SlideShare uma empresa Scribd logo

Sustainable Cultural Change

Security Roots Ltd.
Security Roots Ltd.

Many information security companies struggle with changing their culture. It can be difficult to get an InfoSec team to focus fully on the issues that are important to the long-term health of the business: customer experience and process improvement. This article (part of a series) looks at some methods to implement cultural change at an InfoSec company in ways that will be sustainable and won’t alienate your team members.

Negócios
1 de 44
Baixar para ler offline
Differentiating Your InfoSec Company: Creating Sustainable Cultural Change
In previous articles in this series on differentiating your InfoSec consulting company, we’ve talked about the importance of two core areas: —Process improvement and —Improving the customer experience
Most everyone would agree these are worthwhile aims. We all want our processes to get better and more efficient, and we all want clients to be satisfied with our work. Truly improving in these areas requires a culture aligned with these values.
But the nature of many InfoSec companies can make it difficult to change the culture. For one thing, there is often a rather frantic focus on just getting projects finished, and this doesn’t leave time to discuss bigger picture philosophies or allow time to get everyone onboard for a larger process change.
Also, the high value of technical talent often means that managers are hesitant to tackle process changes. They don’t want to take the risk of aggravating talent; they want to keep them happy. Keeping talent happy is a great goal, of course--it only becomes a negative when it interferes with other, important areas of improvement.
In this article, we’ll go over some strategies for enacting sustainable process change at your InfoSec company whilst keeping your team members happy. This article will assume you have either already read the other articles in our series or that you have some specific cultural changes you want to implement but are having some problems.
Explain How Changes Impact The Customer
Any meaningful improvement to a product or service will stem from a focus on the client experience. And most team members do want their clients to have a good experience.
But you must explain to your team members why your proposed changes are important to your clients. For example. it’s not enough to simply command: “Starting today, you must create testing methodologies after every project and share them with the team.” Your team must fully understand the full chain of events that make a new procedure important, which would go something like this:
1. Improving methodologies means less time spent on easily repeatable tasks. 2. Less time spent on easily repeatable tasks means more time spent on unique project challenges. 3. More time spent on unique challenges means better service for the client.
And they should understand the downside to continuing to do things the old way. For example, when all team members use their own methodologies and there is no consistency from project to project, this hurts the client’s experience (especially for repeat clients).
Major takeaway: Talk to your team about the greater philosophical reasons for your changes. Make them see that you are doing this for the customer.
Explain How Changes Impact The Team
In a similar way, team members need to see how changes help them do their job more easily and help them hone their craft. The logic here is basically:
1. Making procedures more efficient means team members spend less project time on easily repeatable tasks. 2. This leaves team members more project time for doing the fun and creative hacking--the stuff they love to do. 3. More time spent on interesting and challenging hacking makes a hacker smarter and better at his job, which improves his standing in the industry, increases his reputation, payrate, etc.
To create real cultural change, it’s necessary to get true buy-in from everyone. And this means that your team needs to see what’s in it for them. The more you can make them see what’s in it for them, the more buy-in you get and the easier it is to shift the culture.
If you haven’t already, check out one of our past articles on how more process standardization can, perhaps counterintuitively to some people, actually increase creativity.
Get Management and Influential People Onboard
If a large company change does not have the buy-in of senior and influential members of your team, it probably won’t succeed. For example, if you have a senior tester or manager denigrate a new process openly, that has a huge impact on whether the people working with him will be more or less likely to use it.
To mitigate this conflict, try to help these team members understand the importance of the changes you’ve put in place, both for your clients and for them personally. Also explain that their buy-in is especially important in creating a trickle-down effect in the company.
An important point: You may have employees who are not technically in powerful positions but who nonetheless may be very socially influential. It’s important to discover who those team members are so you can do your best to persuade them, too.
A potential stumbling block. One possible obstacle is that some of your more senior team members may have had negative past experiences with failed process overhauls. They may be thinking, “Yeah, I’ve seen people try to do this kind of thing before.
It’s pointless and won’t work.” This is actually a great opportunity to ask those members about those past attempts at change. What worked and why did it work? What didn’t work and why not? If you give them a chance to be a part of the discussion, they will feel more involved and positive about the effort.
Use Real Stories
When you try to sell the changes to your team, use real stories and anecdotes. Real stories are powerful and convincing and help people see the value of the new way of doing things. This is why companies use testimonials from customers to show the value of their products. Thought of in another way, what you are doing can be thought of as selling ideas to your team, so be willing to use any promotional tactics at your disposal.
For example, at a team meeting, you can talk about how a new procedure resulted in measurable positive results for a specific client, and read a testimonial from the satisfied client. Go on to explain how that got you thinking about extrapolating similar results across the board, and how that translated into the changes that you are going to be implementing over the next few weeks.
They key message to convey is that new ideas are not coming out of thin air; they are grounded in solid value added to your clients, the company or the team. You just need to find the right way to let team members know how you got to the conclusions you did, and what needs to happen next.
Or you can get a team member to describe how a new procedure saved them time on a project and how they had more time to devote to tests that were actually intellectually engaging.
Consider Remote Workers
These days, most InfoSec companies rely on remote workers. If you have remote workers, don’t forget about them. Process changes need to be done company-wide or it’s unlikely they’ll be successful.
Plan ways to communicate the new processes to your remote workers. When was the last time you had a one-to-one with each of your remote workers? How can you expect for them to be invested and onboard new processes if you haven’t checked in with them for several months?
Schedule video conferences and make sure your team knows that these are important events. If anyone can’t attend them (e.g. they need to be off-site for a client visit), go out of your way to bring them in the loop. You need to reach out to anyone and take the time to explain the importance of what you are doing, if you want them to embrace your ideas.
If at all possible, consider having all your workers travel to a single location to roll out and talk about the new changes.
Set Goals That Are Measurable (and Failable)
When the goals of a change initiative are too vague, the initiative will rarely succeed. You need to have goals that are measurable, so that you know if the cultural changes are sticking. You need to have goals that can fail, so that you know when you are not succeeding.
For example, if one of your goals is something ambiguous like: “Improve internal understanding of tech methodologies,” there is no real way to measure that. You will never know if you’ve actually succeeded. So make your goals concrete and measurable, like “Review 1-2 methodologies each month.”
Go For Small Wins (and Small Failures)
It can be daunting to create large cultural and procedural changes at a company, we know. Especially because the people responsible for those changes can sometimes be blamed for things that go wrong.
So it’s worth pointing out that some of the best and most long-lasting process improvements start small and grow from there. You should focus on making small but lasting and widely-used improvements.
You don’t have to roll out a hugely complex series of changes all at once. Instead, you can make small changes that create noticeable benefits, then track and measure them. This will create a snowball effect that leads to bigger and more widespread changes.
For some of our best ideas on making this happen in your company, read “Getting Quick Wins”.
Next... Hopefully this article has shown you a few ideas for creating long-lasting, sustainable cultural change at your InfoSec consulting company. If you liked this article, check back on our site for future related articles.
Was This Article Helpful? Security Roots’ founder Daniel Martin conceived and created the open-source collaboration tool Dradis Framework in 2007. The success of that application led to the creation of the Security Roots company and Dradis Professional Edition software.
Over the years, Security Roots has helped hundreds of InfoSec clients improve their team collaboration and report creation processes. If you have any questions about what we do or the solutions we provide, please fill out our Contact Form and we’ll be in touch right away.

