Archive | corporate intelligence RSS for this section

Security Leadership within the 4th Disruption: Three Issues to Consider

In 2016, the founder of The World Economic Forum, Klaus Schwab, suggested we were at the beginnings of what he coined “The Fourth Industrial Revolution” (Shwab, 2016). The latest industrial revolution is an amalgamation of the technological and physical with implications beyond the immediate industries involved. Schwab stated, “The Fourth is evolving at an exponential rather than a linear pace. Moreover, it is disrupting almost every industry in every country (Shwab, 2016).

As Schwab suggests, this has been a disruptive factor across all sectors of industry. We have and will continue to witness the evolution of existing threat vectors and the creation of new ones.  Regardless, this should give pause to leaders within the corporate security community who must examine the potential impacts of these threats while continuing to manage their own group’s transformative pathways  and staying relevant to their industries. As the company and business change, so then does the work of security leaders and the business of security.

Here are three issues for consideration:

Corporations as a Geopolitical Entity

Companies have been affected by politics, and history contains examples of corporate entities engaging on the geopolitical stage. Historically, the South American Chaco War (and corporate involvement) brought us the important Supreme Court case United States v. Curtiss-Wright Export Corp. that helped define the powers of the executive branch as the main conductor of foreign affairs (oyez, 2018).  More recently, corporations have felt the effects from polarizing political events, both domestic and foreign. Most notably, Facebook (FB) has come under scrutiny, being asked to defend its ability to mitigate issues involving foreign tampering as well as issues with data privacy, squarely placing it on the geopolitical stage.

Typically, companies choose to remain mostly neutral, openly preferring the calculations over profit-and-loss in lieu of issues involving power politics. But, the fourth disruption has brought us further into an interconnected world. A recent study suggests political risk is at a marked increase because of this interconnectedness.  Through the power of technology, geopolitical activities which would be seen playing out over months now move “at the speed of social media” (West, 2018).

Activities thought to drive profits now have unintended consequences that are played out in the political and social media arenas, having lasting effects on the bottom line. Often this will occur unintentionally, but the politicization of much of our discourse has added social conflict to previous untouched areas. Whether at the behest of the company or not, the enterprise is more involved by great power politics than ever . Facebook’s monetization of data is standard for the industry as social media is free for the user, but this threw the company into the issue of privacy rights in the US and beyond. A simple calculation over profits cascaded into mass controversy. Even the recent debate over gun control created this problem. Delta lost 40 million USD in tax credits in Georgia because they ended their ties with the NRA in an attempt to side with their customers.

Information Operations

Once partitioned to a shadowy world, this idea of inform-and-influence activities coupled with cyberspace actions mean both large and small state actors can harness and produce similar effects towards adversaries, both real and perceived. Whether from interference during elections via misinformation and influence activities or cyber-attacks on multi-national corporations deemed unworthy, this new state of play suggests corporations have and will be on the same battle ground traditionally reserved for state-to-state activities .  Writing for the Cipher Brief, Lieutenant Commander Robert Bebber suggests the following:

“Cyberspace is an entirely new strategic environment, one which has important distinctions from the traditional domains of land, sea, air, and space. Questions of sovereignty are ambiguous at best in cyberspace. The domain cannot be segmented into a military sphere and civilian sphere in ways that we do in traditional areas like land, sea, or air. One cannot declare a “war zone” in cyberspace for example” (Bebber, 2018).

Not just state actors, either. Disruptive groups whose causes may vary from criminal to extremism have continued to embrace technology for their own use, exposing and exploiting gaps.

And what happens if bad actors should set up parameters and then let ‘machine learning’ decide when to act, based on the environment and conditions. Jason Healy of the Atlantic Council states, “we should begin the real debate of whether and when our cyber weapons should make their own decisions about when to destroy on our behalf” (Healey, 2013).  The physical aspects of a cyber based attack could play out in real time, offering a myriad of hybrid issues for both  Chief Security Officers (CSO) and Chief Information Security Officers (CISO), alike.

