SlideShare a Scribd company logo

Governance strategy and_performance_vs_culture_and_approach-v4

Download as PPTX, PDF
Chris R. Rowland
Chris R. Rowland

This document provides an overview of information security program development using the Gartner hype cycle as an illustrative model. It discusses business drivers for security programs such as regulatory requirements and data breaches. It also addresses the challenges of burnout faced by information security professionals and emphasizes the importance of resilience through maintaining perspective and self-care. The document advocates for an approach to security that focuses on enablement through people, process, and technology rather than technology alone.

Technology
1 of 44
governance, strategy and performance vs. culture and approach information security risk management program development & career resilience chris r. rowland m.s. cissp cism
“all models are wrong, but some are useful” disclaimer george e. p. box
“we have met the enemy and he is us” attribution walt kelly, 1971
attribution mind the gap http://news.verizonenterprise.com/2015/04/2015-verizon-dbir-report-security/ “We continue to see sizable gaps in how organizations defend themselves…”
attribution brian krebs will most likely not write an article explicitly identifying a company’s culture as culprit to a data breach krebs on security http://marketrealist.com/2015/06/rise-rise-cyber-security/
attribution “the biggest issue was in layer eight of the network: in other words, the difficulty in getting ordinary people to use technology effectively and the politics preventing that from happening” edward snowden however…
“culture eats strategy for breakfast every day” culture
culture the tone of tenure
orgs where the average tenure of the employee is 15 years or more will have neural pathways that are well-worn with habits from a relationship-based work environment culture the tone of tenure relationship-based work environments
governance, process and workflow in these organizations can be viewed as a dark forest, not a green field culture the tone of tenure absence of good governance
change agents without a strong champion will be a foreign body surrounded by white blood cells strengthening an already resilient immunity to change culture the tone of tenure resilience to change
dichotomy and distinction discussions focus on… • who is in power • who has influence • who you know • effort on maintaining powerbase • recognition with invitation to exclusive happy hour discussions focus on… • identifying stakeholders • understanding requirements • execution and results • effort toward continuous improvement • recognition with performance awards culture relationship-based cultures may have a dominant and subordinate behavior with the distinction being set by the organizations leadership governance model
Making targets disappear… “Bad organizations choose to ‘forget’ less flattering events of their institutional history, especially those that conflict with their self-generated mythologies. Sometimes that process requires them to create new unpersons out of individuals associated with those events.” culture toxic behaviors in relationship-based cultures are used to sustain a powerbase deflecting strategies and tactics https://newworkplace.wordpress.com/2015/10/05/workplace-bullying-strategies-and-tactics-an-updated-round-up/
culture no amount of security awareness training will address apathy, entitlement or the malcontent entitlement entropy
culture strategy and governance will compress under the weight of entitlement, and entropy entitlement entropy
culture ‘thriving in ambiguity’ is not a skill, it is a coping mechanism ambiguity • the ‘dragon’ to governance • out-of-band decision-making • indeterminate accountability • ad-hoc and reactive environment
culture gallup before you walk state of the global workplace http://www.gallup.com/strategicconsulting/164735/state-global-workplace.aspx
culture the vast majority of employed people around the globe are ‘not-engaged’ or ‘actively disengaged’ at work gallup before you walk state of the global workplace http://www.gallup.com/strategicconsulting/164735/state-global-workplace.aspx
culture 24% percent of all employees are what gallup calls ‘actively disengaged.’ gallup before you walk state of the global workplace http://www.gallup.com/strategicconsulting/164735/state-global-workplace.aspx
culture http://www.gallup.com/strategicconsulting/164735/state-global-workplace.aspx 64% of all workers gallup terms ‘not-engaged’ workers. gallup before you walk state of the global workplace …leaving 12% to do the work
observed correlation culture ambiguity engagement
culture With more than a decade's worth of research, David Dunning, a psychologist at Cornell University, has demonstrated that humans find it ‘intrinsically difficult to get a sense of what we don't know.’ Whether an individual lacks competence in logical reasoning, emotional intelligence, humor or even chess abilities, the person still tends to rate his or her skills in that area as being above average.http://www.livescience.com/18678-incompetent-people-ignorant.htmlhttp://cornellpsych.org/sasi/index.php and then there is the dunning–kruger effect
if you have already placed yourself in the top quartile, go back one slide culture http://www.livescience.com/18678-incompetent-people-ignorant.html and then there is the dunning–kruger effect the bottom quartile have a tendency to overestimate their ability the top quartile have a tendency to overestimate others abilities
yet… “i wouldn’t do nothin’ else” culture https://youtu.be/m_MaJDK3VNE
when it comes to getting results, it’s not about you… approach
approach chicken little uses fear, uncertainty and doubt propeller-head knows how to script in python and thought a.p.t. was about the payload not the methodology caveman carries a big stick and leads every response with ‘no’ snake-oil salesman ‘this widget will solve all our problems’ credibility killers
policy wonk likes to discuss frameworks and uses big words like ‘taxonomy’ shamelessly cowboy no governance in decision-making. successful where ambiguity reigns and accountability is an optional module in the performance management tool approach credibility killers not my circus not my monkeys polish proverb
credibility building approach
• speak of risk in the context of business objectives • know the “books” and speak the business language • identify and understand the needs of your internal customers and collaborators and partner with them • use qualitative and quantitative data to support kpi’s, build dashboards and create business cases • integrate with established programs and organizational initiatives versus bootstrapping a siloed infosec program • be flexible and willing to ‘carry water’ credibility building approach “dialogue and protect” - me
approach ciso in the c suite • About 30 percent of Fortune 500 CEOs spent the first few years of their careers developing a strong foundation in finance; 20 percent in sales and marketing. • [They] …understand the company culture, are familiar with the key stakeholders, and are known to the board members and other members of the executive team. • 45 percent of CEOs served as non-executive directors on public company boards before being named chief executive of the Fortune 500 companies they lead today. http://www.forbes.com/sites/ciocentral/2011/12/05/the-path-to-becoming-a-fortune-500-ceo/
approach identify a foothold for governance • publicly traded company • regulated industry • rigorous b2b and b2c requirements • attorney-client privilege • proprietary information or inventions
approach • infosec role = change agent • understand what is needed to be a successful change agent • know when to ‘hide in the bushes’ and prepare for an impactful event (or start looking for another job) • in the meantime, feel free to adopt a “culture changing methodology” change agents change management people don’t care what you know until they know you care
approach executive communication start at the end and walk backwards
approach brand, market and communicate
life finds a way approach solution development https://youtu.be/oijEsqT2QKQ?t=10s
“the biggest issue was in layer eight of the network: in other words, the difficulty in getting ordinary people to use technology effectively and the politics preventing that from happening” approach solution development
people $ process$$ technology $$$ is enablement approach solution development
information security program development using the gartner hype cycle as illustrative of an information security program implementation approach BUSINESS DRIVER regulatory requirements data breach remediation b2c and b2b requirements
it security professionals are experiencing extreme levels of stress and burnout, but they have few places to turn for help rsa conference 2012 resiliency stress and burnout in infosec careers
resiliency perspective important not as…
resiliency see preceding slides and… • scope: ‘aim small, miss small’ • get a hobby • take a class/teach a class • pray/meditate • exercise • take your medication distributed operating environment
q & a
● sergeant, usmc ● it operations in electronic prepress, higher ed & member services ● st. vincent health: 3k physicians / 16k employees – security engineer ● eli lilly: 43K employees, $11b – sr. security analyst ● ge healthcare: 45k employees, $17b – global security architect † ● cuna mutual group: 5k employees, $3.6b – sr. manager, security architecture† ● alliant techsystems: 12k employees, $4.5b – chief information security architect † ● consultant and practice lead: “chris making slides” ● thomson reuters: 60k employees, $13.1b – director, information security assurance † about chris experience † organizational transformation

