BSW #264 – Dan Neault

Truth, transparency and trust are the three T’s that all CISOs and CSOs should embrace as they march through their daily grind of keeping their enterprise and the data safe and secure. Failure to adhere to the three T’s can have serious consequences. Case in point: A federal judge recently ordered Uber Technologies to work with its former CSO, Joseph Sullivan (who held the position from April 2015 to November 2017), and review a plethora of Uber documents that Sullivan has requested in unredacted form for use in his defense in the upcoming criminal trial.

CIOs should embrace this attitude and enable the enterprise to treat risk as a business opportunity. Create a board proposal that demonstrates how digital technology can meaningfully improve business performance in the context of the top risks perceived by the board of directors. This may include: - Long-term economic uncertainty: Demonstrate the possibilities of technology to reinvent business strategy, business capabilities and value streams, such as by developing a real-options strategy to hedge against changing business conditions. - Digital disruption: Suggest increasing the enterprise’s business composability or implementing an agile business system, which will enable the enterprise to change strategies more easily. - Loss of markets due to shifts in customer behavior: Focus on improving the digital customer experience or recommend bolder steps, such as embracing machine customers and the programmable economy. - Cybersecurity threats: Highlight the need to treat cybersecurity as a business risk and the importance of designing cybersecurity into products and systems from the beginning.

Where can we start? 1. Be aware of your stress level 2. Identification and communication 3. Eat, move, and sleep 4. Establishing boundaries 5. Alternatives to recruitment 6. Foster a security-first culture 7. Invest in the right tools 8. Set reasonable expectations

While there are no quick fixes, these steps will expand the roster of female leaders in tech: 1. Being aware of inequities imposed by a hybrid economy 2. Sharpening the saw for professional advancement 3. Bridging the confidence gap 4. Pursuing the benefits of mentorship

Most often, once in the position to set security requirements for providers, the challenge is to choose what to ask for. Options are mind boggling, as you can easily devise a single question, or several hundreds of questions to ask. Here are a few approaches: Option 1: Liability Option 2: Shared responsibility Option 3: Certification

While it’s important to share your point of view in meetings, it’s critical to know when and how. You don’t want to monopolize the conversation. In this piece, the author offers practical tips for sharing the floor so that you can get your message across more effectively. First, take time to reflect after meetings. If you feel like you have been sharing too much, look back and consider who else contributed. Ask yourself honestly: “Did I talk over people?” Estimate how much of the meeting you were speaking. Also consider using other communication channels to share your ideas. For example, can you keep a running list of your brilliant insights on your computer so you’re better prepared to share them in the next meeting? Or, can you share ideas in a non-meeting setting — for example, in a follow-up email or an internal chat platform? It’s also helpful to give yourself a signal to pause and to practice compressing your thoughts. A trusted colleague or advisor can also provide insights into how you’re meeting your goal of talking less and listening more.

Here are the five biggest predictors of employee turnover during the Great Resignation, according to SMR, and how much more important they are than compensation: 1. Toxic corporate culture (10.4 times more important than compensation in predicting turnover). A toxic corporate culture -- meaning "failure to promote diversity, equity, and inclusion; workers feeling disrespected; and unethical behavior" -- is the leading driver of employee exits. 2. Job insecurity and reorganization (3.5x). When companies face bleak prospects, they often lay off and reorganize employees. Employees in such companies -- expecting either being managed out or, if not, being required to take on a heavier workload -- are more likely to jump ship. 3. High levels of innovation (3.2x). The most surprising finding of this research is that the more employees talked positively about innovation, the more likely they were to quit. The reason could be that with innovation comes longer hours, a faster work pace, and poor work-life balance. 4. Failure to recognize performance (2.9x). High-performing employees are the most likely to resent a lack of recognition for their results. Companies that fail to recognize -- informally and financially -- their higher productivity suffer from higher turnover. 5. Poor response to Covid-19 (1.8x). Employees who mentioned Covid-19 more frequently or described negatively their company's response to the pandemic were more likely to quit.