Great Power Politics in the Digital Age

This virtual shadowy cold conflict (unlike its historical cousin, which played out in the real world) is far less resource intensive. With the ability to further bury one’s self within multiple layers, non-state actors and state adversaries can (and are) manifesting actions which have direct and indirect effects to a corporation. “Deterrence does not apply in a space where adversaries are conducting long-term, persistent campaigns – especially campaigns ‘operating below the threshold of military conflict…cloaked in deniability” (Bebber, 2018).

Congress attempted to help corporations in this issue with the introduction of the Hack Back bill that would allow corporations to go after hackers. However, this would privatize national security and law enforcement in a way not seen before, which might be necessary because of a lack of a “war zone.” In addition, the ability for attacks to conceal their origins and identities makes protective intelligence and counter-intelligence extremely difficult.

What’s required to manage risk in this fourth revolution, from a leader’s perspective? Security leaders need to accept the world we live in is now has moved beyond the traditional 3G (Guns, Guards and Gates) environment to encompass the 4G (Guns, Guards, Gates, and Gigabytes).

Fusion: Internal

This means more interactions within areas we would not traditionally parlay into lines of business that include (but not limited to) areas such as; cyber, legal and/or finance.

Cyber

Corporate and Risk Threat Intelligence teams have more in common than traditionally thought.  Increased discourse among all relevant parties is necessary to detect anomalous behavior.

Legal

Multinationals are subject to a host of international regulations ranging from privacy and data security to sanctions compliance.  It’s important for security leadership to understand what those are and how they could affect corporate activity in each area, including everything from business travel risk to due diligence efforts as a result of government sanctions.

Finance

The 10k risk report (or the private corporations equivalent) is a document each leader should study and promote within their own organization.  In addition to financials, it essentially states what top risks the board (or corporate leadership) is concerned with and what their particular business interests are. This helps not only give direction for a coordinated response, but also helps drive scenario-based intelligence which can both create pathways and open doors for deeper conversations at the senior leadership level.

Fusion: External

Connections with our traditional networks must continue to grow and strengthen.  As risks manifest at an increasing rate, our information sharing and response times must improve.

Public-private partnerships rooted in information sharing traditionally focus on critical infrastructure. What is required now is the same “all source” approach to identifying and notifying of threats, especially when the digital layer is added.  Having an “all defenders” approach will cast a wider net as well as reduce gap time from the 2nd and 3rd orders of effects stemming from hybrid activity.

Our relationships within this risk information sharing vehicle must mature, as the landscape does. National security threats to the government and state economy are also threatening to multi-national corporations. For example, North Korea has attempted to hack other governments in support of their interests, but they used the same technology to go after Sony for insulting their leader.

Embrace Digital Transformation

By embracing the 4th disruption and its related technologies, corporate security organizations can focus on their primary roles while reducing noise through automation and the digitization of their business processes. Director for Defense Intelligence Jack Shanahan suggests letting “the tech do the rote work, so humans can do what they do best” (Williams, 2017).

Digital transformation augments your current systems, people, and processes with a digital layer, allowing your best and brightest to focus on the core tasks of life/safety and the ancillary tasks of risk management. As Schwab states, “[B]usiness leaders and senior executives need to understand their changing environment, challenge the assumptions of their operating teams, and relentlessly and continuously innovate” (Shwab, 2016).

The 4th disruption may present challenges, but it also encourages innovation that can (and likely will) lead to greater abilities to see and defend against threats.  As leaders, our jobs are to continue to educate ourselves and embrace transformation.  Old ways may still be applicable, but we need to constantly challenge and drive ourselves (and our teams) towards approaching them with a new optic.

Our leadership must evolve, too.  Generating clarity and driving innovation is our task along with continued sharing of best practices and lessons learned to help defend and deter though dissemination.  Fortunately, many are up to the task and seek to learn from and work through the very issues noted, herein.

