1.1 CISO Competency - Productivity
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:04
Hi, everyone. Welcome to 12 competencies of the effective C. So, competency seven productivity. With that Amoroso,
00:12
uh, looking forward to the session.
00:15
Take it away, Chad.
00:16
Okay, Thanks. Leave. Hard to believe we're already on seven, right? I remember
00:21
when we were starting thinking Wow,
00:23
such a long journey through the summer and we're on our way here. So I hope you guys are enjoying the material. This is the first time I've been through this material. So
00:34
But my processes, I I did an outline that I went over with leave,
00:39
and, um,
00:40
I get it. Sort of, you know, 50% where I want it. And then I spend the week before each of these lectures are trying to put together material either knew or stuff I have, but it's mostly new.
00:52
That wasn't so Let me know what you think. I have had a nice some ongoing dialogue with a bunch of you. You can just use my email. The amorosa, tagged as cyber dot com or
01:03
late leaf might have another way that you could be in touch with me, But look to you. Which think, um,
01:07
like I said, the first time you're through something.
01:11
I'm not sure which things play, which don't some of the material that I take you through you might find
01:18
right on the right on the money just bull's eye and others Summit May Mr Mark in. You'll have to let me know
01:25
when you get to be my age usually have decades of experience with material, so it's a lot of fun and new and interesting when
01:34
really creating fresh stuff. So
01:38
this, um, competencies on productivity And you've already noticed that we've travelled kind of away from, um, many of the things that we talk about day in, day out and in cyber security.
01:49
Um, we're talking more about the management activities. That's one of the
01:55
I think our Larry's toe. All of the a lot of the assertions I've been making here to you
02:00
that most of the attentiveness and building a career as a C so our asses executive in an enterprise team were just as I'm on effective manager doing cyber,
02:14
I really has nothing to do with the discipline, these air things that travel well across
02:19
other disciplines of year in the pharmaceutical industry or if you're in the academic community or if you are,
02:25
uh, you know, manager in A and a big telecommunications company, these these air skills that are useful. There was one of things that was interesting for me when I started managing as a C. So I realized
02:38
that all that goofy stopped like the
02:42
career tapes I used to listen to Now those would be podcasts. But I remember there used to be cassette tapes.
02:49
Um, and now I know now I collect podcast. Unless I still do all that stuff and all the career motivating stuff from the big speakers on big Giant,
03:00
um, stages in front of people pepping everybody up.
03:05
None of that really is is useful when we make fun of that. And, you know, I'm surprised at how useful it is.
03:12
The reason I bring that up is because the topic for today,
03:15
his productivity
03:16
and
03:17
as a security executive as a C. So
03:22
there's a few things you're gonna have to attend to let me list off and just give you an idea of what the time constraints are. One is you have to keep up with tech, period. You gotta find some way to do it. Whether it's during the day or on weekends. At night,
03:35
you have to set aside some time to keep up. You can't be a complete dummy
03:38
if someone's asking you about
03:42
different methods of machine learning. For Edie are something you better know. So you gotta keep up.
03:47
Second, you're gonna have to keep up with compliance issues. And I don't just mean compliance in the sense of
03:53
the letter you have from your regulator, but just general trends and compliance. Waterson issues and knows the GDP are emerges and somebody an executive position is asked,
04:04
um, how well does NIST map over to the GDP are you ought to know that,
04:11
um, the answer, by the way, is sort of.
04:14
And then management is 1/3 thing. You're a manager, so you have to find time not just to manage your team, but the hone your skills as a manager. Be empathetic to be
04:26
sincere, to be helpful, be honest. You need to learn
04:30
those as habits and our guest for today, somebody who's really, really quite good in that area.
04:35
When we get to about 40 somewhere between 40 and 45 minutes past,
04:42
I'll invite him on, and I think you're going to enjoy hearing from them.
04:46
The fourth thing yet to learn is the business. So if you are on Acme Manufacturing, you better learn what the heck you manufacturing, how you do it.
04:54
If you're in Acme Banking, you better learn how the bank works. The major customers are what
05:00
what's going on with the business units are how those business units interact and how it works and what the workflow is and what the
05:08
key assets are, what the priorities are for the sea. So
05:11
are for the CEO Rather and is part of that. I always made sure to memorize,
05:16
you know, a crib sheet of, um, factoids about the company because you'd be amazed how many times that's demanded.
05:24
You're sitting amongst other executives and somebody says, What was our revenue last year? You better know you get the point, so you gotta find time
05:32
to keep those things in your head. You also have to find time to learn to be an act and and and emerge with and socialize with other executives. You have to be an executive, which means it probably you're gonna have to learn to play golf or the equivalent in whatever the metaphor for golf is in your environment.
05:51
When I worked in Telcom golfing was something you did.
05:55
Um,
05:56
so you find time for that? You find kind of build relationships to have a drink with others to sit down with, um, toe listen to their story. To be somebody who is interacting is appear with others and company on Ben. Finally, you have to interact with the external community.
06:14
I've only just his career management. Um, because he says, Do ah have that problem that if there's an issue a lot of times the CEO of you, she was incompetent for any other jobs here out. So you do have to go to events and socialize
06:30
occasionally, talk to headhunters or whatever. Add all this up,
06:34
and that's a heck of a lot more than 40 hours in a week. And I know there isn't a person on this call. It works 40 hours, but you get the point. It's probably more than 80 hours.
06:45
So question is, what do you do? What are some skills that could be useful to help you
06:50
become more productive in the context of cyber security? I'm gonna take you through some of that today, and I hope it's useful for you.
07:00
Let's read our little sentences. We always do, says the effective C said. Develop strong personal productivity in time management, right time management being
07:09
an important component of that productivity equation. But not said tests that we're talking about here range from both the day to day be a you stuff
07:18
toe. Also emergency stuff. You have to be willing to delegate If you can't delegate, you're going tohave problems,
07:26
and I totally get
07:28
even that sometimes you're uncomfortable delegating and fury of the wrong team. It's a simple is that people ask me all the time they'll say,
07:35
I don't know. I have the right team that I've picked for this task or as my directs or whatever and the answer is the sentence It's here if you are willing,
07:46
And if you were in fact enthusiastic to delegate to that team and your threat, T Um, if not, then you got the wrong team. It's really that simple. There's not much more
07:57
to it than that.