Recommended

Hacking inclusion - IWD Edition
Hacking inclusion - IWD EditionHacking inclusion - IWD Edition
Hacking inclusion - IWD Edition
Utopia
 
Use of Technology Tools to Improve Leadership
Use of Technology Tools to Improve LeadershipUse of Technology Tools to Improve Leadership
Use of Technology Tools to Improve Leadership
Bill Sheridan, CAE
 
Panel: Cracking the Glass Ceiling: Growing Female Technology Professionals - ...
Panel: Cracking the Glass Ceiling: Growing Female Technology Professionals - ...Panel: Cracking the Glass Ceiling: Growing Female Technology Professionals - ...
Panel: Cracking the Glass Ceiling: Growing Female Technology Professionals - ...
Deanna Kosaraju
 
The Future of Organization
The Future of OrganizationThe Future of Organization
The Future of Organization
Philip Sheldrake
 
Social technologies
Social technologiesSocial technologies
Social technologies
Sylvain Cottong
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Sandra (Sandy) Dunn
 
Importance of social media in Cooperative Extension
Importance of social media in Cooperative ExtensionImportance of social media in Cooperative Extension
Importance of social media in Cooperative Extension
Anne Adrian
 
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02Mike Wilkinson
 

Recommended

Hacking inclusion - IWD Edition
Hacking inclusion - IWD EditionHacking inclusion - IWD Edition
Hacking inclusion - IWD Edition
Utopia
 
Use of Technology Tools to Improve Leadership
Use of Technology Tools to Improve LeadershipUse of Technology Tools to Improve Leadership
Use of Technology Tools to Improve Leadership
Bill Sheridan, CAE
 
