Hosted by What the CEO REALLY thinks about Security and what you can do to influence him/her......
-
Upload
kelly-wright -
Category
Documents
-
view
213 -
download
0
Transcript of Hosted by What the CEO REALLY thinks about Security and what you can do to influence him/her......
Hosted by
What the CEO REALLY thinks about Security and what you can do to influence him/her.
. .
Thornton May, Researcher, Career Therapist Futurist
Hosted by
Let’s Level Set with Three
Audience Response Questions
Hosted by
35%
28%32%
3%0%
2%0%
1 2 3 4 5 6 7
Hosted by
With regards to Information Security, is your CEO…
1.A September 10th kind of guy (e.g., operating in a fashion similar to that prior to the terrorist attacks on September 11th]
2.A September 11th kind of guy [e.g., operating in crisis/reactive mode – playing catch up]
3.A September 12th kind of guy [e.g., have a plan and is executing it]
4.Other
Hosted by
5%
19%
76%
1 2 3
Hosted by
How many times would your CEO have to take the Certified Information Systems Security Professional (CISSP) test before receiving certification?
1.Once. He/she ‘owns’ this security stuff2.Three times. Once to understand the test, twice to get the kinks out, the third time he/she would ace it3.Billions and billions [the galaxy will have stopped expanding]
Hosted by
26%
39%35%
1 2 3
Hosted by
How many sales calls would your CSO need to go on before he/she could sell your organization’s primary product/service to a qualified prospect?
1.Once. He/she ‘groks’ to how money is made around here2.Three times. One to understand the gig, two to get the kinks out, the third time he/she would have them eating out of their hands3.Billions and billions [the galaxy will have stopped expanding]
Hosted by
What Do Your Responses
to These Three Questions Tell Us?
Hosted by
Says a little something about
the ‘maturity’ levels of CEO infosec
thinking
Says a little something about
the ‘perceived’ business savvy of infosec
practitioners
Hosted by
What Is Going OnInside the
‘Head’ of Your CEO…
Hosted by
CEO Über-Truth #1
Not all CEOsare
alike…
Hosted by
CEO Über-Truth #1
Not all CEOsare
alike…
Hosted by
What is the first thing
on most CEO/MD’s Minds?
1.Doing Their Job?
2.Keeping Their Job?
3.Other?
Hosted by
That On-Demand Stuff Can Be Tricky…
All-you-can-eat was too muchRed Lobster's chief is ousted after a crab promotion loses money. BENITA D. NEWTON, St. Petersburg Times (September 26, 2003)
Darden Restaurants of Orlando replaced the president of Red Lobster. The move came after management vastly underestimated how many Alaskan crab legs customers would consume…
"It wasn't the second helping, it was the third one that hurt," company chairman Joe R. Lee said in a conference call with analysts.
Hosted by
That On-Demand Stuff Can Be Tricky…
"Yeah, and maybe the fourth," added Dick Rivera, Darden's chief operating officer. Rivera has taken over as president of Red Lobster.
Former president Edna Morris, 51, who oversaw the crabfest, has left "to pursue other interests," the company said.
Hosted by
Where Do Senior Executives Spend Their Time?
Source: Author’s survey of CEO/CGO and senior divisional directors time
Percentage of Time Spenton Activities That AreLow
Value-AddedHigh
Value-Added
Reactive Problem-Solving and Discovery Meetings
Related Political Activity
Administration and Administrative Leadership
Decision-Making and Strategy
Dealing with Customers
Dealing with Suppliers
Visiting Operations
Coaching and Team Building
TOTAL
30%
15-20%
30%
5%
5%
5%
<5%
<5%
20-25%75-80%
Hosted by
Work to Be Done
Economists
Time Available for Work
MBA’s
Hosted by
Defining Reality of the World CEOs Live In:“They will Always Behind!”
Work to Be Done
Time Available for Work
How CEOs Feel Most Days...
Hosted by
What Is The First Thing
Infosec Professionals Ask of Their
CEO…?
Hosted by
Is There a Way to Give the
CEO back some
time?
Hosted by
What Is The Next Thing
Infosec Professionals Ask of Their
CEO…?
Hosted by
The difference between the Yankees’ and A’s opening day payrolls had ballooned from$62
million in 1999 to $90 million in 2002.
The bottom of each division was littered with teams that had spent huge sums and failed
spectacularly. On the other end of the spectrum was Oakland. For the past several years,
working with either the lowest or next to lowest payroll in the game, the Oakland A’s had
won more regular games than any other teams…
It is Not How Much You Spend, It is How Smart You Spend
Michael Lewis, MoneyBall: The Art of Winning an Unfair Game, 123.
