We all do this. We don’t want to, but we do it.
#1 Stop Chasing Rabbits
The rabbits in this situation are security rabbits. It happens all too often these days. We’re in a meeting it’s going fine, then someone unwraps the security elephant on the table during the discussion. Within seconds the productive discussion, turns to a cage fighting match over security controls, risk to enterprise, and how the world may end from this piece of work. Usually not a beat is missed rattling off major breaches supporting the claim of urgency including: Office of Personnel Management (21.5 million initially and another 4.2 million, loss of personnel data), Anthem (80 million patient and employee records), Army National Guard (850,000, SSN and home address of current and former National Guard members) and the multi-bank cyber heist (discovered Feb 2015, Carbanak funneled $1 billion fraudulently making hijacked ATM seem legit). These are scary. These types of incidents gets people fired, not over weeks but entire leadership teams released on-the-spot. It absolutely should be taken seriously. Chasing every security rabbit is not beneficial. It does not improve security.
Use three sound approaches for your security foundation,when dealing with these challenging discussions: prevention, protection and resilience. You’ll be able to handle every discussion on security and guide that discussion into one of the three areas: where your organization is already focusing. One effective “security approach is to prevent a threat from arising in the first place, especially by addressing its underlying causes. When the threat cannot be prevented, security as protection aims to defend against, if not eliminate, the threat. But if we cannot fully protect ourselves from the threat, security as resilience considers our ability to “bounce back” and alter the ways in which it affects our social systems — our ability to adapt to threats that actually strike us (Lawrence, 2015).” Michael Lawrence’s article, “Three Approaches to Security” helps remind us, that a layer security approach is a time-proven method for protection.
“The Castillo de San Felipe de Barajas in Cartagena is the largest and strongest fortress the Spanish ever built in their colonies. Constructed between 1639 and 1657, then expanding considerably in 1762, the fort defended the “gateway to the new world” from multiple attacks and was never taken. The strategies employed to make the fortress impregnable help delineate three different approaches to security: prevention, protection, and resilience.
Well before any enemy neared the fortress, a fleet of Spanish ships patrolling in concentric “rings of defense” would deter or disrupt its approach, preventing any threat to the fortress. Should the enemy fight through these rings, its high, thick walls would protect it from cannon fire and ground assault, while a series of batteries and parapets arranged to cover one another could eliminate attackers. Perhaps the most interesting feature of the fortress, however, is its complex labyrinth of tunnels deep in its interior. If attackers ever did manage to take the fort, its defenders would retreat into this maze, regroup, and re-take the fortress from within (Lawrence, 2015).”
A layered security approach will help maintain the trust of your leadership teams. Don’t build new processes, leverage existing processes proven to work.
#2 Run Your Business as a Value-Chain
There are three types of CIOs: paddlers (they do what’s required inching along), executers (they take work given and deliver on it), and lastly there are transformers (they reframe work into value-streams) – building value that was not there. Next year will be the year of the 3-D value chain leader:
- Demand-oriented,
- Data-driven, and
- Digitally executed.
Why, you may ask? With advancements in mobile, digital, IoT, and IoE the pace of technology is on the verge of a tectonic shift. Remembering the models of push (strategies driven by long-term projections of customer demand) verse pull (actual customer demand drives the process) supply chains. We observe a similar parallel with how technology is enabled within organizations today. It doesn’t take long to reflect on which technique is effective in today’s emerging markets with rapid demands for faster, cheaper and higher quality business services.
It’s all about how your organization views demand for your products or services: customer centric or non-customer centric.
The classic pull vs push supply-chain models helps illustrate this well. In a push-based supply chain flow the supplier (1) determines an estimate of supplies required and sets the forecasts. The manufacturer (2) sets production schedules, based on production forecasted volumes. The distributor (3) then manages and pushes out inventory based on known manufacturer thresholds to maintain the delicate balance of supply and demand. Next the retailer (4) absorbs forecasted inventory levels and stocks shelves (or offers product) based on their individual demand forecasts for the selected markets. The customer (5) finally, makes a purchase based on products available on the shelves.
But is that how the supply chain (value-chain) operates with business enabled technology today? Is that today’s digital supply chain? Does it follow a push-based model (based on projections of customer demand) or a pull-based supply-chain (customer driven) model? It follows a pull-based model.
You may wonder why are all of our organizational processes push-based? Well, that’s a very good question. Reflect for a minute on all the key processes in your organization from contracting to delivery to internal controls, then ask yourself, are they truly customer centric. They probably aren’t. But that’s ok we’ve added it to our new year’s resolution list! It’s time for change.
#3 Accept Top Performers As Critical to Growth
If you recognize them as star performers, chances are so will the other executives looking for that great new star for their team. Great leaders are needed and are in high demand, all the time. You’re competing in the global world of talent management, with leaders like yourself that want your top talent. Take the time now to protect your best talent. The myth that employees work for a manager, leader or executive is just that, a myth. Employees work with their manager, colleagues and executive leadership. As an executive, your employees choose to work with you, not for you. They can and often do leave at any time they wish. Think carefully the next time you’re speaking to your top performer, about who actually is in control of the situation.
Top talent retention is expensive. Companies must either meet the expectations of top resources or be in the business to replenish them. There is a reason, they are the top performers.
In part 2, we’ll cover the CIO New Year’s Resolutions #4,#5 and #6.
References
Anderson, A. (2015). Motivation on Pinterest | Just Go, Keep Going and Inspirational quotes (online image). Retrieved November 2, 2015, from https://www.pinterest.com/ama3532/motivation/
Lawrence, M. (2015). Three Approaches to Security: Prevention, Protection, and Resilience. Retrieved October 30, 2015, from http://www.ssrresourcecentre.org/2013/02/04/three-approaches-to-security-prevention-protection-and-resilience/
Peter Nichol, empowers organizations to think different for different results. You can follow Peter on Twitter or on his blog. Peter can be reached at pnichol [dot] spamarrest.com.