07:59
So let's get into some specifics now that this first this is a book, the Auto Bag, A Tree of Ben Franklin so amazed how few people have actually read this.
08:11
I think it's one of the most spectacular books
08:15
on productivity of clear thinking. I'm just being an amazing person.
08:20
Um, I probably read this thing for five times through my own career, and there's two things in a highlight here.
08:26
Well, let's start on the left there. These 13 traits or virtues that Ben Franklin developed when he was 20 he wrote down and wished he did better.
08:37
And you can see them there. It's, you know, like just start like them. Seven. It's Don't be deceitful or hurtful to others.
08:46
Never be being sincere. Justice is important. Don't don't injure others. Be fair. You could see the don't be disturbed. A trifle kind of things, you know, bottom. Imitate Jesus and Socrates. These are the things that he said in his mind,
09:05
would be important to be successful.
09:07
Now, I'll tell you, I was at an event
09:09
about a month ago
09:11
and somebody had actually pulled out something like this, like a list of virtues,
09:16
and said something to the order that
09:20
without these virtues it's impossible to achieve any type of success.
09:24
I actually had to call the day out on that because that's not true.
09:28
Um, I think it's it's possible to achieve certain levels of temporary or situational kind of success. But I don't think sustained
09:45
Rio success is achieved here. And, you know, let's face it, there's some politicians
09:50
that you could point to, as
09:52
you know, not doing any of these things, you know, always being hurtful and deceitful, always wronging others always walking into extremes, always being disturbed. Trifles. I mean, you see that frequently.
10:05
So admittedly, it's a little difficult with young people when you show them this,
10:11
Um, they don't believe you because what they see in front of their face
10:16
is evidence that in all of this is a bunch of hooey,
10:18
and you want to get ahead than lie. You want to get ahead, then you know, be be mean and go after people take them down.
10:26
I think it's your job is an executive. I don't care who you are, who you vote for, what you do
10:33
to to try toe to dispel the myth
10:37
that these virtues are no longer meaningful. I think every one of them is meaningful, every single one of them and and what Ben Franklin did is because you picked 13 for a reason.
10:48
13 is 52 divided by four.
10:52
So he would basically divide the year into 52 weeks
10:58
and four times a year he would take himself through a little temperance kind. Of course, in his mind, he would focus on Week one, so January 1st would hit,
11:09
and from the first of the seventh, he would focus on not e overeating, not over drinking
11:15
and exercising Cem Temperance in the way he, you know, would would would deal with food and other things. And again, part of this was a metaphor for just being temperate.
11:26
And then january 8th to the 15th he would do silence. He would, And this is big one for May
11:31
like, I feel like I was talked too much and was cutting people off. So this is a trade or virtue that I always felt
11:39
I need help with. And he would do it through the whole year
11:43
and always think men
11:45
has been Franklin, for crying out loud. I mean, it's a man who probably accomplished more,
11:52
was more eclectic, and his interest was a Renaissance man who was just incredible. It's probably one of the
12:00
the great joys of being an American is two point back to the fact that Ben Franklin was one of us. And it's how he did it,
12:05
you know, by by doing this is ah, habit
12:09
Now on the right, this is his day. The look. It starts at five. In the morning
12:15
and it goes down until where he blocks out his sleep at 10 p.m.
12:20
Um, I think it's so cool is at work. He's got read works, put things in their place, the music. He lays it all out.
12:28
Um, evening question. What could have I done today?
12:31
Now you're gonna think this is corny. And if there's some people here who have worked for me in the past, you know, this is true.
12:37
But I've been doing this this thing on the right, This list where you map out, make sure
12:43
that you're planning the day
12:46
since I was 24 I'm 57 now,
12:48
I have all of these still stored. I have been in books in my office, in a cabinet,
12:54
and if you ask me what I was doing at 3 p.m.
12:58
On June 27th in 1987. I could tell you exactly what I was doing. I know that's very creepy.
13:05
Um, my wife thinks I'm nuts. I don't do it on vacation on weekends, I give myself a little bit of a break. Not totally.
13:13
But
13:13
I do this now. You don't have to do it. But I'm just saying
13:18
that we said the beginning to be productive, to be a sea. So to be attending to all these different matters
13:26
each evening, you should be thinking through
13:28
technology Compliance Management Business Unit's CEO slash working with other executives community externally with career, it's on their bread alone there's 123456 different areas that need to be attended to on a frequent basis, perhaps every day.
13:48
And then you disperse all the other nonsense you have to do. One of the reasons that I felt I was ready to retire
13:56
is because I reached the level as an executive where
13:58
most of the things that I was doing didn't seem to match.
14:03
Um, you know what? What, what I wanted to be doing that was more tending to things that struck me as being more administrative. And there's people who are wonderful that that better than that
14:13
better, Better I thin and then I waas So
14:16
So It's also a way of matching up. If they're others who control your day
14:22
and they don't match up with what you would like to or choose to do during your day, then you're in the wrong position.
14:28
Let me say that again.
14:31
You should be able to sit down and plan out what you would like to do tomorrow
14:35
without some external influence at work, messing it all up with things that you think are unimportant.
14:41
And if that's the case,
14:43
you're in the wrong place. That I didn't say quit. You know, I just said you're in the wrong place. I'm sorry.
14:48
If you have to stay where you are and that is your situation,
14:52
then you've got a dilemma. And and I'm sorry you're more grown ups here, but that's life.
14:58
If you're wasting your days and meetings and you think they're all stupid, but you have no choice. Well, then you're in the wrong place. But if you have to do it because you got a mortgage and kids and no options, well, then you say that's the way it is, that's just calling it like it is.
15:13
But the beauty of what Ben Franklin teaches us here
15:18
is that you really ought to take control of your day. And you ought to take control of these virtues. And you should do it diligently every day. Justus. Someone might go to the gym every morning,
15:31
you know are gonna work out from time to time or take a walk or do whatever it is you do or meditate.
15:37
Um,
15:37
this is something that's absolutely essential for you to be a successful executive. I I do not know
15:45
a single executive
15:46
who doesn't do something like this.
15:48
Um uh, who would not attribute this activity
15:54
to whatever success they've had. Your chaotic. You don't do this and you wander through the day.