Recomendados

The definitive guide_to_the_leadership_behaviors_that_create_a_culture_of_con...
The definitive guide_to_the_leadership_behaviors_that_create_a_culture_of_con...The definitive guide_to_the_leadership_behaviors_that_create_a_culture_of_con...
The definitive guide_to_the_leadership_behaviors_that_create_a_culture_of_con...K S sajeeth
 
Successfully delivering an engagement
Successfully delivering an engagementSuccessfully delivering an engagement
Successfully delivering an engagementAmit Pishe
 
The strategy wall v1.01
The strategy wall v1.01The strategy wall v1.01
The strategy wall v1.01Johan Oskarsson
 
What is service design?
What is service design?What is service design?
What is service design?Dhyana Scarano
 
Principles of effective software quality management
Principles of effective software quality managementPrinciples of effective software quality management
Principles of effective software quality managementNeeraj Tripathi
 
One slide-show-by-hassan-el-meligy- the need of bpr business process renginee...
One slide-show-by-hassan-el-meligy- the need of bpr business process renginee...One slide-show-by-hassan-el-meligy- the need of bpr business process renginee...
One slide-show-by-hassan-el-meligy- the need of bpr business process renginee...Beta-Research.org
 
Making More Money (Workbook): Simple Strategies for Improving Cash Flow and P...
Making More Money (Workbook): Simple Strategies for Improving Cash Flow and P...Making More Money (Workbook): Simple Strategies for Improving Cash Flow and P...
Making More Money (Workbook): Simple Strategies for Improving Cash Flow and P...jrd9234
 
LeanOhio Project Selection Template
LeanOhio Project Selection TemplateLeanOhio Project Selection Template
LeanOhio Project Selection Templateleanohio
 

