Train & Develop

Train & Develop
Do you have a formal succession plan?

Top Answer :

175 views
0 comments
0 upvotes
Related Tags
I'm trying to build a more security-aware culture.  Has anyone successfully embedded security responsibilities in other teams across the business?

Top Answer : Security cultures will vary and often are unique to a business culture. Most security programs are deliberate with a set of actions to promote awareness and there are some significant features of successful security cultures. · Security awareness extends past IT and begins at the top. Senior leaders set the tone and drive cultural change. Making executives aware of the risk to the organization posed by a lack of security awareness is key - Loss of revenue; Reputation damage; Operational disruptions; Intellectual property (IP) theft; and Theft of personally identifiable information (PII). ·  Establish a continuous security training program for all staff. Training staff about safe online computing, strong passwords, and social engineering, will help mold the organization into the first line of cyber defense and ensure the confidentiality of sensitive business data. · Keep the security program aligned with business objectives. Focus on specific incremental goals rather than trying to achieve too much too fast. Identify the security behaviors that need to be promoted and align those behaviors to business results so that employees can understand the value security has in protecting the overall organization Most importantly, successful security programs AVOID a culture of blame and fear when it comes to security. Security leaders should empower users with a culture of personal responsibility so staff treat data security in the same way they treat other company policies like health and safety.

Pulse Flash Read: Morale-as-a-Service?

There’s a lot of talk about IT leaders transitioning into business leaders, especially as the remote workforce situation gets dragged on into what’s starting to feel like forever. Classical representations of IT leaders tell us that emotional intelligence has perhaps not often been identified as their standout ability. While CIOs have been (hopefully) busy working on their emotional intelligence (by watching
TEDTalks, presumably), IT has increasingly turned to SaaS and outsourcing for many of the processes that used to be handled internally. A savvy CIO might be tempted to ask, could there be a SaaS that can help with the well-being of my remote team? It turns out that there are, and yet no one seems to have coined this obvious new marketable tool category: welcome to ‘Morale-as-a-Service’.  There’s an old adage that too often goes overlooked: customer service begins with employees. A motivated and enthusiastic team, driven by a positive mindset, translates to every customer interaction; it’s company culture personified into touch points. This feeling has recently morphed into the idea of ‘employee experience’, and, indeed, even the ‘Chief Employee Experience Officer’. But how do we know what the employee experience truly is?  We’ve become better at measuring the conversions of touch points and engagements into sales through click-throughs and open rates. Can we also measure morale? Some vendors think so. Culture Amp basically offers a continuous deployment platform for overseeing employee engagement and development, offering internal ‘Pulse’ (ahem) surveys that dive deep into employee psychology. Officevibe offers something called ‘Conversation Engine’, which saves managers time by outsourcing talking points, plus a suite of other features designed to engineer interaction into ‘actionables’—and they also offer ‘Pulse’ surveys (what is going on here?). There’s also TINYPulse (seriously?) that comes right out and promises that you’ll be able to “read employee thoughts and feedback in real time” (which we can only hope isn't actually true, but give the tech a few more years). Meanwhile, Achievers has trademarked something called ‘Culture Continuity’ as part of a three-pronged platform that assists teams to build a culture, ‘activate employee engagement in real-time’ and apply ‘data science’ to improve performance.  These vendors all promise metrics that sound desirable to team leaders, such as the ability to measure ‘happiness’ along trend lines. Who wouldn’t want that? The thing is, all the testimonials advocating for the software come from the team leads. It'd be interesting to hear more about the employee experience. Regardless, capturing employee morale should pique the CFO’s interest... When wellbeing metrics can be lined up against conversions and performance, they can be used to convince the CFO and the board to invest in measures that keep morale on the up; if there’s a demonstrable upswing on ROI, the checkbook may stay open. But there’s some murky potential here. If morale comes to be viewed solely as a metric of performance and ROI, the classic capitalist switch can be flipped to demand growth of that metric. Morale must be optimized. Morale-boosting factors must be iterated on. Those employees whose morale is lacking must be… let go? It’s logical to see a 1984 situation playing out with this. If employees can smile through physical/Zoom meetings they’d rather not be in, they can keep up that facade when they know the company wants to ‘measure’ their happiness. If morale can be accurately measured, that’s awesome. But the focus of those measurements should remain on the employees’ genuine well-being. If the business becomes obsessed with optimizing and rewarding morale for business gains, employees may learn what the stakes are and game the system—to the detriment of themselves and the organization: keep smiling through the grimace of another sleepless night hitting those KPIs until companies start wondering why morale scores are so high but the employee churn rate keeps spiralling upwards.  If metrics are what it takes to land some investment for improving employee experience, so be it. And if it actually helps identify employee pain points and improve on them, fantastic. But at the end of the day, the biggest factor that keeps morale up might be remembering that employees are humans—and humans need to feel crappy sometimes. They need to rest. They need to spend time making and eating nourishing food. That can be acknowledged in-house, at zero cost. Technology might be able to augment our understanding of morale, and even provide a framework for how leaders can manage it. But making morale-building an entirely tech-led process might end up missing the simple human requirements of what ‘employee experience’ is aiming for. Keep watching those Ted Talks. 

Have you invested in any ‘Morale-as-a-Service’ tools? Share your morale-boosting success stories, tech or otherwise, in the comments.