16:00
Um,
16:02
Then again, it's I believe it's temporary. As a young man, I read all of the Donald Trump books. I loved Art of the Deal, a book that actually had a lot of
16:11
influence on me. If you've never read it, it's a spectacular. But,
16:15
um,
16:18
but I remember reading that Donald Trump says he didn't do this thing on the right that he didn't plan his day and just let things happen always struck me as confusing as long before running for president. So it's so funny that
16:30
he he would be an example of somebody does none of these things. I'm again. I didn't say that's bad. I'm just saying that I don't think
16:37
that that's the way
16:40
you should manage your executive activity. I don't think it's a good idea to be C cell and say, Well, I don't really don't plan anything tomorrow What do you see? What happens?
16:48
So take a look at this. Yeah, if you haven't read the autobiography of Ben Franklin, read it. It's a wonderful book, and I also think you should read art of the deal. I think it's maybe the contra
16:57
to this and see what you think. You should adopt some sort of an opinion around this.
17:03
Now, let's take something specific.
17:06
Um, these air charts now that I shared mostly with more junior folks around GRC. But I think it's an interesting case study and manual versus automated work activity, and I'm going to go through fairly quickly. But I'll show you what, um,
17:22
what is all about? You guys know that when you've got a J R C tool like Archer Metric Stream or something. Um,
17:29
the first step is that you've got to get your policies into those,
17:33
um, tool into the tool
17:36
and it and on the right here, you see my little scale, my automation scale. I would say nothing is our productivity sale. Nothing
17:47
is less productive
17:48
then doing manual data entry to a G r C tool. Good Lord. I mean, that is about as unproductive and activities you're ever gonna get. Thio. So this is a case where security team and executive team or whatever is not productive. You're banging out numbered assertions from your policies into grc tool.
18:08
But then, after that, once you think that thing into the tool,
18:11
you can download a framework
18:15
and map it up against the thing. Now granted, you do back here, you doing manual sort of mapping. But once you've got,
18:22
say, the NIST framework or something in then all of a sudden your coat, your productivity goes way up because now you can do certain types of gap analyses and other sorts of things that, you know, lay out. You know what you've got now? Let's say that your corporate requirements are six character passwords and the framework is a
18:42
on. Let's say that the corporate security requirements are you must prove critical access. And the framework says you do all.
18:51
So now you got to do something about that. So, you know, you see six to a critical tall. Well, the first thing that one with passwords, usually a security team can just kind of do that.
19:02
You can just, you know, demand that it be done, make everybody kind of buy in. Um, not gonna be a lot of pushback. You're just gonna be doing this, Maybe some,
19:11
but it could be reasonably automated manual balance there. You're gonna have to
19:18
get the word out, everyone that it's changing. But you can usually automate the changes. Hearing be reason productive. But this next one going from managers must approve. You know, where we had before critical access requests. And now I want it to be all access requests.
19:34
Well, that requires that you deal with the whole company with their change business processes. Go give
19:40
pitches across the company about why that has to change. You have to update workflow. You have to.
19:45
You know, modified compliance documentation. Unbelievably non productive stuff again. Low on the productivity scale. So you see the point like you're doing these things. Some are very productive, some or not, and the automation many cases dictates the difference. So let's say you have one framework in, and now you drop a second framework
20:06
kin,
20:07
which again is very automated. That's the beauty of the GRC tool. I can drop like P C I N
20:12
and let's say PC I requires complex
20:15
and I've got a
20:17
and let's say it says critical. And I've also critical and all be good because all subsumes critical, but does eight subsume complex so the framework drop is automated. But now the paperwork
20:32
to go back and changed if you just decide eight is complex. That's good enough.
20:37
Um,
20:40
again, you're not productive again. You get the point that you're going back and forth between automated tests that go very quickly and manual test that take forever and automated tests to go very quickly and manual tasks it take forever
20:55
and sadly, for compliance. Look at all this stuff you gotta worry about. I just This is a no older chart, but
21:00
you know It's got a whole bunch of
21:03
stuff in here that most companies have to attend to the whole. You know, there's a subset here that I suspect are going to be important
21:12
for your company, and most people would start with mist, have to deal somewhat with G P R. And there might be others. If you're in government, fisma is important. And if your public company servings oxidize and force you get points,
21:25
you got to do all this *** for all of these.
21:29
So good luck being productive again. You better delegate compare of some teams that can do this for you.
21:36
Um, and if you have a little tiny team and you have to deal with this thing, you got to be good enough to go get some more. Resource is because you can't do this all yourself.
21:45
If you do this, then you're not keeping up attack. You're not keeping up with management skills. You're not working with the business units to learn what they do. You're not out attending things to interact in the community and develop skills and tips and ideas from your peers and on and on and on on. You can't just do this,
22:03
you have to find a way to be productive. Get the point
22:06
Now let's do our usual do's and don'ts. I like to start with the dotes. Now, this isn't buying. You should pay attention here.
22:12
These air tips that Here's what I'd like you to dio as they go through each Don't
22:18
you know? You know we're not in class here, so I can see your face. I'm not gonna make your raise your hand,
22:23
but in your mind, be honest
22:26
and keep a little crib sheet and see which of these don'ts things you shouldn't D'oh! You actually do. Dio.
22:33
Let's let's see how you do it. We'll do the same thing for the dues. So the first don't is this one
22:40
Don't demand to be copied on everything. Now that feels a little weird, right?
22:45
Like, uh,
22:45
you mean my managers are, you know, interacting on something and not copying me. And my feeling is
22:52
yes,
22:53
because if you're copied on these things, you're gonna feel obliged to chime in.
22:59
Um and that's not delegating. That's, uh
23:02
participating. And you're going to slow things down. And there's the Heisenberg principle. Here is well, that by including you on the email exchanges. You slow everybody else up.
23:11
So things. The first thing I think you should do. If you do this, then promise me that you're gonna get back to work and you're gonna go to the team. You supervise. You gonna write him a note and say, from now on,
23:22
um, I don't want to be copied on all your email exchanges, Just things that you think I need. And don't say it's because you're not interested, you say, because you want to let them do what they gotta do without you mucking in.