Recomendados

The definitive guide_to_the_leadership_behaviors_that_create_a_culture_of_con...
The definitive guide_to_the_leadership_behaviors_that_create_a_culture_of_con...The definitive guide_to_the_leadership_behaviors_that_create_a_culture_of_con...
The definitive guide_to_the_leadership_behaviors_that_create_a_culture_of_con...K S sajeeth
 
Successfully delivering an engagement
Successfully delivering an engagementSuccessfully delivering an engagement
Successfully delivering an engagementAmit Pishe
 
The strategy wall v1.01
The strategy wall v1.01The strategy wall v1.01
The strategy wall v1.01Johan Oskarsson
 
What is service design?
What is service design?What is service design?
What is service design?Dhyana Scarano
 
Principles of effective software quality management
Principles of effective software quality managementPrinciples of effective software quality management
Principles of effective software quality managementNeeraj Tripathi
 
One slide-show-by-hassan-el-meligy- the need of bpr business process renginee...
One slide-show-by-hassan-el-meligy- the need of bpr business process renginee...One slide-show-by-hassan-el-meligy- the need of bpr business process renginee...
One slide-show-by-hassan-el-meligy- the need of bpr business process renginee...Beta-Research.org
 
Making More Money (Workbook): Simple Strategies for Improving Cash Flow and P...
Making More Money (Workbook): Simple Strategies for Improving Cash Flow and P...Making More Money (Workbook): Simple Strategies for Improving Cash Flow and P...
Making More Money (Workbook): Simple Strategies for Improving Cash Flow and P...jrd9234
 
LeanOhio Project Selection Template
LeanOhio Project Selection TemplateLeanOhio Project Selection Template
LeanOhio Project Selection Templateleanohio
 
Training Scope Creep Linked In
Training Scope Creep Linked InTraining Scope Creep Linked In
Training Scope Creep Linked Inhaddadmazen
 
Blending appreciative inquiry and continuous improvement
Blending appreciative inquiry and continuous improvementBlending appreciative inquiry and continuous improvement
Blending appreciative inquiry and continuous improvementBusiness901
 
A3 & Kaizen: Here's How
A3 & Kaizen: Here's HowA3 & Kaizen: Here's How
A3 & Kaizen: Here's HowClaudio Perrone
 
ICC dan KIK - keperluan dan perlaksanaan dalam organisasi
ICC dan KIK - keperluan dan perlaksanaan dalam organisasiICC dan KIK - keperluan dan perlaksanaan dalam organisasi
ICC dan KIK - keperluan dan perlaksanaan dalam organisasiParman Ambo
 
Evolve or Die: A3 Thinking and Popcorn Flow in Action (#LKCE14)
Evolve or Die: A3 Thinking and Popcorn Flow in Action (#LKCE14)Evolve or Die: A3 Thinking and Popcorn Flow in Action (#LKCE14)
Evolve or Die: A3 Thinking and Popcorn Flow in Action (#LKCE14)Claudio Perrone
 
mipb 2 capacityplanning v05_print_sam
mipb 2 capacityplanning v05_print_sammipb 2 capacityplanning v05_print_sam
mipb 2 capacityplanning v05_print_samJason Neale
 
Lean management
Lean managementLean management
Lean managementAgnieszka Bukowska
 
Soma roy sarkar
Soma roy sarkarSoma roy sarkar
Soma roy sarkarPMI2011
 
Project Management for Fun and Profit
Project Management for Fun and ProfitProject Management for Fun and Profit
Project Management for Fun and ProfitCrystal Williams
 
Pm For Fun And Profit
Pm For Fun And ProfitPm For Fun And Profit
Pm For Fun And Profitsundong
 
Major Implementation Projects - Persist pivot or quit?
Major Implementation Projects - Persist pivot or quit?Major Implementation Projects - Persist pivot or quit?
Major Implementation Projects - Persist pivot or quit?John Phillips
 
Services for business_2014
Services for business_2014Services for business_2014
Services for business_2014Sophy Chilingarova
 
Difference btw Cooperation & Collaboration
Difference btw Cooperation & CollaborationDifference btw Cooperation & Collaboration
Difference btw Cooperation & CollaborationSushil Shah
 
Top PMP Interview Questions and Answers
Top PMP Interview Questions and AnswersTop PMP Interview Questions and Answers
Top PMP Interview Questions and AnswersJanBask Training
 
Adapting Scrum for UX Teams
Adapting Scrum for UX TeamsAdapting Scrum for UX Teams
Adapting Scrum for UX TeamsTony Smith
 
An Engineer’s Essential Tool in Agile: Design Thinking
An Engineer’s Essential Tool in Agile: Design ThinkingAn Engineer’s Essential Tool in Agile: Design Thinking
An Engineer’s Essential Tool in Agile: Design ThinkingSoniaMayPatlan
 