Panel: Cracking the Glass Ceiling: Growing Female Technology Professionals - ...
Panel: Cracking the Glass Ceiling: Growing Female Technology Professionals - ...Panel: Cracking the Glass Ceiling: Growing Female Technology Professionals - ...
Panel: Cracking the Glass Ceiling: Growing Female Technology Professionals - ...
Deanna Kosaraju
 
The Future of Organization
The Future of OrganizationThe Future of Organization
The Future of Organization
Philip Sheldrake
 
Social technologies
Social technologiesSocial technologies
Social technologies
Sylvain Cottong
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Sandra (Sandy) Dunn
 
Importance of social media in Cooperative Extension
Importance of social media in Cooperative ExtensionImportance of social media in Cooperative Extension
Importance of social media in Cooperative Extension
Anne Adrian
 
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02Mike Wilkinson
 
Are you digitally deluded?
Are you digitally deluded?Are you digitally deluded?
Are you digitally deluded?
Roffey Park Institute
 
How to Not Destroy the World - the Ethics of Web Design
How to Not Destroy the World - the Ethics of Web DesignHow to Not Destroy the World - the Ethics of Web Design
How to Not Destroy the World - the Ethics of Web Design
Morten Rand-Hendriksen
 
Breaking down barriers_in_the_land_of_dinosaurs_sp_biz_hanley_june_2015
Breaking down barriers_in_the_land_of_dinosaurs_sp_biz_hanley_june_2015Breaking down barriers_in_the_land_of_dinosaurs_sp_biz_hanley_june_2015
Breaking down barriers_in_the_land_of_dinosaurs_sp_biz_hanley_june_2015
Susan Hanley
 
From the End of Information Chaos to Contextual Knowledge
From the End of Information Chaos to Contextual KnowledgeFrom the End of Information Chaos to Contextual Knowledge
From the End of Information Chaos to Contextual Knowledge
i-SCOOP
 
ClearWeave White Paper.pdf
ClearWeave White Paper.pdfClearWeave White Paper.pdf
ClearWeave White Paper.pdf
RyanCasey60
 
10 social media tips for directors
10 social media tips for directors10 social media tips for directors
10 social media tips for directors
Martin Thomas
 
Training People and Rising Awareness
Training People and Rising AwarenessTraining People and Rising Awareness
Training People and Rising AwarenessZdravko Stoychev, CISM, CRISC
 
The Future of PR
The Future of PRThe Future of PR
The Future of PR
Neville Hobson
 
10 Social Media Tips for Directors
10 Social Media Tips for Directors10 Social Media Tips for Directors
10 Social Media Tips for Directors
Martin Thomas
 
Risk culture a5_web15_oct_2012
Risk culture a5_web15_oct_2012Risk culture a5_web15_oct_2012
Risk culture a5_web15_oct_2012Kym Jaeger
 
Risk culture - IRM PROTIVITI
Risk culture - IRM PROTIVITIRisk culture - IRM PROTIVITI
Risk culture - IRM PROTIVITI
Simone Luca Giargia
 
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdfStephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stéphane Nappo
 
Brunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Group
 
Vicsport Insights and Innovation Lab February 2015
Vicsport Insights and Innovation Lab February 2015Vicsport Insights and Innovation Lab February 2015
Vicsport Insights and Innovation Lab February 2015
Doing Something Good
 
Managing Online Reputation. How to Protect Your Company on Social Media
Managing Online Reputation. How to Protect Your Company on Social MediaManaging Online Reputation. How to Protect Your Company on Social Media
Managing Online Reputation. How to Protect Your Company on Social Media
Charlie Pownall
 
ISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security culture
Craig McGill
 
Human side of The Project Economy 2021 Nigeria
Human side of The Project Economy 2021 NigeriaHuman side of The Project Economy 2021 Nigeria
Human side of The Project Economy 2021 Nigeria
Thomas Walenta, PMI Fellow
 
Preparing Your Workforces for Tomorrow's Challenges
Preparing Your Workforces for Tomorrow's ChallengesPreparing Your Workforces for Tomorrow's Challenges
Preparing Your Workforces for Tomorrow's Challenges
Human Capital Media
 
The human factor
The human factorThe human factor
The human factor
Koen Maris
 
ITS Innovation Series
ITS Innovation SeriesITS Innovation Series
ITS Innovation SeriesGreg Serian
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 

More Related Content

Similar to Governance strategy and_performance_vs_culture_and_approach-v4

Are you digitally deluded?
Are you digitally deluded?Are you digitally deluded?
Are you digitally deluded?
Roffey Park Institute
 
How to Not Destroy the World - the Ethics of Web Design
How to Not Destroy the World - the Ethics of Web DesignHow to Not Destroy the World - the Ethics of Web Design
How to Not Destroy the World - the Ethics of Web Design
Morten Rand-Hendriksen
 