23:34
Um, you know, mucking in the soup, get the point. So that's number one. Here's number two.
23:41
Don't extend meetings to be synchronous meeting if you have a meeting scheduled from 1 to 2 and it looks like you've completed everything by seven minutes after one,
23:51
then finish the meeting leave.
23:53
I have people that I've worked with in my career
23:57
who still will joke about the fact that I
24:02
you know that I I mean, I don't do this.
24:06
They were don't extend meetings to the end
24:08
makeup. See, some folks there in a bar somewhere are hears that and Then they let me tell you something about Ed, man. We we would have a meeting at two o'clock
24:17
three minutes into it. If it looked like we were in agreement, we were done and we might have set aside a whole hour. And I was like, Are you kidding me? That's that's
24:25
that. Is it that rare that people do that
24:26
and I get that? Yeah. In many cases, you have to sit here, but it work from eight until five.
24:33
So if you have meeting from 3 to 4, it's more fun and interesting to be sitting in the *** meeting from 3 to 4 than to be done. Go back to your drab little cubicle.
24:41
If that's your existence and I recommend you quit tomorrow, go find something else to d'oh!
24:47
But developed the habit
24:49
and the
24:51
persona that when a meeting is done, it's done.
24:55
And if it finishes early, great. And don't make that little joke of me to give you 10 minutes back, you're not giving anybody anything.
25:00
Just when you're done, you're done and it be great to be finished way before
25:06
somebody you know had had planned an hour for your meeting.
25:11
Here's another don't
25:12
when you treat meetings and then that's a typo. It's is at an end. It should be as a s and then treat meetings as in don't. So don't treat meetings as an endorses me means that if the meeting is the purpose of the thing,
25:29
you got a problem in government. Does this all the time? My God, Federal government,
25:34
you know? Hey, what did you accomplish? Where we met with such and such? And there we go.
25:40
What do you mean, that's That's not accomplishing anything.
25:44
Fact that's on the negative end of things. A meeting should be booked on the
25:48
the other side of the ledger. Meeting is a cost. It's not an asset. So many organizations that view meeting is the purpose of your in sales, for example.
26:00
Then you go back and you say I had a meeting with this person meeting with that person made with this person Who cares? Just sell anything? No, But if you care, so you had to meet you.
26:07
So don't treat meetings as an an versus means.
26:11
Um, there's another one that your email, um,
26:15
you have to learn to make a shorter
26:18
and and that includes accepting, like if somebody send you along the email on your team
26:23
and you're gonna have to sit there and peace through it,
26:26
I think it's perfectly reasonable to bounce back to them and say, Listen, I could you do me a favor
26:32
You wrote me a 1000 word email here is too much in there. Can you go through and just pull out a little executive summary so that I can understand it?
26:41
And you should develop a habit of helping people understand that you do that for a reason.
26:47
If you're like me, you've got about 150 to 200 e mails every day
26:52
and do the math. If you spend one minute on each one, that's 200 minutes. That's, you know, three over three hours doing email,
27:00
so every evening from 7 p.m. To 10 p.m. All but there's a lot of people on the skull all you d'oh from 7 to 10 instead of being with your family instead of reading a book instead of going to an event, you're sitting there banging through email that people wrote that in many cases you shouldn't have been copied on
27:18
and it was way too long in the first place.
27:21
So let's see if we can do something about that. And then finally,
27:25
it's a curious kind of
27:27
habit that I see in business
27:30
that I almost can't believe happens.
27:34
And that's a prep meeting for a meeting.
27:40
Really?
27:41
Like I get that. Sometimes you have to do that. Like if you're gonna go meet the secretary of State, you won't have a meeting to talk about what you're gonna cover on. All right with that.
27:52
But sometimes people are doing meetings remains like it's a status meeting, and you do a status meeting to go over the status to go over at the status meeting. Are you kidding me? Mrs Dilbert? Stuff I. I had the good fortune to become friends with Scott Adams, the guy who writes the Dilbert cartoon.
28:10
The delightful guy so talented.
28:12
Um, hey, he says, when people send them these crazy stuff in one of the funniest things, he gets his stuff like that. We did a prep for a prep for a proper, but there's people who have done that. I bet people on this call have been a prep meeting for a private meeting
28:27
for a meeting
28:30
and and I can't think of anything that drives you into the productivity sludge more more, more readily than something like that. So now let's do some dues.
28:41
So again, on your crib sheet, I hope you I hope you wrote that. I don't do any of those things. But if you do, then stopped here. Things I want to see. If you do these, tell me if these were things that you do, you don't tell me. But in your mind,
28:52
the 1st 1 is delicate, says number one.
28:56
And when I mean delegate, I mean
28:59
delegate.
29:00
Like when I come home from work,
29:03
my wife happens to be a gourmet cook. It's her favorite hobby. He has a very nice, beautiful kitchen that we don't for her. It's her delight in life
29:12
and she cooks. So I delegate the cooking. What that means is, I really delegate. She decides what we're eating. She cooks, She shopped. She puts it all together. I walk in. I say, Honey, how are you doing? Like a kiss. So sit down while she's cooking, we'll chat.
29:30
I've delegated it. I'm not. I don't say, Hey, you really shouldn't have chopped something that way
29:36
or, you know. Hey, what'd you do this for? You know, let me let me have that. I'll show you how to do that. I don't know any of that. I'm delegate means you're delegating.
29:44
So to your direct reports and in some cases, to others, you need to be doing this. If you don't, you get the wrong team. It's a simple is that you're uncomfortable delegating of the wrong team.
29:56
Next,
29:56
cancel meetings If there's nothing to cover.
30:00
Um,
30:02
that always seems like something that people don't want to dio because they're afraid that their job will seem
30:07
less important. Or if you're serving a sponsor or customer
30:12
and and there's a regular stand up meeting to go over things,
30:15
and you're afraid that they're gonna think that you're not providing good supports, you make a bunch of *** up just so you can have a meeting.
30:22
Um, don't do that. And again, if you're in that environment and it's demanded, then you're in the royal bad environment and you fix it or move or something.
30:32
But you should feel comfortable canceling meeting. It's there. If there's no purpose, for it
30:37
is going to put away your phone during discussions. You know, people do that weird thing where you put your cell phone
30:44
on the table face up during a discussion.