How to create a quick start guide
How to create a quick start guideHow to create a quick start guide
How to create a quick start guideMake it Clear
 
Post Evaluation
Post EvaluationPost Evaluation
Post EvaluationGreggory Steiner
 
Bie 02
Bie 02Bie 02
Bie 02PMInstituteIndia
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
ana_maryy
ana_maryyana_maryy
ana_maryyDeyvis VL
 
The Best Restaurants in Las Vegas
The Best Restaurants in Las VegasThe Best Restaurants in Las Vegas
The Best Restaurants in Las Vegas49ThingstoDo
 

Mais conteúdo relacionado

Mais procurados

Training Scope Creep Linked In
Training Scope Creep Linked InTraining Scope Creep Linked In
Training Scope Creep Linked Inhaddadmazen
 
Blending appreciative inquiry and continuous improvement
Blending appreciative inquiry and continuous improvementBlending appreciative inquiry and continuous improvement
Blending appreciative inquiry and continuous improvementBusiness901
 
ICC dan KIK - keperluan dan perlaksanaan dalam organisasi
ICC dan KIK - keperluan dan perlaksanaan dalam organisasiICC dan KIK - keperluan dan perlaksanaan dalam organisasi
ICC dan KIK - keperluan dan perlaksanaan dalam organisasiParman Ambo
 
Evolve or Die: A3 Thinking and Popcorn Flow in Action (#LKCE14)
Evolve or Die: A3 Thinking and Popcorn Flow in Action (#LKCE14)Evolve or Die: A3 Thinking and Popcorn Flow in Action (#LKCE14)
Evolve or Die: A3 Thinking and Popcorn Flow in Action (#LKCE14)Claudio Perrone
 
mipb 2 capacityplanning v05_print_sam
mipb 2 capacityplanning v05_print_sammipb 2 capacityplanning v05_print_sam
mipb 2 capacityplanning v05_print_samJason Neale
 
Soma roy sarkar
Soma roy sarkarSoma roy sarkar
Soma roy sarkarPMI2011
 
Project Management for Fun and Profit
Project Management for Fun and ProfitProject Management for Fun and Profit
Project Management for Fun and ProfitCrystal Williams
 
Pm For Fun And Profit
Pm For Fun And ProfitPm For Fun And Profit
Pm For Fun And Profitsundong
 
Major Implementation Projects - Persist pivot or quit?
Major Implementation Projects - Persist pivot or quit?Major Implementation Projects - Persist pivot or quit?
Major Implementation Projects - Persist pivot or quit?John Phillips
 
Difference btw Cooperation & Collaboration
Difference btw Cooperation & CollaborationDifference btw Cooperation & Collaboration
Difference btw Cooperation & CollaborationSushil Shah
 
Top PMP Interview Questions and Answers
Top PMP Interview Questions and AnswersTop PMP Interview Questions and Answers
Top PMP Interview Questions and AnswersJanBask Training
 
Adapting Scrum for UX Teams
Adapting Scrum for UX TeamsAdapting Scrum for UX Teams
Adapting Scrum for UX TeamsTony Smith
 
An Engineer’s Essential Tool in Agile: Design Thinking
An Engineer’s Essential Tool in Agile: Design ThinkingAn Engineer’s Essential Tool in Agile: Design Thinking
An Engineer’s Essential Tool in Agile: Design ThinkingSoniaMayPatlan
 
How to create a quick start guide
How to create a quick start guideHow to create a quick start guide
How to create a quick start guideMake it Clear
 

Mais procurados (19)

Training Scope Creep Linked In
Training Scope Creep Linked InTraining Scope Creep Linked In
Training Scope Creep Linked In
 
Blending appreciative inquiry and continuous improvement
Blending appreciative inquiry and continuous improvementBlending appreciative inquiry and continuous improvement
Blending appreciative inquiry and continuous improvement
 
A3 & Kaizen: Here's How
A3 & Kaizen: Here's HowA3 & Kaizen: Here's How
A3 & Kaizen: Here's How
 
ICC dan KIK - keperluan dan perlaksanaan dalam organisasi
ICC dan KIK - keperluan dan perlaksanaan dalam organisasiICC dan KIK - keperluan dan perlaksanaan dalam organisasi
ICC dan KIK - keperluan dan perlaksanaan dalam organisasi
 