Breaking down barriers_in_the_land_of_dinosaurs_sp_biz_hanley_june_2015
Breaking down barriers_in_the_land_of_dinosaurs_sp_biz_hanley_june_2015Breaking down barriers_in_the_land_of_dinosaurs_sp_biz_hanley_june_2015
Breaking down barriers_in_the_land_of_dinosaurs_sp_biz_hanley_june_2015
Susan Hanley
 
From the End of Information Chaos to Contextual Knowledge
From the End of Information Chaos to Contextual KnowledgeFrom the End of Information Chaos to Contextual Knowledge
From the End of Information Chaos to Contextual Knowledge
i-SCOOP
 
ClearWeave White Paper.pdf
ClearWeave White Paper.pdfClearWeave White Paper.pdf
ClearWeave White Paper.pdf
RyanCasey60
 
10 social media tips for directors
10 social media tips for directors10 social media tips for directors
10 social media tips for directors
Martin Thomas
 
The Future of PR
The Future of PRThe Future of PR
The Future of PR
Neville Hobson
 
10 Social Media Tips for Directors
10 Social Media Tips for Directors10 Social Media Tips for Directors
10 Social Media Tips for Directors
Martin Thomas
 
Risk culture a5_web15_oct_2012
Risk culture a5_web15_oct_2012Risk culture a5_web15_oct_2012
Risk culture a5_web15_oct_2012Kym Jaeger
 
Risk culture - IRM PROTIVITI
Risk culture - IRM PROTIVITIRisk culture - IRM PROTIVITI
Risk culture - IRM PROTIVITI
Simone Luca Giargia
 
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdfStephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stéphane Nappo
 
Brunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Group
 
Vicsport Insights and Innovation Lab February 2015
Vicsport Insights and Innovation Lab February 2015Vicsport Insights and Innovation Lab February 2015
Vicsport Insights and Innovation Lab February 2015
Doing Something Good
 
Managing Online Reputation. How to Protect Your Company on Social Media
Managing Online Reputation. How to Protect Your Company on Social MediaManaging Online Reputation. How to Protect Your Company on Social Media
Managing Online Reputation. How to Protect Your Company on Social Media
Charlie Pownall
 
ISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security culture
Craig McGill
 
Human side of The Project Economy 2021 Nigeria
Human side of The Project Economy 2021 NigeriaHuman side of The Project Economy 2021 Nigeria
Human side of The Project Economy 2021 Nigeria
Thomas Walenta, PMI Fellow
 
Preparing Your Workforces for Tomorrow's Challenges
Preparing Your Workforces for Tomorrow's ChallengesPreparing Your Workforces for Tomorrow's Challenges
Preparing Your Workforces for Tomorrow's Challenges
Human Capital Media
 
The human factor
The human factorThe human factor
The human factor
Koen Maris
 
ITS Innovation Series
ITS Innovation SeriesITS Innovation Series
ITS Innovation SeriesGreg Serian
 

Similar to Governance strategy and_performance_vs_culture_and_approach-v4 (20)

Are you digitally deluded?
Are you digitally deluded?Are you digitally deluded?
Are you digitally deluded?
 
How to Not Destroy the World - the Ethics of Web Design
How to Not Destroy the World - the Ethics of Web DesignHow to Not Destroy the World - the Ethics of Web Design
How to Not Destroy the World - the Ethics of Web Design
 
Breaking down barriers_in_the_land_of_dinosaurs_sp_biz_hanley_june_2015
Breaking down barriers_in_the_land_of_dinosaurs_sp_biz_hanley_june_2015Breaking down barriers_in_the_land_of_dinosaurs_sp_biz_hanley_june_2015
Breaking down barriers_in_the_land_of_dinosaurs_sp_biz_hanley_june_2015
 
From the End of Information Chaos to Contextual Knowledge
From the End of Information Chaos to Contextual KnowledgeFrom the End of Information Chaos to Contextual Knowledge
From the End of Information Chaos to Contextual Knowledge
 
ClearWeave White Paper.pdf
ClearWeave White Paper.pdfClearWeave White Paper.pdf
ClearWeave White Paper.pdf
 
10 social media tips for directors
10 social media tips for directors10 social media tips for directors
10 social media tips for directors
 
Training People and Rising Awareness
Training People and Rising AwarenessTraining People and Rising Awareness
Training People and Rising Awareness
 
The Future of PR
The Future of PRThe Future of PR
The Future of PR
 
10 Social Media Tips for Directors
10 Social Media Tips for Directors10 Social Media Tips for Directors
10 Social Media Tips for Directors
 
Risk culture a5_web15_oct_2012
Risk culture a5_web15_oct_2012Risk culture a5_web15_oct_2012
Risk culture a5_web15_oct_2012
 
