Archive | management RSS for this section

Security Leadership within the 4th Disruption: Three Issues to Consider

In 2016, the founder of The World Economic Forum, Klaus Schwab, suggested we were at the beginnings of what he coined “The Fourth Industrial Revolution” (Shwab, 2016). The latest industrial revolution is an amalgamation of the technological and physical with implications beyond the immediate industries involved. Schwab stated, “The Fourth is evolving at an exponential rather than a linear pace. Moreover, it is disrupting almost every industry in every country (Shwab, 2016).

As Schwab suggests, this has been a disruptive factor across all sectors of industry. We have and will continue to witness the evolution of existing threat vectors and the creation of new ones.  Regardless, this should give pause to leaders within the corporate security community who must examine the potential impacts of these threats while continuing to manage their own group’s transformative pathways  and staying relevant to their industries. As the company and business change, so then does the work of security leaders and the business of security.

Here are three issues for consideration:

Corporations as a Geopolitical Entity

Companies have been affected by politics, and history contains examples of corporate entities engaging on the geopolitical stage. Historically, the South American Chaco War (and corporate involvement) brought us the important Supreme Court case United States v. Curtiss-Wright Export Corp. that helped define the powers of the executive branch as the main conductor of foreign affairs (oyez, 2018).  More recently, corporations have felt the effects from polarizing political events, both domestic and foreign. Most notably, Facebook (FB) has come under scrutiny, being asked to defend its ability to mitigate issues involving foreign tampering as well as issues with data privacy, squarely placing it on the geopolitical stage.

Typically, companies choose to remain mostly neutral, openly preferring the calculations over profit-and-loss in lieu of issues involving power politics. But, the fourth disruption has brought us further into an interconnected world. A recent study suggests political risk is at a marked increase because of this interconnectedness.  Through the power of technology, geopolitical activities which would be seen playing out over months now move “at the speed of social media” (West, 2018).

Activities thought to drive profits now have unintended consequences that are played out in the political and social media arenas, having lasting effects on the bottom line. Often this will occur unintentionally, but the politicization of much of our discourse has added social conflict to previous untouched areas. Whether at the behest of the company or not, the enterprise is more involved by great power politics than ever . Facebook’s monetization of data is standard for the industry as social media is free for the user, but this threw the company into the issue of privacy rights in the US and beyond. A simple calculation over profits cascaded into mass controversy. Even the recent debate over gun control created this problem. Delta lost 40 million USD in tax credits in Georgia because they ended their ties with the NRA in an attempt to side with their customers.

Information Operations

Once partitioned to a shadowy world, this idea of inform-and-influence activities coupled with cyberspace actions mean both large and small state actors can harness and produce similar effects towards adversaries, both real and perceived. Whether from interference during elections via misinformation and influence activities or cyber-attacks on multi-national corporations deemed unworthy, this new state of play suggests corporations have and will be on the same battle ground traditionally reserved for state-to-state activities .  Writing for the Cipher Brief, Lieutenant Commander Robert Bebber suggests the following:

“Cyberspace is an entirely new strategic environment, one which has important distinctions from the traditional domains of land, sea, air, and space. Questions of sovereignty are ambiguous at best in cyberspace. The domain cannot be segmented into a military sphere and civilian sphere in ways that we do in traditional areas like land, sea, or air. One cannot declare a “war zone” in cyberspace for example” (Bebber, 2018).

Not just state actors, either. Disruptive groups whose causes may vary from criminal to extremism have continued to embrace technology for their own use, exposing and exploiting gaps.

And what happens if bad actors should set up parameters and then let ‘machine learning’ decide when to act, based on the environment and conditions. Jason Healy of the Atlantic Council states, “we should begin the real debate of whether and when our cyber weapons should make their own decisions about when to destroy on our behalf” (Healey, 2013).  The physical aspects of a cyber based attack could play out in real time, offering a myriad of hybrid issues for both  Chief Security Officers (CSO) and Chief Information Security Officers (CISO), alike.