Evolve or Die: A3 Thinking and Popcorn Flow in Action (#LKCE14)
Evolve or Die: A3 Thinking and Popcorn Flow in Action (#LKCE14)Evolve or Die: A3 Thinking and Popcorn Flow in Action (#LKCE14)
Evolve or Die: A3 Thinking and Popcorn Flow in Action (#LKCE14)
 
mipb 2 capacityplanning v05_print_sam
mipb 2 capacityplanning v05_print_sammipb 2 capacityplanning v05_print_sam
mipb 2 capacityplanning v05_print_sam
 
Lean management
Lean managementLean management
Lean management
 
Soma roy sarkar
Soma roy sarkarSoma roy sarkar
Soma roy sarkar
 
Project Management for Fun and Profit
Project Management for Fun and ProfitProject Management for Fun and Profit
Project Management for Fun and Profit
 
Pm For Fun And Profit
Pm For Fun And ProfitPm For Fun And Profit
Pm For Fun And Profit
 
Major Implementation Projects - Persist pivot or quit?
Major Implementation Projects - Persist pivot or quit?Major Implementation Projects - Persist pivot or quit?
Major Implementation Projects - Persist pivot or quit?
 
Services for business_2014
Services for business_2014Services for business_2014
Services for business_2014
 
Difference btw Cooperation & Collaboration
Difference btw Cooperation & CollaborationDifference btw Cooperation & Collaboration
Difference btw Cooperation & Collaboration
 
Top PMP Interview Questions and Answers
Top PMP Interview Questions and AnswersTop PMP Interview Questions and Answers
Top PMP Interview Questions and Answers
 
Adapting Scrum for UX Teams
Adapting Scrum for UX TeamsAdapting Scrum for UX Teams
Adapting Scrum for UX Teams
 
An Engineer’s Essential Tool in Agile: Design Thinking
An Engineer’s Essential Tool in Agile: Design ThinkingAn Engineer’s Essential Tool in Agile: Design Thinking
An Engineer’s Essential Tool in Agile: Design Thinking
 
How to create a quick start guide
How to create a quick start guideHow to create a quick start guide
How to create a quick start guide
 
Post Evaluation
Post EvaluationPost Evaluation
Post Evaluation
 
Bie 02
Bie 02Bie 02
Bie 02
 

Destaque

Information security
Information securityInformation security
Information securityLJ PROJECTS
 
The Best Restaurants in Las Vegas
The Best Restaurants in Las VegasThe Best Restaurants in Las Vegas
The Best Restaurants in Las Vegas49ThingstoDo
 
Tajomstvo rozhodovania
Tajomstvo rozhodovaniaTajomstvo rozhodovania
Tajomstvo rozhodovaniaBSPartner
 
Projekt Unijny: eSerwisowanie (TeamSoft Sp. z o.o.)
Projekt Unijny: eSerwisowanie (TeamSoft Sp. z o.o.)Projekt Unijny: eSerwisowanie (TeamSoft Sp. z o.o.)
Projekt Unijny: eSerwisowanie (TeamSoft Sp. z o.o.)Marek Maciaszek
 
Asa conference some highlights
Asa conference some highlightsAsa conference some highlights
Asa conference some highlightsPaul Adams
 

Destaque (10)

Information security
Information securityInformation security
Information security
 
ana_maryy
ana_maryyana_maryy
ana_maryy
 
The Best Restaurants in Las Vegas
The Best Restaurants in Las VegasThe Best Restaurants in Las Vegas
The Best Restaurants in Las Vegas
 
Implantación
ImplantaciónImplantación
Implantación
 
Tajomstvo rozhodovania
Tajomstvo rozhodovaniaTajomstvo rozhodovania
Tajomstvo rozhodovania
 
Projekt Unijny: eSerwisowanie (TeamSoft Sp. z o.o.)
Projekt Unijny: eSerwisowanie (TeamSoft Sp. z o.o.)Projekt Unijny: eSerwisowanie (TeamSoft Sp. z o.o.)
Projekt Unijny: eSerwisowanie (TeamSoft Sp. z o.o.)
 
Asa conference some highlights
Asa conference some highlightsAsa conference some highlights
Asa conference some highlights
 
Richfeel Anagrow
Richfeel AnagrowRichfeel Anagrow
Richfeel Anagrow
 
Project mis
Project misProject mis
Project mis
 
Scarab4 slideshare
Scarab4 slideshareScarab4 slideshare
Scarab4 slideshare
 

Semelhante a Sustainable Cultural Change

The challenge of walking into a facility and understanding it and knowing whe...
The challenge of walking into a facility and understanding it and knowing whe...The challenge of walking into a facility and understanding it and knowing whe...
The challenge of walking into a facility and understanding it and knowing whe...Frank Rzeznikiewicz
 
InfoSec Experience It Not Enough…
InfoSec Experience It Not Enough…InfoSec Experience It Not Enough…
InfoSec Experience It Not Enough…Security Roots Ltd.
 