Risk culture - IRM PROTIVITI
Risk culture - IRM PROTIVITIRisk culture - IRM PROTIVITI
Risk culture - IRM PROTIVITI
 
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdfStephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
 
Brunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attack
 
Vicsport Insights and Innovation Lab February 2015
Vicsport Insights and Innovation Lab February 2015Vicsport Insights and Innovation Lab February 2015
Vicsport Insights and Innovation Lab February 2015
 
Managing Online Reputation. How to Protect Your Company on Social Media
Managing Online Reputation. How to Protect Your Company on Social MediaManaging Online Reputation. How to Protect Your Company on Social Media
Managing Online Reputation. How to Protect Your Company on Social Media
 
ISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security culture
 
Human side of The Project Economy 2021 Nigeria
Human side of The Project Economy 2021 NigeriaHuman side of The Project Economy 2021 Nigeria
Human side of The Project Economy 2021 Nigeria
 
Preparing Your Workforces for Tomorrow's Challenges
Preparing Your Workforces for Tomorrow's ChallengesPreparing Your Workforces for Tomorrow's Challenges
Preparing Your Workforces for Tomorrow's Challenges
 
The human factor
The human factorThe human factor
The human factor
 
ITS Innovation Series
ITS Innovation SeriesITS Innovation Series
ITS Innovation Series
 

Recently uploaded

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
Globus
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
Jen Stirrup
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 

Recently uploaded (20)

