchases, often indicate dishonest business practices. It reminds readers that site behaviour directly reflects the people behind it, and you may be unable to trust it with your payment information.

Staying safe as a buyer

Buyers today must navigate deals across dozens of platforms, some offering little or no protection. Many scams involve off-platform communication or payment, which can void any dispute rights. Even when a transaction appears secure, scammers may attempt to use urgency or fear to push buyers into quick, irreversible decisions.

  • Stick to platforms with formal buyer protection and avoid off-platform transactions.
  • Use credit cards where possible, as they offer the strongest consumer protection.
  • Enable Multi-Factor Authentication (MFA) on shopping and payment accounts.
  • Be cautious with deals that seem urgent, emotional, or unusually cheap.
  • Always double-check the seller ratings, the age of the account, and listing consistency.
  • Confirm shipping costs and return policies before you buy. Consider the item’s location carefully as returning a low-cost item from overseas may cost more than the item itself.
  • Deviation from the Norm (29th June 2019) – Scammers don’t always ask for your money directly. They often ask you to behave in ways that feel unusual. This article highlights how fraudsters push victims into unorthodox payment methods like cash or bank transfers, offering excuses that sound urgent, emotional, or even official. Deviating from established norms, like not using a credit card, removes your safety net. The key message is simple: if the process feels off, it probably is.

Protecting yourself as a seller

Sellers face increasing pressure to provide a fast, friendly, and reliable service but also face rising risks from fraudulent buyers and chargebacks. Verifying payment, understanding platform rules, and setting boundaries are key to staying protected.

  • Never dispatch items until you’ve confirmed cleared payment.
  • Avoid off-platform messages that could void your ability to raise a dispute.
  • Watch for overpayment scams and never refund a mistake before verifying the original payment in cleared funds.
  • Understand how your platform handles refunds, chargebacks, and seller disputes.
  • If in doubt, cancel the sale and report the user.
  • Document what is available for the transactions, such as photographs, messages, proof of postage, and receipts.
  • Unsafe financial transactions (16th July 2019) – Despite years of warnings, unsafe transactions are still commonplace. This article explains why bank transfers, upfront fees, and cheques expose buyers and sellers to avoidable risk. It also describes how fraudsters manipulate trust by creating fake emergencies, fake job offers, and fake loans to trigger emotional decisions. Recovery is difficult or impossible once money is sent, especially outside of regulated systems.
  • Reducing fraud with virtual cards (6th March 2022) – Virtual cards act like a firewall between your real bank details and the internet. This article introduces how they work, why they matter, and where they’re most effective, especially against subscription traps, stealth auto-renewals, and websites that refuse to remove your card details. By generating a disposable card number for each transaction, you can cancel future payments instantly without exposing your real account details. It’s an innovative process in today’s risk-heavy digital economy.

Trust and transparency

Trust still matters, but it is getting harder to gauge. Reviews, profiles, and trust signals are now easily faked. Scammers often impersonate legitimate businesses or flood their accounts with fake reviews to seem credible.

  • Look for account age, detailed feedback, and a history of similar transactions.
  • Check for signs of review manipulation, such as the same comments across multiple sellers, and be suspicious of vague or overly glowing feedback.
  • Use official company registers to validate business identities.
  • Providing visible contact details and policies demonstrates transparency and builds trust.

Modern Security Hygiene

Cyber hygiene has become a baseline expectation for all users. Relying solely on strong passwords isn’t enough. Buyers and sellers must adopt multi-layered security measures to protect their money and personal information.

  • Use a password manager to create and store strong, unique passwords. Don’t reuse passwords across multiple sites.
  • Enable Multi-Factor Authentication (MFA) on every account that supports it.
  • Avoid clicking on links in unsolicited emails or instant messages and go directly to the platform.
  • Keep mobile apps updated and install only from trusted sources.
  • Log out of platforms after transactions. Don’t rely on closing the browser tab.
  • Time for some digital housekeeping (25th February 2024) – The sheer number of online accounts we create has grown beyond what most people can realistically manage. This article looks at the long-term risks of account proliferation, from weak password habits to privacy exposure and an ever-expanding attack surface. It also critiques common website behaviours like blocking password managers (preventing the cut and paste of complex passwords) and unnecessarily requiring logins. With practical advice on using password vaults, enabling MFA, and deleting old accounts, it serves as a modern guide to cleaning up your digital footprint and regaining control.
  • More on passwords (21st January 2019) – This article revisits the basics of password security and why those basics still matter. It covers weak PINs, social media oversharing, and the risk of password reuse across multiple sites. It also touches on modern hacking tools that guess passwords based on personal information. Strong, unique credentials remain part of a solid defence.

What to do when something goes wrong

Even when you’re careful, things can still go wrong. Acting quickly and documenting everything improves your chances of recovering lost money or resolving disputes successfully.

  • Save all messages, screenshots, emails, receipts, and postage confirmations.
  • Report issues directly through the dispute resolution process.
  • Understand payment protection options like PayPal Buyer Protection or credit card chargebacks.
  • Monitor your financial accounts for unauthorised transactions after purchases.
  • File complaints within the time limits mandated within the platforms.
  • If necessary, escalate to consumer protection bodies or regulators.