30:48
I don't know if you realize it, but when you do that, you're elongating the discussion because you've made the person you're speaking with, aware that there is now a priority interrupt mechanism. You know, like on a CPU
31:00
that is sitting there and occasionally it'll buzz you both paws, you lean forward, you look at the phone, and there's some probability that you're going to either dismiss it or say who I'd better get this.
31:15
And furthermore,
31:17
you know what a disgusting concept that that priority interrupt might be more important than the person you're speaking with. So my advice is, if you want your discussions to be shorter,
31:26
more productive, more compact,
31:29
that put the *** phone away, have the discussion and take the phone out. Unless you are a heart surgeon
31:37
and and you've got a patient who is, you know about to commit, you need to be ready on the dime. I get that and we all do into the response. You know, I understand there are mitigating circumstances. But most of the time
31:48
you put the phone there, and the *** that comes up would be, ah, notification that, you know, the Yankees air over playing the Red Sox in London. Or that
31:59
some movie star somewhere, you know, just divorced her husband or some cookie *** that pops up and use you. You take your attention away from the conversation and lean into that. Give me a break.
32:12
Um, take good vacations, air currents that your team to do. So I think you need to demonstrate the people that,
32:19
um
32:20
if you're the kind of person says I can never leave,
32:23
then that means you're not delegating if you're too. If you're afraid to go away from business than
32:30
you don't trust, your team sends a message. When you take a vacation, you should go. Should not have to check back in every two seconds.
32:37
And you should encourage your team members to do something very similar.
32:43
And then, finally, this may be the most important role of the executive, something that I always took very seriously. Still, take seriously now with my own team, try to buffer them from the time wasters,
32:54
so if you're being imposed some time wasters being imposed on you
33:00
and see if you can buffer your team from that nonsense. Like if your boss demands weekly status and it's just a bunch of nonsense,
33:07
don't cascade the weekly status to someone because then that someone has to do it. It has to go to you. You have to review it. Every hop on that path
33:16
makes the whole process less productive.
33:20
If you could do the weekly status, then *** it, just do it. If you Condell a gate, the weekly status to somebody where you don't have to be involved, that's equally productive.
33:29
But stay away from these time wasters. They really can destroy the culture of a team could bring everyone more or less to their knees.
33:39
Now, the last sort of picture here is something that's very meaningful to me.
33:45
Um, before we get to our case study, I had the good fortune when I graduated Undergrad. Uh, well, I went to Dickinson College, and Carlisle studied physics. Their little small liberal arts school
33:59
way had David at Borough
34:01
as our graduation speaker the year he did the movie on the Move big epic
34:08
film on the life of Gandhi.
34:10
So for about a week, we all watch the movie and went to seminars.
34:16
I became very taken
34:19
with, um, Mohandas Gandhi. And what a credible man he waas Amazing leader and probably
34:27
a man who understood symbols more than anyone.
34:31
Like as a chief information security officer.
34:35
You're in a
34:37
sizable position, you're in executive and they're people who come in on the pen testing team or on a compliance team or
34:45
a group of folks that are doing some scanning or whatever. And they view you. You might as well be the king. You're so high up
34:51
and it's the symbols that matter like this. This morning I came into the office
34:57
when I call in to the office and I say, Hey, what's everybody want for lunch?
35:00
And I get the lunch order, you know, whatever it was today, 12 sushi balls or something,
35:06
and I go over and I get wait line and I get it. I bring the bag of stuff
35:10
and I hand it to my team. We pass it all out and I'm the boss and I went and I bought the Munch. Why do I do that? I do because it's assemble. They do it because I watch Gandhi sort of do these things, and I know
35:24
that it sends a clear message to everyone. That the boss is is is acting in a certain way. And Gandhi was perfect around that. But the reason I bring him up
35:37
this is nothing new productivity. But look at the picture there. What do you notice that's unusual about Gandhi in that picture? And I bet you've seen 1000 pictures of him.
35:49
But I'll bet you've not noticed what I'm pointing out to you now. What's right under his left hand There
35:54
there's a lot a watch. There's no clock.
35:59
And Gandhi became well known for that. That watch the fact that
36:04
he believed that
36:06
punctuality
36:07
as well as temporary, insa as well a sympathy as well as kindness.
36:13
But punctuality was something he was obsessed with. How funny is that, right? Who thinks of Gandhi is this dude who you know, was worried that he was going to be late for a meeting,
36:23
you know, but Iwas that was part of who he was and and he would talk about that. I am grizzly like even a
36:30
a museum somewhere where they have that watch. It's like probably costing $10 billion to buy that watch. I don't think it would even be for sale,
36:37
but
36:38
I would think it's disrespectful
36:42
to not be punctual and productive and get things done. When you when you do that, I think you disrespect your team. It is your responsibility
36:52
to get things done to do a punctually toe, have a plan for your day and then all those other things, like all those virtues we started with with Ben Franklin.
37:02
Boy, I'll tell you, there's no no person maybe who's ever lived
37:07
who embodies most of those wonderful virtues. Is Gandhi just kind,
37:13
very thoughtful Guy caught up in some interesting
37:15
times. You know, the different religious debates going on in India, Pakistan so so fascinating stuff.
37:23
And I know a lot of you like me
37:27
when the engineering schools, you know, I have a degree in physics and my PhD in master's in computer science. They don't teach you
37:34
political history or philosophy when you're studying atomic, a theory and calculus and physics. I had that problem
37:42
and a lot of you do, too, so you do have to go back and build your your your knowledge based by reading things like this
37:51
because I think they make you a much better manager. So So let's just summarize before we get to our case study.
37:57
Being productive is about being a better person. It's about
38:01
temperance. It's about punctuality. It's about thoughtfulness. It's about delegation and trust. It's not about being this obsessive
38:10
banger out of work. You know where you just put the hours in and you crank out the work like if the word crank
38:16
just part of your productivity equation, you got it wrong.
38:21
It's It's different. It's trust. You want to be productive. Trust is probably the most important word. And the little clock there, too, because I ieave you know me.