Top Answer :

How can a CIO delegate business-facing activities to their team?

Top Answer : One of the roles I created was a business relationship manager to take on that lift. Another thing I did reasonably early on was a reorg, where I was really trying to figure out where the pieces fit so we could align ourselves into an agile or product-centric focus. We try to align each function to lines of business and specific products where we have that expertise. Then those managers that are in charge of those functions can carry on those business conversations. I had to sell my team on the vision, but I also took time to sell the business on that vision, and that went a long way. Everybody appreciates the fact that you have a plan. If you don't have a plan and you can't tell people where you're going or what you're trying to do, it doesn’t work.

How are “next generation” CISOs approaching upskilling their team?

Top Answer : I think what I'm driving for as we look at 2021, is really well articulated training programs to advance the skillset. So our security engineers think like developers, and then they test hackers. And I think a combination of those two skillsets is the right combination, especially in relation to what the threat landscape is doing right now. We do a lot of advanced computing in the cloud and in containers. I've shifted our whole cyber focus, including our tabletop exercises. We do code resilience testing, to make sure that our products are stable. There's also a mindset shift that has to happen around the traditional way of doing security, to view it as a service. A service has to understand what that client, especially our developers and our engineers, needs. Evolving that thought process with your teams ensures the service fits what your internal customers are doing. Years ago, we were working on rightsizing the number of procedures we had, and actually making it more nimble for the developers and engineers. We've spent a lot of time automating the standards, so instead of the security policy sitting outside of the system, we've actually taken the requirements and embedded it in code.

17 views
3 comments
1 upvotes
Related Tags
What strategies can help a CIO and their team effectively problem-solve?

Top Answer : Part of systemic problem solving is thinking about design. It's all very well to look at the theory of design thinking, but I want my entire team to be “thinking-by-design” in order to move forward systemically. That is not design in a singular sense or interpretation, it's thinking with purpose in terms of the business’ mission. You need to be able to put a stake in the ground and with the end goal in mind you can then look backwards to where you are today and say, "What steps do I need to take in order to reach the corporate goals?" You're never going to develop foresight unless you combine insight and hindsight.  Only then will you have some degree of foresight.

6 views
1 comments
2 upvotes
Related Tags
What skills are CIOs underinvesting in?

Top Answer : Politics and the ability to manage fallout, to some degree, in the organization is a very important value trait. More than 80% of my time is spent dealing with people and relationship building. You need to be really good at empathizing with and managing people - and not just going through the motions but honestly and authentically mentoring and coaching. Being able to articulate your strategic intentions well is a must. It might sound odd, but being humble as a CIO is an important trait. We don't have the luxury of losing our minds, in a sense. We're the people that have to be very focused and cognizant of that all the time. It's really important to be mindful. Know who you are, where you are and the context in which you're playing the game because it is after all a game. Gaming the corporate in a good sense. The moment your pride or ego levels rise, bang, you get taken out. Ideally the CIO should draw on multicultural multi-skilled DevOps teams globally. My belief is that diversity is not an idea but an imperative. I surround myself with really well represented genders which deepens my problem solving and delivery capability significantly. Today, if I have a project that is very short term (difficult, demanding, stressful, etc.) I would always choose a woman CIO or PM to deliver on that. This could be construed as contentious but quite honestly my experience has shown that they're just better at cutting through the crap and delivering. Although this might seem a generalisation, men on the other hand tend to spend an inordinate amount of time on trying to figure out what’s in it for them and their egos collide constantly. They are good scribes though, innovative in creating workable structures and more importantly listening to their female colleagues to provide a different viewpoint. And maybe it's just that having multiple viewpoints and avoiding a group mentality that thinks the same is beneficial when it comes to project delivery. Furthermore women take into account the emotions that are prevalent in a project team. They take into account who can drive what. They're very intuitive in many respects. We've got to wear multiple hats, many, many hats.

How do you set your IT team up for success when you delegate business-facing responsibilities to them?

Top Answer : Some of it is the hiring you do and looking for IT professionals that not only understand technology and how to use technology as part of their toolkit, but also are business people and have a business mindset around delivering business value and identifying business opportunities. For existing staff, it's leading by example and setting up the structure of how you engage with your other business partners. There may be a lot of informal structure there, but you have to set up a formal structure of, “hey, we are going to have these types of conversations in this sort of a structure with this audience of people,” and model that behavior. I needed to lead from the front and demonstrate what I am looking for. In some cases it is something they already know how to do, and in others there is some coaching for them to operate in that model. Monthly check-ins are a great way to have constant dialogue and calibration. I think that there's maturity there, too. I think as you move from getting the framework, dialogue, and planning together, the next piece of this is to have shared metrics. For finance, for example, it may be “we want to close the books in a day.” That's a great metric because there's a bunch of business value attached to that metric. So that becomes a shared metric that not just finance has, but the IT organization supporting finance has. They together look at the projects, investments, processes, and technology, whatever it is that they think they need to do, to make that number get to the target. So then it becomes all a hundred percent focused on a business outcome and key metric that moves the needle for the organization. So, I think it's a phased approach. You get the structure in place. I think for many CIOs, that's where they want to get to. They want to be part of delivering the key metrics for the organization. They want to be tied directly to that metric because if they move the needle, it has lots of really good outcomes.