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 

Governance strategy and_performance_vs_culture_and_approach-v4

  • 1. governance, strategy and performance vs. culture and approach information security risk management program development & career resilience chris r. rowland m.s. cissp cism
  • 2. “all models are wrong, but some are useful” disclaimer george e. p. box
  • 3. “we have met the enemy and he is us” attribution walt kelly, 1971
  • 4. attribution mind the gap http://news.verizonenterprise.com/2015/04/2015-verizon-dbir-report-security/ “We continue to see sizable gaps in how organizations defend themselves…”
  • 5. attribution brian krebs will most likely not write an article explicitly identifying a company’s culture as culprit to a data breach krebs on security http://marketrealist.com/2015/06/rise-rise-cyber-security/
  • 6. attribution “the biggest issue was in layer eight of the network: in other words, the difficulty in getting ordinary people to use technology effectively and the politics preventing that from happening” edward snowden however…
  • 7. “culture eats strategy for breakfast every day” culture
  • 9. orgs where the average tenure of the employee is 15 years or more will have neural pathways that are well-worn with habits from a relationship-based work environment culture the tone of tenure relationship-based work environments
  • 10. governance, process and workflow in these organizations can be viewed as a dark forest, not a green field culture the tone of tenure absence of good governance
  • 11. change agents without a strong champion will be a foreign body surrounded by white blood cells strengthening an already resilient immunity to change culture the tone of tenure resilience to change
  • 12. dichotomy and distinction discussions focus on… • who is in power • who has influence • who you know • effort on maintaining powerbase • recognition with invitation to exclusive happy hour discussions focus on… • identifying stakeholders • understanding requirements • execution and results • effort toward continuous improvement • recognition with performance awards culture relationship-based cultures may have a dominant and subordinate behavior with the distinction being set by the organizations leadership governance model
  • 13. Making targets disappear… “Bad organizations choose to ‘forget’ less flattering events of their institutional history, especially those that conflict with their self-generated mythologies. Sometimes that process requires them to create new unpersons out of individuals associated with those events.” culture toxic behaviors in relationship-based cultures are used to sustain a powerbase deflecting strategies and tactics https://newworkplace.wordpress.com/2015/10/05/workplace-bullying-strategies-and-tactics-an-updated-round-up/
  • 14. culture no amount of security awareness training will address apathy, entitlement or the malcontent entitlement entropy
  • 15. culture strategy and governance will compress under the weight of entitlement, and entropy entitlement entropy
  • 16. culture ‘thriving in ambiguity’ is not a skill, it is a coping mechanism ambiguity • the ‘dragon’ to governance • out-of-band decision-making • indeterminate accountability • ad-hoc and reactive environment
  • 17. culture gallup before you walk state of the global workplace http://www.gallup.com/strategicconsulting/164735/state-global-workplace.aspx
  • 18. culture the vast majority of employed people around the globe are ‘not-engaged’ or ‘actively disengaged’ at work gallup before you walk state of the global workplace http://www.gallup.com/strategicconsulting/164735/state-global-workplace.aspx
  • 19. culture 24% percent of all employees are what gallup calls ‘actively disengaged.’ gallup before you walk state of the global workplace http://www.gallup.com/strategicconsulting/164735/state-global-workplace.aspx
  • 20. culture http://www.gallup.com/strategicconsulting/164735/state-global-workplace.aspx 64% of all workers gallup terms ‘not-engaged’ workers. gallup before you walk state of the global workplace …leaving 12% to do the work
  • 22. culture With more than a decade's worth of research, David Dunning, a psychologist at Cornell University, has demonstrated that humans find it ‘intrinsically difficult to get a sense of what we don't know.’ Whether an individual lacks competence in logical reasoning, emotional intelligence, humor or even chess abilities, the person still tends to rate his or her skills in that area as being above average.http://www.livescience.com/18678-incompetent-people-ignorant.htmlhttp://cornellpsych.org/sasi/index.php and then there is the dunning–kruger effect
  • 23. if you have already placed yourself in the top quartile, go back one slide culture http://www.livescience.com/18678-incompetent-people-ignorant.html and then there is the dunning–kruger effect the bottom quartile have a tendency to overestimate their ability the top quartile have a tendency to overestimate others abilities
  • 24. yet… “i wouldn’t do nothin’ else” culture https://youtu.be/m_MaJDK3VNE
  • 25. when it comes to getting results, it’s not about you… approach
  • 26. approach chicken little uses fear, uncertainty and doubt propeller-head knows how to script in python and thought a.p.t. was about the payload not the methodology caveman carries a big stick and leads every response with ‘no’ snake-oil salesman ‘this widget will solve all our problems’ credibility killers
  • 27. policy wonk likes to discuss frameworks and uses big words like ‘taxonomy’ shamelessly cowboy no governance in decision-making. successful where ambiguity reigns and accountability is an optional module in the performance management tool approach credibility killers not my circus not my monkeys polish proverb
  • 29. • speak of risk in the context of business objectives • know the “books” and speak the business language • identify and understand the needs of your internal customers and collaborators and partner with them • use qualitative and quantitative data to support kpi’s, build dashboards and create business cases • integrate with established programs and organizational initiatives versus bootstrapping a siloed infosec program • be flexible and willing to ‘carry water’ credibility building approach “dialogue and protect” - me
  • 30. approach ciso in the c suite • About 30 percent of Fortune 500 CEOs spent the first few years of their careers developing a strong foundation in finance; 20 percent in sales and marketing. • [They] …understand the company culture, are familiar with the key stakeholders, and are known to the board members and other members of the executive team. • 45 percent of CEOs served as non-executive directors on public company boards before being named chief executive of the Fortune 500 companies they lead today. http://www.forbes.com/sites/ciocentral/2011/12/05/the-path-to-becoming-a-fortune-500-ceo/
  • 31. approach identify a foothold for governance • publicly traded company • regulated industry • rigorous b2b and b2c requirements • attorney-client privilege • proprietary information or inventions
  • 32. approach • infosec role = change agent • understand what is needed to be a successful change agent • know when to ‘hide in the bushes’ and prepare for an impactful event (or start looking for another job) • in the meantime, feel free to adopt a “culture changing methodology” change agents change management people don’t care what you know until they know you care
  • 33. approach executive communication start at the end and walk backwards
  • 34.
  • 36. life finds a way approach solution development https://youtu.be/oijEsqT2QKQ?t=10s
  • 37. “the biggest issue was in layer eight of the network: in other words, the difficulty in getting ordinary people to use technology effectively and the politics preventing that from happening” approach solution development
  • 38. people $ process$$ technology $$$ is enablement approach solution development
  • 39. information security program development using the gartner hype cycle as illustrative of an information security program implementation approach BUSINESS DRIVER regulatory requirements data breach remediation b2c and b2b requirements
  • 40. it security professionals are experiencing extreme levels of stress and burnout, but they have few places to turn for help rsa conference 2012 resiliency stress and burnout in infosec careers
  • 42. resiliency see preceding slides and… • scope: ‘aim small, miss small’ • get a hobby • take a class/teach a class • pray/meditate • exercise • take your medication distributed operating environment
  • 43. q & a
  • 44. ● sergeant, usmc ● it operations in electronic prepress, higher ed & member services ● st. vincent health: 3k physicians / 16k employees – security engineer ● eli lilly: 43K employees, $11b – sr. security analyst ● ge healthcare: 45k employees, $17b – global security architect † ● cuna mutual group: 5k employees, $3.6b – sr. manager, security architecture† ● alliant techsystems: 12k employees, $4.5b – chief information security architect † ● consultant and practice lead: “chris making slides” ● thomson reuters: 60k employees, $13.1b – director, information security assurance † about chris experience † organizational transformation