38:31
You know, I'm going absolutely nuts when I have a meeting with somebody in there 15 minutes late. I'm not because I'm not antsy, but it just embarrasses me that they're doing it
38:42
like it strikes me that I'm witnessing a shipwreck
38:45
when you're 15 minutes late for a meeting. It is a shipwreck, and I feel bad for you. And people always get on my head. I'm so sorry. And I would say, Oh, no problem. I got some email done. Some was trying.
38:57
You know when? When somebody you know spills coffee all over them, you try to make them feel just fine. It's fine. I was trying to do that, but in Vermont, my mind, I'm thinking if you don't fix that habit, you're gonna destroy your career because disgusting habit
39:10
to be late. Um, not only because you have the productivity
39:15
kind of implications, but also because I think it's just disrespectful. So So, from we sweep of the book ends here around. Productivity are two things that I suspect you wouldn't have expected. You know, we start with Ben Franklin would finish with Gandhi, and they're both really truly wonderful
39:34
human beings. Make sure makes me,
39:36
uh,
39:37
hopeful for our species. Now, the productivity case study here was a fun one too, right?
39:43
Because I've seen it happen.
39:45
Let me let me summarize the case study
39:50
and I won't be read it. But if you haven't, you know I can give you the essentials here, and you tell me what you think. And again, I hope you take this back to your team.
39:59
So what happens is again our hero Emily is taking questions during the event.
40:04
And, um, it's funny we were in Week seven here, and this is Emily. Seventh question. You're probably laughing thinking, but that's a hell of a meeting. Emily is that you get these tough questions, but it gives me an excuse to write the case. Studies just every writes and says, Hey, you know, Is it okay
40:20
for somebody who's really, really, really, really, really smart
40:23
and capable and comm bang things out to be treated differently than others? That's sort of the general question on what we have Here is a young man named Sanjay who works for her in her business,
40:35
and they think the kid is a genius, like I haven't deriving Maxwell's equations on a white board. The reason I use that reference I remember Bob Morris senior when he worked in the labs. He was the team lead on the project. I was working
40:50
a unit's security project, and at his going Away retirement luncheon,
40:55
he was going to work at the at N. S. A. Is their chief scientists. This is before
41:01
the Mara swarm his sons. I remember because I was one of the younger people there.
41:07
My supervisor's Terry Hart asked a NASA astronaut,
41:13
um, Czar, Supervisor. He said, Where's Bob? You know, we're all in the room. Knew he disappeared
41:19
and he said, They said, Ed, Go that I got sent to go find him in his office. When I went to his office,
41:24
he was standing in his office and he was writing equations on the board. I said, Bob, we're gonna like, blow out your cake here. Would you like to come and have some cake?
41:32
And he goes, Ah, and I said, Well, what are you doing? Because I'm deriving Maxwell's equations and he was doing it on a white board like the ultimate guy who just did not not want to be at a party eating cake, which is odd because he was a very friendly
41:49
and sort of, ah, gregarious persons. But whatever reason, you didn't want us to be in the party, and I managed to cajole him toe,
41:57
put the pen down Italy. But ah, lot of the references. When you see me writing these things, I put those little Easter eggs in, and maybe I'm the only one who notices it, but it makes the writing so delightful for me because I can put things in there from my life.
42:10
But at any rate, I have this kid's Sanjay being really good
42:15
at the present because I was late for work and he doesn't show up and as a kind of annoying
42:22
and then and, you know, Emily would say it says, you know, I spoke with him at this, and each time I said something, his behaviour would change, and then it would soon come right back again, missing meetings late for work,
42:34
and everybody's kind of, you know, you know how that issue. You know, that person at work? Well, amidst that, um, Emily had, ah, young lady ask if it would be okay
42:45
for her to take three weeks to go back
42:46
and visit with her family in India,
42:50
presumably for a wedding. You know, uh, I've never been to a wedding in India, but they sound and I got a hell of a lot of fun. They seem to go on for a long time. So she wanted to go, and he and she said, Well, look, you only have one week vacation. She's very disappointed that she could always go only go away for one week, but she accepted it well around that. Time is a
43:08
big problem in that
43:10
some project and,
43:13
you know, something had to be done quickly, and there was a team off figuring out how to do it. But Sunday comes in like literally over weekend and bangs the stuff out so quickly and so perfectly and delivers it to the C i o. Sort of sidestepping the whole process. So the team that had been planning it
43:32
looks up, and Sanjay had it all done.
43:36
So the c i o. Is beaming. You know, she doesn't care that,
43:40
um, you know, whatever. You had a process. And maybe there's some hurt feelings, not my problem. This stuff works perfectly,
43:47
and everybody gets called into the demo. Sanjay says the software works great. It's perfect
43:53
and just a TTE that moment, the CIA says, I'm listen because this is such an amazing job, Cygnus, all this work,
44:00
Sanjay mentioned he wanted to go visit with his family in India for three weeks, and I said, of course, and I want to wish him well, and everybody claps and Emily's there, along with the young lady that she just told, couldn't go to India for three weeks. But now Sanjay is gonna go blah, blah, blah, blah. You get the point.
44:19
So Emily says this is not good. So she calls a meeting.
44:22
I invite Sanjay to come. He does come there on the room. She walks into the room, closes the door. It's her team it Sanjay. It's the young lady who she said couldn't go to India. It's everybody else,
44:32
and that's where I leave the case. Study off.
44:37
You know what does? Emily said.
44:38
What does she do?
44:40
And it touches on productivity because we tend to reward
44:45
the deliverer herbal
44:47
right? We tend to say Who cranks it out.
44:51
Who gets it done. If you work in sales, it's what do your numbers?
44:55
You sold $18 million with the product,
44:59
and this other person sold $375,000 worth of product.
45:04
Well, guess what? I'm going to reward you and not this other person. Never mind that. Maybe the $18 million you stepped on everybody's heads to do it. Maybe allied and maybe did all kinds of horrible things, but I don't care.
45:17
You sold 18 million bucks in the 375,000. Well, maybe we're given a bum account that had to be done and that 3 75 might grow in the future into 70 million
45:30
and may be required that you do some extraordinary work. But I don't care.
45:34
It's the result.
45:35
Ah, so productivity and output are often viewed is synonymous. So So the discussion items. Have you ever had somebody like Sanjay and your work group?
45:45
How do you feel about somebody side stepping
45:47
a process and just banging something out?