Works Cited
Bebber, R. (2018, April 1). The Cipher Brief. Retrieved from thecipherbrief.com: https://www.thecipherbrief.com/column/strategic-view/no-thing-cyber-deterrence-please-stop?utm_source=Join+the+Community+Subscribers&utm_campaign=1ffbf75823-EMAIL_CAMPAIGN_2018_04_02&utm_medium=email&utm_term=0_02cbee778d-1ffbf75823-122526325&mc_cid=1ffbf
Healey, J. (2013, Apr 16). Huff Post. Retrieved from Huffington Post: https://www.huffingtonpost.com/jason-healey/stuxnet-cyberwarfare_b_3091274.html
Oyez, United States v. Curtiss-Wright Export Corporation. – 299us304 (Supreme Court April 7, 2018). Retrieved from Oyez: https://www.oyez.org/cases/1900-1940/299us304
Shwab, K. (2016, Jan 14). World Economic Forum. Retrieved from weforum.org: https://www.weforum.org/agenda/2016/01/the-fourth-industrial-revolution-what-it-means-and-how-to-respond/
West, R. D. (2018, Mar). The CEO as a Geopolitical Officer. Retrieved from kpmg.com: kpmg.com/geopolitical
Williams, L. (2017, Nov 2). FCW: The Business of Federal Technology. Retrieved from FCW.com: https://fcw.com/articles/2017/11/02/shanahan-maven-usaf-ai.aspx

 

please note: comments herein are those of the author and do not necessarily represent those of any organization he is involved with.

Advertisements

Culture and Leadership

 

word with dice on white background- culture

Culture is more important than anything

 

It is the single most important element that any leader should obsess upon. It is created and exists even if you don’t think about it.  Culture affects everything from esprit-de-corps to productivity.  It’s also vitally important to gauge and ensure you and your key leaders are aligned as to how you are defining what it is and what you value, within your group.

 

As a leader, you are responsible for the culture of the team.  It’s hard to shape and maintain and even harder to get back on track, once misaligned. 

 

Everything is Phase 0 (shaping) 

 

Words and Deeds have meaning, and problems occur when these things do not align.  You and your leaders must strive to ensure you, “do what you say and say what you do.”  Deviations of your ‘true north’ (no matter how small) create ripple effects amongst the greater team.  In this regard, the team redefines the zeitgeist of the organization constantly…  and usually when leadership is not around. 

 

So – be certain you are matching what you want as culture to any actions as leaders. 

Three-Dimensional Thinking is a Leader’s Prime Directive

 

When an opportunity presents itself (good, bad or indifferent) the first questions should always be, Pyramid 3dshould we keep doing the same thing…the same way.”  Always stop and ask yourself, “What are other ways we can achieve” or “How can we refine the way this is done?”  Even if the end-state is no change, thinking the issue through this way and forcing the conversation amongst your leadership is key to developing a growth mindset and instilling your cultural values. 

 

 

If nothing else, remember you and your key leaders are stewards of your organization and company.  Have full faith, respect and trust in your folks to, as Norman Schwarzkopf said, “Do what’s right” and hold the line on maintaining the culture of the organization.

 

 lambda

 

 

 How do you think about and develop culture within your own group?

 

Strategy and Protective Operations

Strategy. You hear this word a lot. Whether it’s managing a line of business or an operation, it feels like it is an imperative to understand and have strategy within your program. Without it though, it’s certain you risk forfeiting your activity and any long term gains you might hope to achieve with your protection efforts.

Obviously, the overarching goal is the protection of your designate(s).  So that’s our strategy, ‘nuff said, right?  Wrong.  That’s “the mission.”  Strategic thinking involves more, “Strategic thinking is a process that defines the manner in which people think about, assess, view, and create the future for themselves and others” (Ebersole, 2017).  Making longer decisions and plans require a bit more in order to support the operational mission.  With that in mind, here are a few thoughts to help you get started to set your strategy or, perhaps, evaluate your current one.