Editor's Notes

  1. governance, strategy and performance vs. culture and approach: information security risk management program development & career resilience
  2. I am not from here… Malcolm Gladwell’s book: David and Goliath: Underdogs, Misfits, and the Art of Battling Giants “Giants are not what we think they are. The same qualities that appear to give them strength are often the sources of great weakness.” In the case of “David and Goliath,” it wasn’t a rogue sling shot that toppled the giant, rather it was a boy skilled not only in the art of the sling shot (a deadly weapon back in the day) but also in the knowledge that – to win – he had to fight on his own terms using the skills that he had As you listen to my presentation keep this phrase in the back of your mind. Statistician with UW-Madison
  3. Rick Roy CIO, CUNA Mutual Group
  4. Rick Roy CIO, CUNA Mutual Group
  5. Rick Roy CIO, CUNA Mutual Group
  6. Rick Roy CIO, CUNA Mutual Group
  7. Rick Roy CIO, CUNA Mutual Group
  8. organizations where the average tenure of the employee is 15 years or more will have neural pathways that are well-worn with habits from a relationship-based work environment like a virus surrounded by white blood cells introducing governance programs is transformational in these organizations cuna mutual example Think of white blood cells as your immunity cells. In a sense, they are continually at war. They flow through your bloodstream to battle viruses, bacteria, and other foreign invaders that threaten your health. When your body is in distress and a particular area is under attack, white blood cells rush in to help destroy the harmful substance and prevent illness.
  9. organizations where the average tenure of the employee is 15 years or more will have neural pathways that are well-worn with habits from a relationship-based work environment like a virus surrounded by white blood cells introducing governance programs is transformational in these organizations cuna mutual example Think of white blood cells as your immunity cells. In a sense, they are continually at war. They flow through your bloodstream to battle viruses, bacteria, and other foreign invaders that threaten your health. When your body is in distress and a particular area is under attack, white blood cells rush in to help destroy the harmful substance and prevent illness.
  10. organizations where the average tenure of the employee is 15 years or more will have neural pathways that are well-worn with habits from a relationship-based work environment like a virus surrounded by white blood cells introducing governance programs is transformational in these organizations cuna mutual example Think of white blood cells as your immunity cells. In a sense, they are continually at war. They flow through your bloodstream to battle viruses, bacteria, and other foreign invaders that threaten your health. When your body is in distress and a particular area is under attack, white blood cells rush in to help destroy the harmful substance and prevent illness.
  11. organizations where the average tenure of the employee is 15 years or more will have neural pathways that are well-worn with habits from a relationship-based work environment like a virus surrounded by white blood cells introducing governance programs is transformational in these organizations cuna mutual example Think of white blood cells as your immunity cells. In a sense, they are continually at war. They flow through your bloodstream to battle viruses, bacteria, and other foreign invaders that threaten your health. When your body is in distress and a particular area is under attack, white blood cells rush in to help destroy the harmful substance and prevent illness.
  12. organizations where the average tenure of the employee is 15 years or more will have neural pathways that are well-worn with habits from a relationship-based work environment like a virus surrounded by white blood cells introducing governance programs is transformational in these organizations cuna mutual example Think of white blood cells as your immunity cells. In a sense, they are continually at war. They flow through your bloodstream to battle viruses, bacteria, and other foreign invaders that threaten your health. When your body is in distress and a particular area is under attack, white blood cells rush in to help destroy the harmful substance and prevent illness.
  13. organizations where the average tenure of the employee is 15 years or more will have neural pathways that are well-worn with habits from a relationship-based work environment like a virus surrounded by white blood cells introducing governance programs is transformational in these organizations cuna mutual example Think of white blood cells as your immunity cells. In a sense, they are continually at war. They flow through your bloodstream to battle viruses, bacteria, and other foreign invaders that threaten your health. When your body is in distress and a particular area is under attack, white blood cells rush in to help destroy the harmful substance and prevent illness.
  14. physicians, lawyers, professors, executives decentralized versus centralized “our department is different” or “we need an exception” ad-hoc, siloed, non-collaborative, resource intensive, costly strategy and governance will compress under the weight of entitlement, and entropy
  15. physicians, lawyers, professors, executives decentralized versus centralized “our department is different” or “we need an exception” ad-hoc, siloed, non-collaborative, resource intensive, costly strategy and governance will compress under the weight of entitlement, and entropy
  16. as an approach roles and responsibilities competing agendas resistance to change subterranean org charts