45:52
Do you think it was reasonable for the CEO to call that demo and thanking everyone without really consulting Emily?
45:58
Um, should Sanjay be allowed to go to India for the extra weeks
46:01
and what would you D'oh! What would you say in that meeting? You just close the door. There's your team there, Sanjay, there's everyone. What are you going to say?
46:09
Welcomes
46:10
to the wonderful world of management, executive management, those thes air, the kinds of things that
46:17
you need to think through because this is exactly the kind of thing that happens on a somewhat regular basis dealing with this and again
46:25
earlier, we talked about Ben Franklin and we talked about Gandhi.
46:30
You should close your eyes and think if I was Ben Franklin what I say, Well, what would I talk about? You might come in and talk about the virtues of team
46:39
and you might start by. I'll tell you what I would do. I would start by congratulating Sanjana Very good job done, at least in terms of the productivity, the output, the work that was done. But then I would have a very large but comma.
46:53
And then we would talk about the virtues of team
46:55
and how important it is to work together and how much it means to all of us to be a team rather than a group of individuals blah, blah, blah. But that's what I would.
47:06
But you have to develop your style.
47:08
So if that's useful again, I hope you take that
47:10
back. Now, this little funny cartoon year I've got a guest here that's been a friend of mine for
47:16
a number of years now. I think he's an absolutely wonderful Ah person manager, executive
47:23
business leader.
47:24
His name is Mike Stang. Go and I'm gonna just say a couple words about him before,
47:30
ask him to share with us some of his experience from working with. He says he and I were part of a new event that his team at Security 50
47:39
which is part of World 50 had put together and a river.
47:43
Madeleine Albright was the, uh, was one of the speakers at the event, and we've done a cartoon for her rich pal and I do the Charlie see so serious that I know a lot of you read
47:54
and Mike was kind enough to let us commission something. So we wanted to do one for Mike
48:00
and you know why we did one And Mike's Last name is It wasn't His name is M I k E e Mike. And then his last name is S t a N g o.
48:12
So we made the first frame a manager looking at expense, presumably, for like a world's 50 bill or something. You you've gone in your
48:21
you're paying World 15 and would have said, Mike's tango is a point of contact, and I have the manager saying, What's this expense for Mike's
48:28
tango?
48:30
And then Charlie goes now, dude, you know what? Mike's Tango. It's Mike Stang go from world 50.
48:38
That's what the expenses for. And then in the last panel, we have the manager saying, you know, I care who it's from. We don't pay for dance lessons on Duh.
48:46
And we frame an unusual picture. My friend Mike, who's who's on the line with us now.
48:52
Mike, I hope you weren't mad that we, uh, put you in a cartoon. I hope that was okay. We certainly enjoyed
48:59
doing that for you again. I hope that that wasn't
49:02
too tedious, Frito to be the star of our car too.
49:09
Do we have my con? You're on my
49:14
leader. Can you hear me? OK, OK, I can, Mike. I can hear you just fine. I was just saying I hope you I hope you enjoyed being the star of the cartoon back a couple of months ago when we did this.
49:28
But I think we lost you again. Mike, can you, uh, whatever you were doing before we heard you. Now
49:34
you can hear me. OK? Can Yes. You're coming through loud and clear, but well,
49:40
no. I much prefer to be the frame rather than the picture. But everyone in the office really enjoyed the comic strip here and sad to say, I still haven't learned how to tango yet. But thank you so much for the opportunity.
49:55
Mike, I want you to take a minute and share with the group here. This is We've got a fairly large group here,
50:01
folks who are
50:02
either mid or latter portion of their career who have in their career plans
50:09
to become ah see, so are a senior executive in our business and, like you work with an awful lot of them. Share about security 50. And then I've got some specific questions related to some of the habits and traits of some of the more successful he said you work with, but just briefly tell us about your work at Security 50.
50:30
Yeah, so as you mentioned early on, Security 50 is a private peer to peer organization. We're under the umbrella of World 50. So if we imagine that the top pieces in the world and top chief marketing officer of financial officers we basically have these communities of practice and
50:46
we have to call it that the Fight club for si SOS, where everything stays in the organization Chatham House rule,
50:53
where is really just some of the best leaders in the world trying to help each other to become better at what they're doing. And we really focus on some of these leadership aspects and less around the technology. But more just around, what is it that helps you to be a better leader, more effective within the organization
51:14
internally, with a colder management
51:15
externally being a true business enabler across the organization? So really try to do that in fun and interesting ways, and not just from the standpoint of helping them to be better security executives or technologists, but
51:32
better leaders in life as well.
51:36
Well, I think you run one of the finest programs I've ever seen. Bar None, and you personally
51:42
are one of the finest leaders of of, uh, executives I've ever seen. Well, I'm no Casely prone to hyperbole, but
51:51
you really do a great job. Now. We we deluded earlier to these
51:57
personality traits, you know, we started, You know, you may not been on, but we're talking a little bit about Ben Franklin's autobiography, things that he thought about,
52:07
um, to make him a better executive.
52:09
Sometimes it's a little corny, but I've always wanted to ask you, Is it corny for executives to make a list of things like
52:17
be listening and being temperate and being sympathetic and being friendly and being thought? Our eyes that just a bunch, according nonsense? Or has it been your observation that people who actually embrace that tend to be more successful than ones who don't? What's been your observation?
52:34
Absolutely not corny. I'm even going back to punctuality with Gandhi there. I mean, I think that's all applicable to
52:42
the sea. So some of the most effective one, I would say. I've seen a lot of chief information security officers
52:49
somewhere, always rushing around hair on fire, whether they're looking at their phone constantly putting out another fire.
52:55
But perhaps the best, he says. I've seen, I think this goes for any leader. They always seem to have time for the person right in front of them, and they're truly present. And this goes for individuals like yourself. You always had time to talk to the people that you run. They're not distracting or rushing from meeting to meeting.
53:15
It's almost like the doctor's office right
53:16
where
53:17
the doctors are running 45 minutes or an hour late for every appointment and running, meeting to meeting, like, you know how many patients you have that day? Why wouldn't you just pad your schedule to accommodate those meaningful conversations that you know we're gonna last for more than 29 minutes? 59 minutes.