Great Power Politics in the Digital Age

This virtual shadowy cold conflict (unlike its historical cousin, which played out in the real world) is far less resource intensive. With the ability to further bury one’s self within multiple layers, non-state actors and state adversaries can (and are) manifesting actions which have direct and indirect effects to a corporation. “Deterrence does not apply in a space where adversaries are conducting long-term, persistent campaigns – especially campaigns ‘operating below the threshold of military conflict…cloaked in deniability” (Bebber, 2018).

Congress attempted to help corporations in this issue with the introduction of the Hack Back bill that would allow corporations to go after hackers. However, this would privatize national security and law enforcement in a way not seen before, which might be necessary because of a lack of a “war zone.” In addition, the ability for attacks to conceal their origins and identities makes protective intelligence and counter-intelligence extremely difficult.

What’s required to manage risk in this fourth revolution, from a leader’s perspective? Security leaders need to accept the world we live in is now has moved beyond the traditional 3G (Guns, Guards and Gates) environment to encompass the 4G (Guns, Guards, Gates, and Gigabytes).

Fusion: Internal

This means more interactions within areas we would not traditionally parlay into lines of business that include (but not limited to) areas such as; cyber, legal and/or finance.

Cyber

Corporate and Risk Threat Intelligence teams have more in common than traditionally thought.  Increased discourse among all relevant parties is necessary to detect anomalous behavior.

Legal

Multinationals are subject to a host of international regulations ranging from privacy and data security to sanctions compliance.  It’s important for security leadership to understand what those are and how they could affect corporate activity in each area, including everything from business travel risk to due diligence efforts as a result of government sanctions.

Finance

The 10k risk report (or the private corporations equivalent) is a document each leader should study and promote within their own organization.  In addition to financials, it essentially states what top risks the board (or corporate leadership) is concerned with and what their particular business interests are. This helps not only give direction for a coordinated response, but also helps drive scenario-based intelligence which can both create pathways and open doors for deeper conversations at the senior leadership level.

Fusion: External

Connections with our traditional networks must continue to grow and strengthen.  As risks manifest at an increasing rate, our information sharing and response times must improve.

Public-private partnerships rooted in information sharing traditionally focus on critical infrastructure. What is required now is the same “all source” approach to identifying and notifying of threats, especially when the digital layer is added.  Having an “all defenders” approach will cast a wider net as well as reduce gap time from the 2nd and 3rd orders of effects stemming from hybrid activity.

Our relationships within this risk information sharing vehicle must mature, as the landscape does. National security threats to the government and state economy are also threatening to multi-national corporations. For example, North Korea has attempted to hack other governments in support of their interests, but they used the same technology to go after Sony for insulting their leader.

Embrace Digital Transformation

By embracing the 4th disruption and its related technologies, corporate security organizations can focus on their primary roles while reducing noise through automation and the digitization of their business processes. Director for Defense Intelligence Jack Shanahan suggests letting “the tech do the rote work, so humans can do what they do best” (Williams, 2017).

Digital transformation augments your current systems, people, and processes with a digital layer, allowing your best and brightest to focus on the core tasks of life/safety and the ancillary tasks of risk management. As Schwab states, “[B]usiness leaders and senior executives need to understand their changing environment, challenge the assumptions of their operating teams, and relentlessly and continuously innovate” (Shwab, 2016).

The 4th disruption may present challenges, but it also encourages innovation that can (and likely will) lead to greater abilities to see and defend against threats.  As leaders, our jobs are to continue to educate ourselves and embrace transformation.  Old ways may still be applicable, but we need to constantly challenge and drive ourselves (and our teams) towards approaching them with a new optic.

Our leadership must evolve, too.  Generating clarity and driving innovation is our task along with continued sharing of best practices and lessons learned to help defend and deter though dissemination.  Fortunately, many are up to the task and seek to learn from and work through the very issues noted, herein.