Understand the concept of risk based protection

Protection efforts and programs are started from ‘risk.’  Whether direct or indirect, it is this spark from which all stems.  However, risk is an asymmetrical beast.  It is both malleable and elusive, constantly trying to evade and undermine your actions.  To this end, you must have a process by which risk is being evaluated and qualified.

Risk.png

Develop your risk model or system (easily searched) and ensure you use it.  It should and will be important to driving your long-term plans as well as helping decision making.

 

 

 

Resource management is a center of gravity

Every program must understand, set and track resources.  This is about more than financials, too.  It spreads to areas such as people and equipment, as well.  We need to value these items, as they are vital to keeping momentum within our organizations and ensure the protective program we have in place doesn’t lag.  It’s an important factor in a program’s readiness.

Placing and tracking value will help you identify trends in resources and allow you to become more predictable in those areas.  This will help earmark and deal with those areas you can’t, too.  Like those sudden fast balls or other operational surges.

COG

Think Three Dimensionally

Risk is not a balanced problem.  As a result, neither should your  approach to managing strategy be. As the missions remains  (to protect) you should always be looking at new angles of approach to the strategic vision.  It means looking at new optics of risk, while questioning your old ones.  Charles Koch suggested in his 2007 book, The Science of Success: How Market-Based Management Built the World’s Largest Private Company, “the principal of vision to ascertain [long term] value can and should be created in any organization, at any given time” (Koch, 2007).

3d.jpg

It’s important to constantly re-examine our risks and look for opportunities vice doing the same things we have always done and, perhaps, sense any black swans circling for opportunity to swoop in and throw us off of our operational mission.

Obviously, so much more to designing and maintaining a strategy.  It should be part of your regular meter to obsessively examine and track your strategic goals.

Hopefully, these ideas validated or generated some questions for you. How have you set and manage your protective team’s strategy?

 

Works Cited

Ebersole, J. G. (2017, NOV 15). Course and Direction. Retrieved from cssp.com: http://www.cssp.com/CD0808b/CriticalStrategicThinkingSkills/

Koch, C. G. (2007). The Science of Success: How Market-Based Management Built the World’s Largest Private Company. New York: Wiley.

 

 

 

3 Thoughts towards being innovative

Innovative ~ in·no·va·tive [ˈinəˌvādiv]

Adjective (of a product, idea, etc.) featuring new methods; advanced and original: innovative designs

Innovation requires white space

When your mind is quiet, the best ideas will come to the surface. “when we quiet the mind through contemplative practices such as meditation, we eventually discover that awareness or consciousness exists beyond it.” (Jan Birchfield, 2013)

While this doesn’t necessarily mean, you have sit in a corner and contemplate your navel (although that also works) it suggests that, through common practices that allow our minds a break from the daily cacophony our subconscious to open and allow new thoughts forward.

 

6tag_070516-083302

 

Innovation requires energy

When you think of people who are innovative, lack of exuberance is generally not associated with them.  People like Richard Branson or Tony Robbins are powerhouses of eRownergy.  Going to the gym is not enough, it requires a commitment to self that includes, basically, taking care of yourself; “The corporate athlete doesn’t build a strong physical foundation by exercise alone, of course. Good sleeping and eating rituals are integral to effective energy management.” (Jim Loehr, 2001)

Energy doesn’t dissipate, it only becomes something else.  So, with this in mind, it only makes sense to produce positive energy, starting with yourself, and put it out there.

 

 

Innovation requires learning

Warren Buffet’s partner, Charlie Munger said of his partner, “If you watched Warren Buffett with a time clock, I would say half of all the time he spends is just sitting on his ass and reading. And a big chunk of the rest of the time is spent talking on the phone or personally with people he trusts.” (Wu, 2014)  It is said Buffet read over 500 pages per week and, to this end, he has credited his success to that voracious reading.WP_20141230_004 3

With today’s technology ‘reading’ can be sought via many ways.  Whether through podcasts or newspapers that have an .mp3 function to audiobooks, there is not excuse to not have a bias-to-learn attitude.