Concluding thoughts

Online marketplaces are no longer just the domain of digital natives. While younger generations have grown up with e-commerce, many people who previously avoided online transactions are venturing into digital marketplaces for the first time. Whether out of necessity, convenience, or curiosity, this growing wave of new participants includes individuals who may be less familiar with the risks. That’s why messages around online safety, fraud awareness, and secure practices need to keep circulating.

The technology may change, but the underlying tactics of scammers remain the same. To paraphrase P.T. Barnum, “There is a victim born every minute”. Here are a couple more articles that remain relevant today.

  • Caught in the Net (29th January 2019) – Phishing is still a leading cause of online fraud, and it’s not going away. This article explains how phishing emails work, why they’re effective, and how they prey on urgency, fear, or empathy to trick people into clicking links or sharing sensitive data. It also explains how even experienced users can fall for realistic scams and why a cautious, verification-first approach to email is essential in today’s environment.
  • Hit with the Spear (22nd July 2019) – Spear phishing is phishing with precision. This article explains how scammers gather personal details from social media, CVs, and online profiles to craft highly believable messages. Unlike random spam, these messages are tailored to the recipient and often bypass spam filters entirely. The article breaks down the process, from initial research to final action, and shows why oversharing online can open the door to persuasive attacks.

Rethinking the Ethics of AI in publishing

Robert Broxup

In publishing, where authority and trust are paramount, ethics can be both a guiding light and a minefield. Artificial Intelligence is reshaping how content is written and published, offering unprecedented efficiency but also raising ethical questions. This article explores how AI use in publishing can either support expert work or simulate it for influence or profit, often with damaging consequences. Ethical AI in support of human expertise includes:

  • Use of AI to enhance the work of expert writers and publishers – AI can support skilled professionals by streamlining research, suggesting improvements, and accelerating drafting processes. This allows authors, editors, and publishers to produce higher-quality content more efficiently while retaining creative and authoritative control.
  • Use of AI to fake expertise in writing and publishing for profit or influence – AI tools can generate polished, authoritative-sounding text, enabling individuals with little subject knowledge to publish materials with no means to verify accuracy, such as sites with a primary purpose of generating advertising or referral-related revenue. Inaccurate or misleading information undermines trust, distorts public discourse, and floods the market with low-quality or deceptive content while projecting authenticity.

Ethical AI use enhances productivity while ensuring that human expertise, critical judgment, and accountability remain central to the publishing process. The threshold for ethical AI use is clear to me: AI should assist experts, not create expertise, and the authors should be the subject matter experts and able to write the article independently, even if they choose to use AI to enhance productivity, clarity, and efficiency.

Ethical AI in Support of Human Expertise

When used ethically, AI can enhance the capabilities of skilled professionals without compromising integrity or authority. These are examples of how AI can respectfully support subject matter experts in the publishing process:

  • AI-assisted outlining and structuring – Subject matter experts can use AI to organise ideas, generate summaries, or improve coherence, allowing them to focus on deep analysis and insights.
  • Improved productivity without sacrificing integrity – AI helps streamline tasks like grammar correction, rewording, and formatting, reducing the time spent on administrative aspects of writing.
  • Experts are responsible for factual accuracy – AI may provide suggestions, but final validation, critical thinking, and real-world expertise shape the published work.
  • Refinement without compromising meaning – AI tools can enhance readability, correct errors, and optimise for audience engagement while preserving the writer’s original message and intent.

Where Ethical Boundaries Are Crossed

Unfortunately, AI is often used not to enhance genuine expertise, but to simulate it. This approach introduces risk, erodes trust, and undermines professional standards. Misuse includes bypassing real subject knowledge, misleading audiences, or generating content purely for financial gain, regardless of accuracy or credibility. AI should never be used to publish work that the author couldn’t understand, write, or explain without it.

  • Mass-production of AI-generated content without subject knowledge – Using AI to generate numerous articles on specialized topics without subject-matter expertise leads to shallow and misleading content.
  • Plagiarism and misinformation risks – AI can fabricate facts, misinterpret sources, or produce content that closely resembles existing material, raising ethical and legal concerns.
  • Deception and false authority – Presenting AI-generated work as if written by an expert misleads readers and erodes trust in professional knowledge.
  • Revenue-driven content farming – Some use AI to create high volumes of low-quality content, designed solely to rank on search engines and generate advertising revenue, regardless of accuracy or reader value.
  • Automated publishing without human oversight – AI lacks ethical judgment, industry experience, and the ability to apply critical judgement in context, making unchecked AI-generated content prone to serious errors and misleading claims.

Ethical AI use supports expertise, boosts efficiency, and preserves credibility. In contrast, misuse leads to misinformation, low-quality content, and eroded trust in professional knowledge. AI is a powerful assistant but human expertise remains irreplaceable. As AI continues to evolve, so too must our standards for credibility, authorship, and trust. In a world where anyone can publish, the true measure of value lies not in how content is created, but in who stands behind it.