Leadership

Leadership
Return to Work: The Cultural EnvironmentReturn to Work: The Cultural Environment

With pandemic restrictions loosening, Pulse surveys its tech exec community to find out how office culture and hiring will change following the crisis.

0 views
0 comments
Related Tags
What can security professionals do differently to better manage supply chain risk?

Top Answer : I look back in my career and when I was a finance person in '93 in Intel's IT organization, I nationalized computing. And I built a supply-chain for hardware, software. Why? Because I was a finance guy. Inventory management is the only way to control cost. Well, when I circled back into security, luckily all of that was still there because everything funneled through the purchasing processes I had built eight years earlier. It wasn't perfect but I had 95% inventory management from the day I landed and it saved my ass. And then I pivoted from there, being a former finance and procurement guy and thinking about trust in supply-chain stuff even years ago, well before the whole third-party risk management stuff went out I started embedding third-party risk type stuff into the purchasing and financial controls. We had the whole notion that trust would become the attack surface and the thing you trusted the most was the thing that would make you most vulnerable, which then framed how we strategically really worried about things. Hell, when everybody was adamant about encryption, I was so flipping paranoid about the use of encryption. If we mismanage the key or somebody gets those keys, we're screwed. I was worried about ransomware in 2005/2006. Just with deployment of hard disk encryption and all that other stuff, because I'm like, "You get a rogue admin, somebody owns the box, you own this..." You could literally have created the ransomware events then, without even doing malware, if you just had the right aspects to the infrastructure and shut off certain things. I don't know where it's at, at Intel these days, but as I grew in that everybody always wanted to take away from me and I'm like, "No, I want to be the inventory manager because it will then give me the base of things." I still have debates with peers on that because they think of it as unglamorous but I go, "It's such a critical dependency to the role and if it's not being done right, take it over so that it can be done right. So, that you can then execute your role." I think that the whole third-party risk management approach is like doing a SOC 2, and it isn't sufficient. You go, "Okay, I've got some basic controls and I can answer some policy questions, but doesn't tell me that they know the risk issues and that they're managing them well." Which was why, when I was at Intel, when I was at Cylance, hell even at Cymatic, I go have a conversation with my peers at my critical vendors that could cause me substantial harm and then potentially my customers. The lawyers and compliance team might want all those questions and stuff like that, but I want to know my peer and go, “Can I trust you?” And you're going to answer my direct questions. And if there's any wishy-washiness, then I worry. This approach also allows you to take more risks. The riskiest technology in early adopters of technology should be the security team. Why? Because we're the risk manager so we should be the ones taking the risks ahead of everybody else so that we can figure out how to manage them before everybody else gets there. And instead, we create all these encumberments to innovation that then causes people to go around us, which means we're actually generating risk by slowing people down. And we should be the first mover. Run to the riskiest things first. Once you're there you can sort it before other people get there. It's completely counterintuitive to our DNA, which is to be risk-averse. We should be the biggest risk takers on technology because then we actually manage risk to our organization better.

Tell us you're an executive without telling us you're an executive.

Top Answer : Can you reduce the technical jargon?

46 views
4 comments
3 upvotes
Related Tags
How can IT consultants approach resistance to new technology and build trust with clients?

Top Answer : What I have done in the past for that is very simple, I invite them to visit one of my current clients and take a look at the concept working. That means I'm not present when they visit the client. I want them to be free to ask whatever they want to the people that are actually using the solution so they have better understanding how was the experience of implementing the solution, what were the ups and downs, the pain points,  also know what the current users think about that solution and how they will scale the implementation, what are the next steps or the roadmap for integrating technology and doing things a new way, because new solutions bring on new challenges.

7 views
2 comments
2 upvotes
Related Tags
Does the CIO/CISO reporting structure undermine security at an organization?

Top Answer : The question is vague. Do you mean that the CISO reports to the CIO?

241 views
1 comments
Related Tags
As a CIO, are you currently on the board of your organization?

Top Answer : No, but I am on a public company board!

491 views
1 comments
1 upvotes
Related Tags
How do you manage your remote workforce?

Top Answer : Yes, so we have a lot of remote workers at Juul. We use Zoom a lot. But we also bring them in once a quarter, once every 6 months to the HQ and give them a sense of "Hey, this is what we're doing. Here's the team. Meet everybody in person." And they get more energy when they go back home and do their work from home. We fly to where they live to. Change it up for everyone a little.

19792 views
16 comments
8 upvotes
Related Tags
Return to Work: The Physical EnvironmentReturn to Work: The Physical Environment

As companies start to plan ahead for their employees’ return to the office, CIOs share what a “new normal” could look like.

0 views
0 comments
Related Tags
Growth challengesGrowth challenges

What are the growth challenges affecting companies in 2020? 100 CIOs weigh in, and share how they're planning to work around roadblocks.

0 views
0 comments
2 upvotes
Related Tags
Do you have a mentor within your organization?

Top Answer :

140 views
0 comments
0 upvotes
Related Tags
What’s your advice for a first time CTO?

Top Answer : My mantra is all about being outside-in. Start with customers and work backwards. The technology will take on a lot of the work that you have to do. Technology is certainly important, but you've gotta be partnered closely with customers, with your head of sales, and with your head of marketing so that what you're building is going to be sold.

12 views
3 comments
1 upvotes
Related Tags
What books should IT leaders read?

Top Answer : I've become a big fan over the last year of Patrick Lencioni's books on business and on leadership. He's got a book called The Advantage: Why Organizational HealthTrumps Everything Else In Business and another called The Five Dysfunctions of a Team. To be clear, most business books I look at as, you know, at most blog posts that get turned into like 200 and some pages, and they're mostly nonsense and useless. His books I think are really, really practical and they've literally changed the way I lead and how I think about approaching meetings. How I think about approaching team building. How I think about growing and building culture. And I think it's just been really remarkable and I feel really lucky to have discovered his books. When you're starting to form a team, he talks a lot about how important it is to earn and build trust. An exercise he suggested that I think is really great, particularly if I've got a new team or a team that is a little bit disengaged or upset about something, is he suggests having a round table where everyone in the meeting introduces themselves and talks about some challenge they overcame as a child. Not in some deep psychiatric chair type of thing, but just like, talk to me about something that you went through that was a challenge that you overcame. And what it does is it starts to reveal a really personal and open side of people. He recommends that the leader starts first so that he or she exposes their vulnerability right out into the open. I found that a really nice way to really start to craft and to catalyze an early foundation of trust when you're trying to build a team, which is vitally important.

12 views
3 comments
1 upvotes
Related Tags
As a CISO, what does your interaction with the board look like? Do you meet with them every quarter / board meeting? How often do you send updates? What does an update usually contain?

Top Answer : In my experience interaction in person was quarterly, executive briefing along with risk and security dashboard was monthly.

716 views
2 comments
2 upvotes
Related Tags