The teams in the American League West, finished in inverse order to their payrolls.
Wins Losses Games Behind Payroll
Oakland 103 59 - $ 41,942,665
Anaheim 99 63 4 $ 62,757,041
Seattle 93 69 10 $ 86,084,710
Texas 72 90 31 $106,915,180
Hosted by
What Can You Do To Influence Behavior?
Hosted by
Influence Multiplier #1
Understand and manage the political
situation
Hosted by
Stakeholder Analysis High
Low
Low High Agreement
Resources
Blockers Champions
Allies ‘Squids’
Hosted by
Don’t Champion ‘Big Ideas’ That Can’t Be Operationalized
Michael Porter got his Ph.D in Economics from Harvard; walked over to the Business School and started analyzing the structure of industry. His empirical base for his model was 1945-1975. A period unique in economic history for its lack of competition. All the companies studied were essentially oligopolists.
Porter’s model can’t be operationalized.
Porter’s model says that the best way to compete is not to compete – to become a monopolist.
Influence Subtractor #1
Hosted by
Don’t Lose Sight of the Root Issue
Sherlock Holmes and Dr. Watson go camping, and pitch their tent under the stars. During the night,
Holmes wakes his companion and says:
'Watson, look up at the stars, and tell me what you deduce.'
Watson says:
'I see millions of stars, and even if a few of those have planets, it's quite likely there are some planets like Earth, and if there are a few planets like Earth out
there, there might also be life.'
Influence Subtractor #2
Hosted by
Holmes replies:
'Watson, you idiot. Somebody stole our tent'.
Hosted by
Security is not a 100 yard dash…
It is a marathon.
You have to finish the race!
Do not rush things.
Influence Multiplier #2
Understand and Be Able to Explain Time Lines…
Hosted by
CEOs Like to Know How Long Do Things/Should Things Stay the Same?
SiteSite
StructureStructure
SkinSkin
ServicesServices
Space PlanSpace Plan
StuffStuff
How Buildings Learn,1994
20 years or so20 years or so
30 to 300 years30 to 300 years
7- 15 years7- 15 years
3 years or so3 years or so
daily / monthlydaily / monthly
The rebuilding of American cities, for example, involves a 35 year cycle. The expansion of medical services involves 15 year planning [the time it takes to enter college and complete medical board exams.H.Kahn & A. Wiener, The Year 2000: A Framework for Speculation on the Next Thirty-Three years (1967).
Hosted by
“May-san,
Mondai gaArimasu yo!
The Importance of Managing Technology
Time Lines
Hosted by
Human capabilities will
be augmented by computer implants
In the past, we used to have to go to special rooms to compute.
Now we carry our computers [laptops] with
us
Wearable computers
One in ten Americans had some non-dental implant –
from pacemakers to artificial joints in 2002.
2003
2005 - 20072010
Hosted by
As computers start to
control key bodily
functions, world opinion will start to
mobilize
Security is an increasingly
visible, increasingly
objected to cost devouring >5% of the IT budget in most Global
2000 organizations
Security is a source of
competitive advantage
2003 20092011
2006
Security is a legally mandated cost of doing business. Graduates of degree granting programs receiving federal fundingwill be required to pass a basic cyber security competency exam.
Hosted by
At a recent World Bank technology conference,
“world opinion”
was labeled as
“the second super power.”
Hosted by
Influence Multiplier #3
Understand and be prepared to influence ‘the opinions’ of those in the CEOs inner circle
Influence Subtractor #3
Don’t get caught in the ‘awareness’ trap/ or the ‘analyst says’ trap
Hosted by
Survey of CXOs, April 2002Survey of CXOs, April 2002
“Do you think it will be good for the future of your organization, if
senior executives played a more active role in shaping and
deploying information security programs.”
91% said, “yes.”
Three months later we visited these executives and
asked, “Has your behavior/involvement changed?”
94% said, “no.”
Behavior Change is the Career High Ground
Hosted by
Believing that you can
DO
Information security
alone.
Influence Subtractor #4
Hosted by
CSOAs
TechMessia
hHas ToEnd!
Hosted by
Believing that
‘Smart’ technology
will keep
‘Stupid’ Suits safe
Influence Subtractor #5
Hosted by
Believing “Muggles”
Do Not Want to
Participate in Infosec
Decision Making
Influence Subtractor #6
Hosted by
Lessons in Consumer Behavior
“With the opportunity to stir and maybe add a dash of hot sauce or
a pinch of herbs, these meals allow
‘convenient involvement.’
It’s what our research people tells us people want.”
Stephanie Fagnami, Editor, Supermarket News
“Consumers want to be able to say, ‘Look what I made’
after doing as little as possible.”
