Archives for category: Management

working together

So here’s a thing, apparently when you brainstorm most of all the good ideas come out in the first 10 minutes – so DON’T drag it out. If it’s getting boring and everyone is chattering aimlessly forget it – reconvene and do another 10 minutes another day.

I learnt a lot yesterday on my afternoon off at #CASSINNOVATE. It was an innovation and entrepreneurship conference hosted by CASS Business School – now that’s a cool place, in the hottest part of London, just by the Silicon Roundabout in Old Street. I love the vibe there as it’s where all these “youths” call themselves “founders” of “incredible start-ups”. In the coffee break it was quite sweet really – lots of earnest, keen, bearded soles all keen to shake hands and “network”.

Actually, that was the best bit of my afternoon – the session on “leveraging the power of reciprocity” – what the hell does that mean we giggled to ourselves – as my oldest daughter Jazzy and I wondered nervously into the session. Infact, she was the real reason I was there, one of the head lecturers David Gauntlett, who is Professor of Creativity & Design at her University  – Westminster University, and sadly who she’s never actually had a lecture from, invited her to hear him speak at another University – weird that!

Anyway, we gingerly entered this weird sounding lecture on reciprocity and got handed tons of yellow post-it notes – now I am a bit partial to a post-it note so I was really excited as to what was about to happen. Well the gentle and very animated Dr Santi Furnari asked us all to start writing requests such as “anyone know of a creative graduate that has exceptional writing skills” or “I’m looking for an app designer” and “can anyone give a talk on exporting”. These were put on the white board and then the room was asked to offer their help.  Incredibly 3- 4 people could help per request.  Dr Santi said that this is what happens normally, for every request you put out there amongst your network you’ll find that 3- 4 people will be able to help you.

Now that’s pretty AMAZING. It was incredible to watch total strangers offer tangible and real offers of help.  So I think we should all try it – LinkedIn is the perfect networking platform to give it a go.  He said it doesn’t fail, it’s scientifically proved.

It’s all part of the Reciprocity ring and there are Reciprocity events – I’ll have to google them now because I love that idea of my network helping me and me helping my network more when someone needs something. So let’s try his theory – does anyone know a good hotel in Greece this summer?

And more importantly I’m now ready for next afternoon off!

get-it

It’s a funny one this subject about IT security – it always comes back to the users – without us there wouldn’t be any security issues! And without us we wouldn’t need security experts to keep us in check!  We need them and they need us – right!

Every year we organise the IT Security Analyst & CISO Forum which is a wonderful opportunity to get raw and heartfelt insight into how the CISOs are feeling – what they are seeing, what’s troubling them and what they’re doing to find sensible solutions around the problems they’re facing. I felt hugely buoyant after this year’s gathering of CISOs they really seem on top of what’s going on! They were openly collaborating and helping one another – they understand they’ve got huge security issues – but there’s nothing out there that they can’t cope with.  Calm is afoot.

What hit me the most was the realization that users are useless when it comes to security – we the users just don’t care – if it’s in our way we’ll get around it – so there was a consensus in the room that “we need to move away from a No to a KNOW mentality” – because it just ain’t working! So you can’t try and block users from trying to do their jobs, but find the tools to make sure you are on top of what they’re doing with the information.

Oh dear but then that’s not all that easy is it because the 2 next biggest bug-bears that the CISOs discussed was Shadow IT and privileged user management – that’s top of mind the moment.

Shadow IT was a real first for me, what I mean is the term, (sorry I’m a bit behind with the lingo these days), they were all harping on about this being a really big problem – that’s us people yet again in PR and marketing, sales and management – we keep downloading these wonderful sharing apps that make everything so simple for our wee non IT brains – you just download the app and hey presto we can all share spreadsheets and contacts etc amongst our colleagues quickly and efficiently. Quickly and efficiently was never really in the security programmers DNA which is why we always come to an impasse with the security folks.  The likes of google sharing apps, DropBox, Box etc are causing a real pain in the backside for security – secure data is being shared outside the organisation willy nilly – but the good news is that these bright young CISO are onto us – they know what we’re up to and are now learning how to discover, monitor and remediate us where necessary.  At least with the coolest tools out there – they can keep the auditors happy and show they’re doing their best to meet the demands of the compliance chaps!

So we can keep working away with our apps because the IT security folks realise they’re onto a road to no-where – so instead of fighting it and saying NO they’re moving to a culture of KNOW instead.

So the other problem they really started to sit up and talk passionately about was the thorny problem of managing privileged users. Hmmm, it’s the human factor yet again! The typical scenario went as follows: One person is given access to the sensitive stuff, they then share it with a colleague when they go on holiday, a consultant comes on board they then get given access, the original person is promoted into another department or leaves, they hand over access to another new person but still retains access to the original information even though they no longer need it and so on.  One CISO from a major bank who shared his angst found his sentiments were mirrored by most of the other CISOs around the table – “Companies grow very quickly and you get lots of changes so we try to conduct regular privileged access account reviews, but I have to admit it’s one of the biggest problems we have not yet solved.”

It’s the thorny old problem – if you don’t drill into your staff that the data is a major asset of the company and it needs to be respected and dealt with responsibly then it won’t be respected.

Back to good old user security awareness and best practices then! You train your staff and they’ll be your biggest allies – get their trust, get them to take on a bit of the responsibility for security – and you’ll go along way to solving the problem.  That’s the conclusion I came to after listening to these savvy and very switched on CISOs, the reason they were so chilled was that they’ve learnt that security is a really big problem and it’s us users who are their biggest problem – but these guys have a strong handle on what’s going on they’re getting to grips with user awareness and responsibility!  They all admitted that it helps that over the last year the boards are giving them more air time at least 15 minutes every 6 months!  It means more so than ever they have the ear of the board who are giving them the responsibility, time and money to focus on putting security where it needs to go.  For more on what the CISOs talked about at the Eskenzi IT Security Analyst & CISO Forum read Ron Condon’s blog at http://www.itsecurityguru.org