Train & Develop

Train & Develop
Is security training for employees effective?

Top Answer : It's fairly effective, but it’s not perfect. It depends on the kind of training. Employees tend to be a lot more tolerant if you have everyone do the training. In my previous company, it became part of our culture that everybody has to do security training. We had our own learning product, so we used to create all of these interesting learning and development (L&D) workflows for them. It definitely led to improvement, even for phishing attacks, etc. And the other benefit was that a lot of other stakeholders understood the relevance of security, so they were open to having those conversations when buying software. Everybody wants a security buy-in; they've been through this training, so they understand the impact of not having a secured application.

56 views
5 comments
0 upvotes
Related Tags
How do you build and develop a "unicorn team"?

Top Answer : The core skills you need are 4 C’s: Critical Thinking, Creativity, Communication and Collaboration. Hiring is very tough, so I try to break it down: what are the different roles you need people to fill? Some people are business savvy but their technical skills may not be as deep. You need people that can go across the different verticals, as well as people who have domain knowledge. Come up with roles that define who's enterprise, who's domain-centric and who’s systems or technical. Then within the domain group you build core expertise, because we need data, security and integration from the team. And somewhere in the middle, you find solution architects who can be in both groups and at least have two skills. Tiering is also helpful; everybody doesn’t have to be at the same level. Some people may be junior, and some are very senior. Then bring in a mix of cloud technology. You have to think about what skills you need: What are the must-haves? You can even divide them between a technology track and a business track, and then try to have a mix of those. That way people are complementing and supplementing one another’s skills so that collectively, they all come together to provide the overall architecture skills. And don't build all of them within your team, look to the organizations where people are sitting in the business units (BUs) that have the domain knowledge you need. Determine how they can contribute to the architecture and build that ecosystem within your company.

18 views
1 comments
0 upvotes
Related Tags
What are the most common mistakes that enterprise architects (EAs) make?

Top Answer : Executives are often engaged too late or not at all. And enterprise architects still talk a lot about technology, when technology is a means to an end. It’s important to be able to talk to the business in business terms. Show that you understand their goals in their terms. So if a product manager says, “I need a new expense management thing,” understand what expense management means for them. Break that down and don't even bring out any technology unless it is required. That's what a lot of EAs miss, because they think about systems rather than thinking from a business perspective. And another perspective to consider is the outcome: How do we want to measure this? Get those KPIs and metrics to tie that back in. But you need credibility to be able to have that engagement.

114 views
1 comments
0 upvotes
Related Tags
How do you hold your direct reports accountable for training/developing their reports?

Top Answer : Top down goals process tailored to each role

58 views
1 comments
0 upvotes
Related Tags
Are there industry-specific factors exacerbating the talent shortage in IT?

Top Answer : Addressing the talent shortage is particularly difficult in IT. If I am a brain surgeon, I'll be performing brain surgeries for the rest of my career. Imagine if I was suddenly told, "Starting tomorrow, you're going to be a heart surgeon. We no longer need brain surgery. We just need to perform heart surgery." If I'm not a heart surgeon, how do I shift to that profession? But technology demands that from its workforce on a continual basis.

135 views
4 comments
1 upvotes
Related Tags
How many hours a week do you spend researching and reading about new technologies and best practices?

Top Answer : This is a huge portion of my week. 10-20 hours easily, more if I have something specific to research or an upcoming keynote to give.

84 views
6 comments
0 upvotes
Related Tags
Leadership Under PressureLeadership Under Pressure

Leadership pressure: What are the causes and how do leaders cope, especially during a generational crisis such as the COVID-19 pandemic?

If you currently work in the public sector, how did you get your start?

Top Answer : I started my career in a tech startup that was based in San Diego, but we did a lot of gaming analytics work in Australia, New Zealand, Macau, and Las Vegas. During my travels, I realized that government and regulatory services are such a key part of our daily lives. It attracted me to the public sector because I felt like there were so many opportunities to improve quality of life for the communities that we serve.  I've been in the public sector space over the last 15 years as a vendor, employee and consultant, working with different cities and counties across the nation. When the opportunity came up to serve for Clark County, Las Vegas as their Chief Information Officer (CIO), I decided to compete for it. It’s the 11th largest county in the nation, not to mention a massive tourist destination.  I was in Clark County for three years, and it was one of the best “tour of duty” career choices that I ever made. Our end goal was to provide easy, intuitive, accessible services to residents and visitors—whether it was an online portal to access information, or the ability to pay for services or apply for a permit, license, etc., from anywhere. We were very thoughtful to cater to different personas, as we serve five different generations: traditionalists and baby boomers, millennials, gen X and gen Z. Our goal was catering to all those different audiences and figuring out how to do that more effectively. Having an entrepreneurial mindset, and having been in a tech startup, I was fortunate to have the support from senior leadership to bring that flavor into government. And we need more people to come from the private sector into government because they can bring that fresh perspective.

23 views
1 comments
0 upvotes
Related Tags
What do you think the CMMC (Cybersecurity Maturity Model Certification) will actually address?

Top Answer : It's a new fancy way of auditing base control components, fundamentally speaking. It's like saying, “Why do we have to have NIST CSF or 853?” Those are great compliance frameworks but you could can also build an amazing program using the CIS top 20. The reason why people don't is that CIS top 20—and now NIST 853—aren't sexy enough. You can't go to your board and say, "Our strategy is around these 20 controls that people came up with 20 years ago." Your board will say, "No, there are all these new emerging threats," and you’re like, "Yeah, but we should have an inventory." When you look at data flows, the number of organizations that don't actually understand their inventory—not just their asset inventory, but data inventory—it's disgusting. It's negligent.

46 views
7 comments
0 upvotes
Related Tags