Change Management a Birds Eye View
Change Management a Birds Eye ViewChange Management a Birds Eye View
Change Management a Birds Eye ViewQasim Khan
 
Differentiating Your InfoSec Company: Getting Some “Quick Wins”
Differentiating Your InfoSec Company: Getting Some “Quick Wins”Differentiating Your InfoSec Company: Getting Some “Quick Wins”
Differentiating Your InfoSec Company: Getting Some “Quick Wins”Security Roots Ltd.
 
OperatingModelForProductCos
OperatingModelForProductCosOperatingModelForProductCos
OperatingModelForProductCosRavi Padaki
 
Change management and Managing Change as a Process
Change management and Managing Change as a ProcessChange management and Managing Change as a Process
Change management and Managing Change as a ProcessRajlaxmi Bhosale
 
The Highway of Change and a Practical Framework Approach to Change
The Highway of Change and a Practical Framework Approach to ChangeThe Highway of Change and a Practical Framework Approach to Change
The Highway of Change and a Practical Framework Approach to ChangeFlevy.com Best Practices
 
Organisation Design 2
Organisation Design 2Organisation Design 2
Organisation Design 2Sahith Sahith
 
10 tips for transformation
10 tips for transformation 10 tips for transformation
10 tips for transformation Gwen Stirling
 
Project-Focused Innovation
Project-Focused Innovation Project-Focused Innovation
Project-Focused Innovation Mindjet
 
The Art of Building a Process Design Team
The Art of Building a Process Design TeamThe Art of Building a Process Design Team
The Art of Building a Process Design TeamTroy DuMoulin
 
Health 2.0 pre ga slides day 1 & change management
Health 2.0 pre ga slides day 1 & change managementHealth 2.0 pre ga slides day 1 & change management
Health 2.0 pre ga slides day 1 & change managementSalmaan Sana
 
Incremental innovations are good enough
Incremental innovations are good enoughIncremental innovations are good enough
Incremental innovations are good enoughRajagopalan V
 
DeactivatedKelie Hein  3 posts ReTopic 1 DQ 1Two GCU lib.docx
DeactivatedKelie Hein  3 posts ReTopic 1 DQ 1Two GCU lib.docxDeactivatedKelie Hein  3 posts ReTopic 1 DQ 1Two GCU lib.docx
DeactivatedKelie Hein  3 posts ReTopic 1 DQ 1Two GCU lib.docxsusanschei
 
Design Thinking Unit 1 .pdf
Design Thinking Unit 1 .pdfDesign Thinking Unit 1 .pdf
Design Thinking Unit 1 .pdfNishuKatiyar
 
6 Mistakes Organizations Make When Trying to Implement Transformation
6 Mistakes Organizations Make When Trying to Implement Transformation 6 Mistakes Organizations Make When Trying to Implement Transformation
6 Mistakes Organizations Make When Trying to Implement Transformation Keren Levy
 

Semelhante a Sustainable Cultural Change (20)

The challenge of walking into a facility and understanding it and knowing whe...
The challenge of walking into a facility and understanding it and knowing whe...The challenge of walking into a facility and understanding it and knowing whe...
The challenge of walking into a facility and understanding it and knowing whe...
 
The Journey Begins
The Journey BeginsThe Journey Begins
The Journey Begins
 
Change management
Change managementChange management
Change management
 
BTF Process
BTF Process BTF Process
BTF Process
 
Change Management Learning Module
Change Management Learning ModuleChange Management Learning Module
Change Management Learning Module
 
InfoSec Experience It Not Enough…
InfoSec Experience It Not Enough…InfoSec Experience It Not Enough…
InfoSec Experience It Not Enough…
 
Change Management a Birds Eye View
Change Management a Birds Eye ViewChange Management a Birds Eye View
Change Management a Birds Eye View
 
Differentiating Your InfoSec Company: Getting Some “Quick Wins”
Differentiating Your InfoSec Company: Getting Some “Quick Wins”Differentiating Your InfoSec Company: Getting Some “Quick Wins”
Differentiating Your InfoSec Company: Getting Some “Quick Wins”
 
OperatingModelForProductCos
OperatingModelForProductCosOperatingModelForProductCos
OperatingModelForProductCos
 
Change management and Managing Change as a Process
Change management and Managing Change as a ProcessChange management and Managing Change as a Process
Change management and Managing Change as a Process
 
The Highway of Change and a Practical Framework Approach to Change
The Highway of Change and a Practical Framework Approach to ChangeThe Highway of Change and a Practical Framework Approach to Change
The Highway of Change and a Practical Framework Approach to Change
 