Rosalyn Z. O’Hearn, director of Brand affairs
for the prepared food division of Nestle USA.
Hosted by
Hosted by
The Hubris of
‘Expertise’ Causes a
lot of problems
Influence Subtractor #7
Hosted by
Reciprocation -- what do we give them such that they feel obligated to give us
back the desired form of behavior
Scarcity – many CEOs think there is some kind of Security 7-11 they can run out
to when they run out
Authority – security folks aren’t viewed as being credible. Casandra’s crying
wolf
Commitment – people want to make good on what they have committed to
Consistency – people want to be seen as being consistent in their actions
Consensus – in the absence of strong personal belief, people follow the crowd
Liking – people like to work with people they like
Security ‘Volk’ Are Giftedly Bad at the 7 Arts of Persuasion
Hosted by
Believing Time Should
Not Be Wasted on
Professionally
Packaging Infosec
‘Messages’
Influence Subtractor #8
Hosted by
Jerry Della Femina, Chairman , Della Femina/Rothschild/Jeary & Partners New York,
Advertising Age (May 14, 2001), 3.
Jerry Della Femina, Chairman , Della Femina/Rothschild/Jeary & Partners New York,
Advertising Age (May 14, 2001), 3.
“Don’t promise violence and not deliver it. They should have had one
player on each team with a gun.
And the cheerleaders should have been naked.
You have to have a product. They promised a lot. They talked a lot. They
got great trial. They didn’t deliver.”
Hosted by
Be sensitive to “mindsets”
[i.e., how people think].
Try to change how people think
Influence Multiplier #4
Hosted by
The Weather Channel changed the weather-information landscape in a number of ways.
Severe storm coverage became riveting, breaking news and the channel’s meteorologists became minor celebrities.
But the Weather Channel had a far more profound impact on mainstream culture.
“Weathering the Internet Storm,” Fast Company [December 2000], 190.
Hosted by
It didn’t just feed farmers, pilots, and weather enthusiasts who had been hungry for more information.
It created weather consumers by convincing ordinary people that they needed more weather information…
’people now talk about high-pressure and low pressure systems,’ says chief operating officer Todd Walrath, 34.
‘You can’t imagine that conversation happening twenty years ago.’
“Weathering the Internet Storm,” Fast Company {December 2000], 86
Hosted by
A Huge ForkA Huge Forkin the in the RoadRoad
What the Future Holds
Hosted by
Guardent Discourses (New York Academy of Sciences, February 7, 2001).
Society is confused regarding how they should live their
digital lives.
We lack the experience set that has historically driven
the creation of common sense.
As such we lack behavioral compasses for the Internet
Age.
Hosted by
Early Days of Digital EvolutionWe are in truth at the very beginning of the digital age. The middle class is
just now waking up to the fact that they need to know more about the computers they use.
Just as the first ‘accidental’ farmers changed behaviors from hunting and gathering, so too is it inevitable that ‘primitive’ computers users will
ultimately evolve more sophisticated information management behaviors.
Thornton May speaking with David Sloan Wilson, author of Darwin’s Cathedral: Evolution, Religion and the Nature of Society
at the Marschak Colloquium, UCLA [October 4, 2002]
First WaveAgrarian Age
Second WaveIndustrial Age
Third WaveInformation Age
Hosted by
The Darwinistic forces of information natural selection [e.g., which behavioral
adaptations create a competitive advantage for survival] are only now
beginning to exert themselves.
However, good computing practice has not yet become a career/life success genome.
Evolutionarily speaking, this means most consumers are currently ‘unfit’ for
their digital environment.
Thornton May speaking with David Sloan Wilson, author of Darwin’s Cathedral: Evolution, Religion and the Nature of Society
at the Marschak Colloquium, UCLA [October 4, 2002]
Hosted by
“The only thing necessary for the
triumph of evil is for good men to do
nothing.”Edmund Burke, 18th Century British Statesmen
Hosted by
‘…these characters are all working themselves to death. As television dramas have become more realistic, they have increasingly depicted adults as stressed out, physically
exhausted and in almost constant moral agony, often fighting uphill battles against the idiots at their hospitals, law offices,
precincts and other workplaces.’
Anita Gates, “Men on TV: Dumb as Posts And Proud of It,” New York Times (April 9, 2000), Section 2, page 1.
DoesWork Suck?
Hosted by
25% 25% 25% 25%
1 2 3 4
Hosted by
Please characterize your current career situation . . .
1. Working myself to death [moral agony, fighting uphill battles with idiots]2. Working hard, making moderate progress [things could be worse]3. Pretty Satisfied With How Things Are going4. Totally Switched On – Loving what you are doing