Works Cited
Bebber, R. (2018, April 1). The Cipher Brief. Retrieved from thecipherbrief.com: https://www.thecipherbrief.com/column/strategic-view/no-thing-cyber-deterrence-please-stop?utm_source=Join+the+Community+Subscribers&utm_campaign=1ffbf75823-EMAIL_CAMPAIGN_2018_04_02&utm_medium=email&utm_term=0_02cbee778d-1ffbf75823-122526325&mc_cid=1ffbf
Healey, J. (2013, Apr 16). Huff Post. Retrieved from Huffington Post: https://www.huffingtonpost.com/jason-healey/stuxnet-cyberwarfare_b_3091274.html
Oyez, United States v. Curtiss-Wright Export Corporation. – 299us304 (Supreme Court April 7, 2018). Retrieved from Oyez: https://www.oyez.org/cases/1900-1940/299us304
Shwab, K. (2016, Jan 14). World Economic Forum. Retrieved from weforum.org: https://www.weforum.org/agenda/2016/01/the-fourth-industrial-revolution-what-it-means-and-how-to-respond/
West, R. D. (2018, Mar). The CEO as a Geopolitical Officer. Retrieved from kpmg.com: kpmg.com/geopolitical
Williams, L. (2017, Nov 2). FCW: The Business of Federal Technology. Retrieved from FCW.com: https://fcw.com/articles/2017/11/02/shanahan-maven-usaf-ai.aspx

 

please note: comments herein are those of the author and do not necessarily represent those of any organization he is involved with.

Advertisements

Strategy and Protective Operations

Strategy. You hear this word a lot. Whether it’s managing a line of business or an operation, it feels like it is an imperative to understand and have strategy within your program. Without it though, it’s certain you risk forfeiting your activity and any long term gains you might hope to achieve with your protection efforts.

Obviously, the overarching goal is the protection of your designate(s).  So that’s our strategy, ‘nuff said, right?  Wrong.  That’s “the mission.”  Strategic thinking involves more, “Strategic thinking is a process that defines the manner in which people think about, assess, view, and create the future for themselves and others” (Ebersole, 2017).  Making longer decisions and plans require a bit more in order to support the operational mission.  With that in mind, here are a few thoughts to help you get started to set your strategy or, perhaps, evaluate your current one.

Understand the concept of risk based protection

Protection efforts and programs are started from ‘risk.’  Whether direct or indirect, it is this spark from which all stems.  However, risk is an asymmetrical beast.  It is both malleable and elusive, constantly trying to evade and undermine your actions.  To this end, you must have a process by which risk is being evaluated and qualified.

Risk.png

Develop your risk model or system (easily searched) and ensure you use it.  It should and will be important to driving your long-term plans as well as helping decision making.

 

 

 

Resource management is a center of gravity

Every program must understand, set and track resources.  This is about more than financials, too.  It spreads to areas such as people and equipment, as well.  We need to value these items, as they are vital to keeping momentum within our organizations and ensure the protective program we have in place doesn’t lag.  It’s an important factor in a program’s readiness.

Placing and tracking value will help you identify trends in resources and allow you to become more predictable in those areas.  This will help earmark and deal with those areas you can’t, too.  Like those sudden fast balls or other operational surges.

COG

Think Three Dimensionally

Risk is not a balanced problem.  As a result, neither should your  approach to managing strategy be. As the missions remains  (to protect) you should always be looking at new angles of approach to the strategic vision.  It means looking at new optics of risk, while questioning your old ones.  Charles Koch suggested in his 2007 book, The Science of Success: How Market-Based Management Built the World’s Largest Private Company, “the principal of vision to ascertain [long term] value can and should be created in any organization, at any given time” (Koch, 2007).

3d.jpg

It’s important to constantly re-examine our risks and look for opportunities vice doing the same things we have always done and, perhaps, sense any black swans circling for opportunity to swoop in and throw us off of our operational mission.

Obviously, so much more to designing and maintaining a strategy.  It should be part of your regular meter to obsessively examine and track your strategic goals.

Hopefully, these ideas validated or generated some questions for you. How have you set and manage your protective team’s strategy?

 

Works Cited

Ebersole, J. G. (2017, NOV 15). Course and Direction. Retrieved from cssp.com: http://www.cssp.com/CD0808b/CriticalStrategicThinkingSkills/

Koch, C. G. (2007). The Science of Success: How Market-Based Management Built the World’s Largest Private Company. New York: Wiley.