 

Works Cited
Jan Birchfield, P. (2013, Jan 29). The Huffington Post: Blog. Retrieved from huffingtonpost.com: http://www.huffingtonpost.com/jan-birchfield-phd/business-innovation_b_2563774.html
Jim Loehr, T. S. (2001, Jan). The Making of a Corporate Athlete. Harvard Business Review.
Wu, G. (2014, Oct 16). Gary Wu Personal Development. Retrieved from garywu.next: http://www.garywu.net/influential-people-importance-reading/

 

— AFTER THE CREDIT SCENE —

Innovation requires listening

True connection comes from real connections and thankfulness.  No room here for false platitudes, take time and actively listen to what’s going on around you.  Whether in meetings or at home, listen to learn

END OF THE YEAR COFFEE…A REDUX

Just over a year ago I wrote about having that Your End Of The Year Coffee With… Yourself.  Basically, my thoughts were about putting some time aside to reflect, review and renew what you have just gone through, how it aligned with your goals and what changes (if anything) over the next year you want to make.

Now’s the time

This time of year is good to mull over those thoughts and take stock in your activities.  I still believe in taking out a piece of paper and writing headlines along the top in order to help guide yourself.  Along with this, it’s also time to be disruptive to yourself.  No, I don’t mean, “wind-sprints- ‘till-you-drop.” Ask some additional questions to help pull out some constructively disruptive ideas as they could lead to both creative and innovative pathways.

“The only man who never makes mistakes is the man who never does anything.”

 Theodore Roosevelt

Disorderly for Goodness’ Sake

I’m a fan of #TimFerriss and while I don’t subscribe to everything he does, I follow most of his stuff.  Ferriss believes in taking time for self-reflection and openly thinking about ways to mix things up.  If you want some additional motivation, listen to this recent podcast from the polymath on being a better version of you.

While you are at it, brainstorm about how to mix up your own environment (work or personal) by jotting down the first ten things that come into your mind if asked, “How could I positively disrupt my pattern over the next three months?” or (as Ferriss suggests), “If I needed to accomplish [all] my goals in the next six months, what would I need to focus on?”  If you stop and think about the last bit there for a second… it’s kind of powerful and worth repeating; If you had to get it all done in six months…. what do you need to focus on, right now, to set up the win?

The Forest and the Trees

Why should someone do this?  Because looking over the master plan and ensuring you’re still on course helps you see your goals and take stock in those things you are doing right.  When reflecting upon conducting warfare President Dwight B. Eisenhower once mused, “In preparing for battle I have always found that plans are useless, but planning is indispensable.”  By planning, we make it easier to stay of course when random acts of the universe come to mix things up…and you know they will.

 

“Every time I find myself stressed out, it’s because I do things primarily driven by growth.”

Tim Ferriss

 

As for me, this year I was fortunate enough to get away and discover some white space this last week. With no electronics (except for the ever-present smart phone for emergencies) or distractions, I had a few days of reading, reflecting and note taking.  And yes, I also found some quiet time for my own cup of coffee with myself…and a friend.

jack

 

Note: Last year several people wrote back to me and shared their own thoughts after having that cup o’ joe with themselves and (more importantly) what they discovered.    Let me know how yours goes too.

Keep your head down

 

How to level up….easily…

Riyadh 2010 (24)It’s 2230 hours somewhere in East Asia. The principal has finally gone to sleep and you have put her chief of staff to bed, as well as the two folks from the communications division that tagged along on the trip.  You’re in your room mulling over the schedule for the next day because the local branch of the company has made some changes to the schedule and the boss approved.  Satisfied that you have an understanding, you decide to get some sleep.  As you get ready for bed, you hear something going on outside the window, most likely down in the entryway. You think “Radio” but then realized they are not allowed in this country for foreign teams. Texting your partner, they indicate they are trying to get your local support on the phone.