53:37
So I would just say you model the behavior at the sea. So for your organization, if you're going around with your hair on fire or being the person that can just pick something in a weekend, you're setting that example like a Sanjay that that's acceptable behavior to just be a rogue individual contributor.
53:57
You know, Mike, we were talking earlier about some of the counter examples The things that I've learned from you
54:04
and that you and I have both observed in successful C says We see it in business. We see definitely in politics
54:09
where you see these rough and tumble types who,
54:15
you know, a very confrontational and non sympathetic and, you know, just kind of roll over. Anything in their way is you all can think of business leaders who done that.
54:23
But, you know, did you ever find yourself in conversations even either over a beer or during it. One of the fine discussions You lied at Security 50 where people debate that point like, How is it
54:36
that some people seem to violate some these personality traits that you and I value and yet can still seem to get ahead? What what's the How do you explain that paradox? Or can you explain the paradox?
54:50
I think I think it only gets you so far. I mean, some can get to the highest levels of of their organization. But I think in terms of truly becoming an enabler of the business or a partner to business owners or risk owners across the business,
55:07
you want to have people that
55:08
you can count on in a crisis.
55:12
You want to have people that really represent the best of the organization or in a true alignment with the mission for that organization.
55:22
So I think a good example have, ah see so in our community, who is a former U. S. Secret Service agent
55:30
And he was telling a story back when he was a Secret Service agent, and they were on the tarmac with a plane fully loaded with some major dignitary. Terry's on the plane
55:42
in order to move from Point A to point B and do what he needed to do. He ran.
55:49
He just ran across the tarmac.
55:51
Now did he get there faster? Yes, but did he just alarm everyone around him?
55:58
Um,
55:59
and basically go counter to what they needed to feel that level of safety. Everyone thought there was a major situation, So when he got out of that, he learned right away, like
56:10
I do not need to run. I need to walk from Point A to point B and even take that into the board room with him, where
56:19
the when he tells his story of security or has the conversation with the board members, It's always a low, confident toned that measured that's trusting. They know that in crisis mode, this will be a measured individual that they can count on.
56:36
I think we need to do that. It calms you down anyway. I think there's something to
56:39
if you want it. If you want to become the knack calm. If you want to be confident than act confident, there's something to that
56:46
and I think that over time you learn that. But Mike, I want to ask you about community and and in particular external community. You do as good a job as anyone I know in helping to foster relationships between security folks that work in different businesses and different industries, different levels of their career.
57:06
How important would you say? Is it for the people who are listening here?
57:09
Thio two maybe recognized that at some point it's going to be more than just that inward focus around the company and that at some point you need to recognize you. Not only should be part of a community is your benefit, but I would even dare say maybe oven obligation to contribute to the community. What do you think in that regard? What have been your experience with
57:29
building and running
57:30
community?
57:30
Uh, my experience is even talking to pieces on the phone earlier today. It's a very lonely job, and unless they're constantly seeking that outside perspective, not just within their own industry but
57:45
other industries. Whether you're in telecom, you need to talk to energy sector or financial service is which may have
57:52
more mature operations, but you want to hear from some consumer product goods or retail or manufacturing environments, where They may be doing more with less in certain situations, but it's a very lonely position.
58:06
And if you're going at it from an internal perspective, what you've been in your organization for 10 years is like That's just the way that things work around here.
58:14
I'm having trouble pushing this up the hill.
58:16
You're stuck in a situation where you're looking at something myopically and just need help reframing the problem.
58:22
So being able to talk to appear and whether it's another chief information security officer or whether it's someone from a different feel the CFO, our chief human resource officer, or just someone else out there in a different industry,
58:37
they can be great sounding boards for you to just help you reframe the problem and look at something a different way that if you were focused internally and had your head down, you're not gonna be able to come to the same understanding.
58:51
You know, Mike, for people who might have some interest
58:55
in getting involved in what you d'oh! I have a feeling I'm going to get barraged with the notes from people saying How'd away
59:02
get involved, helpless and just sort of is a closing thought there. I suspect somebody who just left Stanford and just started work on the scanning team at the city.
59:13
Probably not the type of person who would join a security 50 to share with other executives. Do you not an executive, but kind of win is the right time for somebody to be thinking about your type of group. And when it is that time, what? How logistically would they go about getting in touch with someone like you?
59:30
Yeah. So, ah, lot of our organization is sea level C minus one C minus two level. So maybe director to VP, the senior VP and beyond a sea level positions.
59:44
But we do a lot of program leadership development for those next in line, perhaps like a deputy. See, So, um, or someone who's who's the head of a stock who's looking to go into the next level of their career? We we do a lot of cross functional leadership development because,
60:02
as you're even thinking,
60:04
you can get too focused in one, particularly whether it's the technology or just one aspect of the role itself. You need exposure to some of the best leaders in the world and That's what we try to dio expose them to true practitioners like yourself who have been battle tested.
60:23
Been there, done that and just share your story.
60:25
It's just one of those where it's like
60:30
whatever got you to wherever you are
60:32
in that organization at the next level,
60:37
you need a different skill set. You need to approach it a different way. It's not necessarily the same role, just amplified to a degree, so that's really where we focus. It really is a wonderful program. It's helped me immeasurably. You guys have must win the award for the most sparse website ever.
60:53
It is. I guess there's probably an intro ad or contact hat or something like
60:59
that on the website. If someone wants, would it be World 50? Is that with issues? Yeah, Or you could just feel free to share my information with folks on the line Here is well, and it's just mike dot tango at world 50 dot com, not Mike Tango.
61:15
We had better reserve that we're gonna have to find
61:20
Hey, Michael, Listen, uh, you're so kind to join. I wanted people to hear your voice and hear a little bit. About what you do and
61:28
and just also get a feel for one of the benefits
61:31
of getting to the point where you become a C or C minus one executive you get access to programs is
61:38
as great as from world 50. So, Mike, thanks for getting on and sharing a little bit with our community here
61:45
very much. Appreciate the opportunity. And thanks for your men to worship at as well. You bet. Well, listen, everybody, that's Ah, that's our seventh lecture will be back next week with number eight.
61:55
Um, keep the comment rolling. And everybody have a really wonderful week and we'll talk to you next week and leave. Thanks for setting up this week. We'll seal.
Instructed By
Similar Content