  17. Let me be clear. These people are actually dangerous. They don't like you, and not only are they actively scheming against your company, organization, unit or group, you are paying them to do it. As in Gallup’s 2009-2010 global study of employee engagement, "actively disengaged workers — i.e., those who are negative and potentially hostile to their organizations — continue to out number engaged employees at a rate of nearly 2-1." And then you have something Gallup terms 'non-engaged workers.' They account for 64% of all workers. That's right, 64%. These are not bad people. They may even be good people. They are just not passionate about you, and your company or group. It's fair to say that they are most likely emotionally disconnected from their workplace. You can make it your mission in life to move some of this 64% of non-engaged workers to the engaged worker category. Great. Good for you. I will do the same within my organization. But the actively disengaged workers, they can kill everything, and destroy the best of business plans and well laid strategic dreams.
  18. Let me be clear. These people are actually dangerous. They don't like you, and not only are they actively scheming against your company, organization, unit or group, you are paying them to do it. As in Gallup’s 2009-2010 global study of employee engagement, "actively disengaged workers — i.e., those who are negative and potentially hostile to their organizations — continue to out number engaged employees at a rate of nearly 2-1." And then you have something Gallup terms 'non-engaged workers.' They account for 64% of all workers. That's right, 64%. These are not bad people. They may even be good people. They are just not passionate about you, and your company or group. It's fair to say that they are most likely emotionally disconnected from their workplace. You can make it your mission in life to move some of this 64% of non-engaged workers to the engaged worker category. Great. Good for you. I will do the same within my organization. But the actively disengaged workers, they can kill everything, and destroy the best of business plans and well laid strategic dreams.
  19. Let me be clear. These people are actually dangerous. They don't like you, and not only are they actively scheming against your company, organization, unit or group, you are paying them to do it. As in Gallup’s 2009-2010 global study of employee engagement, "actively disengaged workers — i.e., those who are negative and potentially hostile to their organizations — continue to out number engaged employees at a rate of nearly 2-1." And then you have something Gallup terms 'non-engaged workers.' They account for 64% of all workers. That's right, 64%. These are not bad people. They may even be good people. They are just not passionate about you, and your company or group. It's fair to say that they are most likely emotionally disconnected from their workplace. You can make it your mission in life to move some of this 64% of non-engaged workers to the engaged worker category. Great. Good for you. I will do the same within my organization. But the actively disengaged workers, they can kill everything, and destroy the best of business plans and well laid strategic dreams.
  20. Let me be clear. These people are actually dangerous. They don't like you, and not only are they actively scheming against your company, organization, unit or group, you are paying them to do it. As in Gallup’s 2009-2010 global study of employee engagement, "actively disengaged workers — i.e., those who are negative and potentially hostile to their organizations — continue to out number engaged employees at a rate of nearly 2-1." And then you have something Gallup terms 'non-engaged workers.' They account for 64% of all workers. That's right, 64%. These are not bad people. They may even be good people. They are just not passionate about you, and your company or group. It's fair to say that they are most likely emotionally disconnected from their workplace. You can make it your mission in life to move some of this 64% of non-engaged workers to the engaged worker category. Great. Good for you. I will do the same within my organization. But the actively disengaged workers, they can kill everything, and destroy the best of business plans and well laid strategic dreams.
  21. The Dunning–Kruger effect is a cognitive bias wherein unskilled individuals suffer from illusory superiority, mistakenly assessing their ability to be much higher than is accurate. As David Dunning and Justin Kruger of Cornell University conclude: “The miscalibration of the incompetent stems from an error about the self, whereas the miscalibration of the highly competent stems from an error about others.”
  22. https://youtu.be/m_MaJDK3VNE
  23. rick roy and it transformation
  24. Having coffee with one of our peers in infosec Why don’t CSO’s sit at the table with business leaders?
  25. Attend earnings calls and review the annual and quarterly reports
  26. Attend earnings calls and review the annual and quarterly reports
  27. http://www.forbes.com/sites/ciocentral/2011/12/05/the-path-to-becoming-a-fortune-500-ceo/
  28. Regulating bodies: FDA, SEC, CFTC, CPSC, FTC, HHS, FFIEC, ETC qaulity assurance, pmo, procurement
  29. otherwise you are just hiding in the bushes waiting for the next impactful event understand what is needed to be a successful change agent sponsors champions adapt approach in the absence of either e.g., assess the culture and adjust your approach know when to hide in the bushes and prepare for an impactful event
  30. unless you have achieved enlightenment you probably lack the self-awareness to clearly understand your own development needs (see slide ##)
  31. https://www.youtube.com/watch?v=SkWeMvrNiOM
  32. Anonymous begins communications across ham radio networks Anonymous develops secure data over ham radio scheme http://www.theregister.co.uk/2014/05/01/anonymous_to_world_go_pirate_radio_for_datacomms/ Why Airchat? (GitHub) Because we strongly believe communications should be free, Free as much as the air itself and all the waves should be. Free for everyone everywhere, free for those oppressed, free for the poor, free for the dissident, free for those living out of the boundaries of the infrastructure created for those who were lucky enough to have more than others. And free...well... because sometimes the non-free infrastructure itself fails.
  33. technology enables people and process Dave Dewalt interview on Risky Biz podcast #317 fatigued from alerts / five million per day
  34. gartner hype cycle about CISO turnaround tends to languish here longer than “enabling” initiatives
  35. this is to demonstrate that i have been around the block a couple times every day at ge was a transformation organizational transformations †