Quickly running options, you say, “Get the cars around to the side checkpoint and call me back in 5 minutes.” Pulling on your polo and grabbing your small bugout bag the hotel phones rings. It’s the principal. She wants to know if your tracking all this. You calmingly state you are and that she needs to stay put, you’re coming to her. She asks about the staff. You say they should be in their rooms and she replies the last thing they told her was that they were going to the lobby bar for a nightcap. She wants you to organize everyone into her suite and hangs up the phone. As you’re moving you pick up the cell and call your #2 thinking, this detail just got a lot more complex…

What do you do? How would you plan? What contingencies are running through your mind? Are there any locals you can call? What’s my network like? Can we make it to our safe zone? Why did they go get a nightcap when you told them not to?

IPSB III

Understanding the experiences from incidents and trials others have had helps us plan our own details and future contingencies.  The aim of the International Protective Security Board (IPSB) is to spark these types of exchanges thru education and networking activities. Building a positive and deeply rich extended group of contacts is helpful. At times, I have needed everything from language support on a person of interest who popped up (long story) to suddenly having to change out an entire local provider at the last minute (more long stories).

Come meet up with other fellow practitioners and share stories, break bread, extend friendships and engage in new professional contacts. We are going to have a full range of speakers and will be covering a wide range of issues, from tactical to the strategic.  I’m personally excited to see the new tac-talks that are coming.

This is an event by practitioners, for practitioners. It doesn’t matter what school or group you came or work with… this is our industry’s time to come together. Mount up and come be part of the conversation this December 2nd and 3rd in Vegas!

 TO INCREASE ACUMEN, CLICK HERE!

 

~Chuck Randolph

July 2016

Priorities and Requirements: a Primer for Leaders

Show up. Chat with co-workers. Perform tasks. Respond to emails. Work on a Project X, Y or Z. Make Phone calls. Attend to tasks. Have a cup of coffee. Scan internet. Put it to bed…wake up, rinse and repeat.

Every day, people everywhere perform and repeat this pattern, or something similar to this.  It’s not a bad thing.  Come in, do work, socialize a bit, eat, do more things and then call it a day.  Every once-in-a-while things get taken home or the occasional early/late meeting is attended to account for an international colleague.  Generally, we know this as work…  and it is, for most. – It is a requirement.

Riyadh 2010 (24)

contemplate your team’s priorities.

 

You…you, however, are a leader.  Those tactical things I just referred to as “requirements,” they are items we are expected to perform and they make up the reason that we were brought on in the first place.  Ensuring mission planning is done, making sure we have met our weekly plans, attending meetings and reporting out on activity, etc. etc.  These are activities that, while a major motion for a lot of our team, make up one part of what we as managers (or leaders) must execute on.

Mentoring, thinking, tasking, tracking, advising, spending time and strategizing…these are activities which drive us as leaders.  They are the things we need to get done in order to move our organization forward.

They map to larger ideals like:

  • Culture Change
    • Reinforce a climate of communications, collaboration and innovation that creates a “bias-for-action”
  • Knowledge Management
    • Establish an environment to capture/refine/share organizational knowledge
  • Strategic Business Planning
    • Thoughtful, deliberate, timely and cost-effective decisions
  • Cross-Functional Alignment  
    • Improve overall efficiency through coordination and synchronization

It’s daunting.  When we were hired to be an agent or analyst it was fairly simple to show up, do the list, move on to the next item and check that block…MAKE A DOUGHNUT.  Now we have to do that and more… MANAGE AN EXPERIENCE.  It’s because we have a higher sense of responsibility to feed, manage and take care of this beast that we own. –  It is our priority.

Former Microsoft CEO Steve Ballmer once said, “If you’re going to do a job… do a job.”  Simply put, he was explaining to be a part of something, you need to be all in.  You need to give of and beyond yourself by… doing the deep work.

That’s the thing, though.  What is my j-o-b?  Your job is to help conceive strategy, be thoughtful and deliberate, to understand your line of effort, listen and, above all else, take care of your people.  After all, they are the ones fulfilling the requirements as we work on our organization’s main priorities.