Organisation Design 2
Organisation Design 2Organisation Design 2
Organisation Design 2
 
10 tips for transformation
10 tips for transformation 10 tips for transformation
10 tips for transformation
 
Project-Focused Innovation
Project-Focused Innovation Project-Focused Innovation
Project-Focused Innovation
 
The Art of Building a Process Design Team
The Art of Building a Process Design TeamThe Art of Building a Process Design Team
The Art of Building a Process Design Team
 
Health 2.0 pre ga slides day 1 & change management
Health 2.0 pre ga slides day 1 & change managementHealth 2.0 pre ga slides day 1 & change management
Health 2.0 pre ga slides day 1 & change management
 
Incremental innovations are good enough
Incremental innovations are good enoughIncremental innovations are good enough
Incremental innovations are good enough
 
DeactivatedKelie Hein  3 posts ReTopic 1 DQ 1Two GCU lib.docx
DeactivatedKelie Hein  3 posts ReTopic 1 DQ 1Two GCU lib.docxDeactivatedKelie Hein  3 posts ReTopic 1 DQ 1Two GCU lib.docx
DeactivatedKelie Hein  3 posts ReTopic 1 DQ 1Two GCU lib.docx
 
Design Thinking Unit 1 .pdf
Design Thinking Unit 1 .pdfDesign Thinking Unit 1 .pdf
Design Thinking Unit 1 .pdf
 
6 Mistakes Organizations Make When Trying to Implement Transformation
6 Mistakes Organizations Make When Trying to Implement Transformation 6 Mistakes Organizations Make When Trying to Implement Transformation
6 Mistakes Organizations Make When Trying to Implement Transformation
 

Último

Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insightsseri bangash
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...Suhani Kapoor
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdftbatkhuu1
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 

Último (20)

Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insights
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdf
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 

Sustainable Cultural Change

  • 2. In previous articles in this series on differentiating your InfoSec consulting company, we’ve talked about the importance of two core areas: —Process improvement and —Improving the customer experience
  • 3. Most everyone would agree these are worthwhile aims. We all want our processes to get better and more efficient, and we all want clients to be satisfied with our work. Truly improving in these areas requires a culture aligned with these values.
  • 4. But the nature of many InfoSec companies can make it difficult to change the culture. For one thing, there is often a rather frantic focus on just getting projects finished, and this doesn’t leave time to discuss bigger picture philosophies or allow time to get everyone onboard for a larger process change.
  • 5. Also, the high value of technical talent often means that managers are hesitant to tackle process changes. They don’t want to take the risk of aggravating talent; they want to keep them happy. Keeping talent happy is a great goal, of course--it only becomes a negative when it interferes with other, important areas of improvement.
  • 6. In this article, we’ll go over some strategies for enacting sustainable process change at your InfoSec company whilst keeping your team members happy. This article will assume you have either already read the other articles in our series or that you have some specific cultural changes you want to implement but are having some problems.
  • 7. Explain How Changes Impact The Customer
  • 8. Any meaningful improvement to a product or service will stem from a focus on the client experience. And most team members do want their clients to have a good experience.
  • 9. But you must explain to your team members why your proposed changes are important to your clients. For example. it’s not enough to simply command: “Starting today, you must create testing methodologies after every project and share them with the team.” Your team must fully understand the full chain of events that make a new procedure important, which would go something like this:
  • 10. 1. Improving methodologies means less time spent on easily repeatable tasks. 2. Less time spent on easily repeatable tasks means more time spent on unique project challenges. 3. More time spent on unique challenges means better service for the client.
  • 11. And they should understand the downside to continuing to do things the old way. For example, when all team members use their own methodologies and there is no consistency from project to project, this hurts the client’s experience (especially for repeat clients).
  • 12. Major takeaway: Talk to your team about the greater philosophical reasons for your changes. Make them see that you are doing this for the customer.
  • 13. Explain How Changes Impact The Team
  • 14. In a similar way, team members need to see how changes help them do their job more easily and help them hone their craft. The logic here is basically:
  • 15. 1. Making procedures more efficient means team members spend less project time on easily repeatable tasks. 2. This leaves team members more project time for doing the fun and creative hacking--the stuff they love to do. 3. More time spent on interesting and challenging hacking makes a hacker smarter and better at his job, which improves his standing in the industry, increases his reputation, payrate, etc.
  • 16. To create real cultural change, it’s necessary to get true buy-in from everyone. And this means that your team needs to see what’s in it for them. The more you can make them see what’s in it for them, the more buy-in you get and the easier it is to shift the culture.
  • 17. If you haven’t already, check out one of our past articles on how more process standardization can, perhaps counterintuitively to some people, actually increase creativity.
  • 18. Get Management and Influential People Onboard
  • 19. If a large company change does not have the buy-in of senior and influential members of your team, it probably won’t succeed. For example, if you have a senior tester or manager denigrate a new process openly, that has a huge impact on whether the people working with him will be more or less likely to use it.
  • 20. To mitigate this conflict, try to help these team members understand the importance of the changes you’ve put in place, both for your clients and for them personally. Also explain that their buy-in is especially important in creating a trickle-down effect in the company.
  • 21. An important point: You may have employees who are not technically in powerful positions but who nonetheless may be very socially influential. It’s important to discover who those team members are so you can do your best to persuade them, too.
  • 22. A potential stumbling block. One possible obstacle is that some of your more senior team members may have had negative past experiences with failed process overhauls. They may be thinking, “Yeah, I’ve seen people try to do this kind of thing before.
  • 23. It’s pointless and won’t work.” This is actually a great opportunity to ask those members about those past attempts at change. What worked and why did it work? What didn’t work and why not? If you give them a chance to be a part of the discussion, they will feel more involved and positive about the effort.
  • 25. When you try to sell the changes to your team, use real stories and anecdotes. Real stories are powerful and convincing and help people see the value of the new way of doing things. This is why companies use testimonials from customers to show the value of their products. Thought of in another way, what you are doing can be thought of as selling ideas to your team, so be willing to use any promotional tactics at your disposal.
  • 26. For example, at a team meeting, you can talk about how a new procedure resulted in measurable positive results for a specific client, and read a testimonial from the satisfied client. Go on to explain how that got you thinking about extrapolating similar results across the board, and how that translated into the changes that you are going to be implementing over the next few weeks.
  • 27. They key message to convey is that new ideas are not coming out of thin air; they are grounded in solid value added to your clients, the company or the team. You just need to find the right way to let team members know how you got to the conclusions you did, and what needs to happen next.
  • 28. Or you can get a team member to describe how a new procedure saved them time on a project and how they had more time to devote to tests that were actually intellectually engaging.
  • 30. These days, most InfoSec companies rely on remote workers. If you have remote workers, don’t forget about them. Process changes need to be done company-wide or it’s unlikely they’ll be successful.
  • 31. Plan ways to communicate the new processes to your remote workers. When was the last time you had a one-to-one with each of your remote workers? How can you expect for them to be invested and onboard new processes if you haven’t checked in with them for several months?
  • 32. Schedule video conferences and make sure your team knows that these are important events. If anyone can’t attend them (e.g. they need to be off-site for a client visit), go out of your way to bring them in the loop. You need to reach out to anyone and take the time to explain the importance of what you are doing, if you want them to embrace your ideas.
  • 33. If at all possible, consider having all your workers travel to a single location to roll out and talk about the new changes.
  • 34. Set Goals That Are Measurable (and Failable)
  • 35. When the goals of a change initiative are too vague, the initiative will rarely succeed. You need to have goals that are measurable, so that you know if the cultural changes are sticking. You need to have goals that can fail, so that you know when you are not succeeding.
  • 36. For example, if one of your goals is something ambiguous like: “Improve internal understanding of tech methodologies,” there is no real way to measure that. You will never know if you’ve actually succeeded. So make your goals concrete and measurable, like “Review 1-2 methodologies each month.”
  • 37. Go For Small Wins (and Small Failures)
  • 38. It can be daunting to create large cultural and procedural changes at a company, we know. Especially because the people responsible for those changes can sometimes be blamed for things that go wrong.
  • 39. So it’s worth pointing out that some of the best and most long-lasting process improvements start small and grow from there. You should focus on making small but lasting and widely-used improvements.
  • 40. You don’t have to roll out a hugely complex series of changes all at once. Instead, you can make small changes that create noticeable benefits, then track and measure them. This will create a snowball effect that leads to bigger and more widespread changes.
  • 41. For some of our best ideas on making this happen in your company, read “Getting Quick Wins”.
  • 42. Next... Hopefully this article has shown you a few ideas for creating long-lasting, sustainable cultural change at your InfoSec consulting company. If you liked this article, check back on our site for future related articles.
  • 43. Was This Article Helpful? Security Roots’ founder Daniel Martin conceived and created the open-source collaboration tool Dradis Framework in 2007. The success of that application led to the creation of the Security Roots company and Dradis Professional Edition software.
  • 44. Over the years, Security Roots has helped hundreds of InfoSec clients improve their team collaboration and report creation processes. If you have any questions about what we do or the solutions we provide, please fill out our Contact Form and we’ll be in touch right away.