 

 

 

3 Thoughts towards being innovative

Innovative ~ in·no·va·tive [ˈinəˌvādiv]

Adjective (of a product, idea, etc.) featuring new methods; advanced and original: innovative designs

Innovation requires white space

When your mind is quiet, the best ideas will come to the surface. “when we quiet the mind through contemplative practices such as meditation, we eventually discover that awareness or consciousness exists beyond it.” (Jan Birchfield, 2013)

While this doesn’t necessarily mean, you have sit in a corner and contemplate your navel (although that also works) it suggests that, through common practices that allow our minds a break from the daily cacophony our subconscious to open and allow new thoughts forward.

 

6tag_070516-083302

 

Innovation requires energy

When you think of people who are innovative, lack of exuberance is generally not associated with them.  People like Richard Branson or Tony Robbins are powerhouses of eRownergy.  Going to the gym is not enough, it requires a commitment to self that includes, basically, taking care of yourself; “The corporate athlete doesn’t build a strong physical foundation by exercise alone, of course. Good sleeping and eating rituals are integral to effective energy management.” (Jim Loehr, 2001)

Energy doesn’t dissipate, it only becomes something else.  So, with this in mind, it only makes sense to produce positive energy, starting with yourself, and put it out there.

 

 

Innovation requires learning

Warren Buffet’s partner, Charlie Munger said of his partner, “If you watched Warren Buffett with a time clock, I would say half of all the time he spends is just sitting on his ass and reading. And a big chunk of the rest of the time is spent talking on the phone or personally with people he trusts.” (Wu, 2014)  It is said Buffet read over 500 pages per week and, to this end, he has credited his success to that voracious reading.WP_20141230_004 3

With today’s technology ‘reading’ can be sought via many ways.  Whether through podcasts or newspapers that have an .mp3 function to audiobooks, there is not excuse to not have a bias-to-learn attitude.

 

Works Cited
Jan Birchfield, P. (2013, Jan 29). The Huffington Post: Blog. Retrieved from huffingtonpost.com: http://www.huffingtonpost.com/jan-birchfield-phd/business-innovation_b_2563774.html
Jim Loehr, T. S. (2001, Jan). The Making of a Corporate Athlete. Harvard Business Review.
Wu, G. (2014, Oct 16). Gary Wu Personal Development. Retrieved from garywu.next: http://www.garywu.net/influential-people-importance-reading/

 

— AFTER THE CREDIT SCENE —

Innovation requires listening

True connection comes from real connections and thankfulness.  No room here for false platitudes, take time and actively listen to what’s going on around you.  Whether in meetings or at home, listen to learn

END OF THE YEAR COFFEE…A REDUX

Just over a year ago I wrote about having that Your End Of The Year Coffee With… Yourself.  Basically, my thoughts were about putting some time aside to reflect, review and renew what you have just gone through, how it aligned with your goals and what changes (if anything) over the next year you want to make.

Now’s the time

This time of year is good to mull over those thoughts and take stock in your activities.  I still believe in taking out a piece of paper and writing headlines along the top in order to help guide yourself.  Along with this, it’s also time to be disruptive to yourself.  No, I don’t mean, “wind-sprints- ‘till-you-drop.” Ask some additional questions to help pull out some constructively disruptive ideas as they could lead to both creative and innovative pathways.

“The only man who never makes mistakes is the man who never does anything.”

 Theodore Roosevelt

Disorderly for Goodness’ Sake

I’m a fan of #TimFerriss and while I don’t subscribe to everything he does, I follow most of his stuff.  Ferriss believes in taking time for self-reflection and openly thinking about ways to mix things up.  If you want some additional motivation, listen to this recent podcast from the polymath on being a better version of you.

While you are at it, brainstorm about how to mix up your own environment (work or personal) by jotting down the first ten things that come into your mind if asked, “How could I positively disrupt my pattern over the next three months?” or (as Ferriss suggests), “If I needed to accomplish [all] my goals in the next six months, what would I need to focus on?”  If you stop and think about the last bit there for a second… it’s kind of powerful and worth repeating; If you had to get it all done in six months…. what do you need to focus on, right now, to set up the win?

The Forest and the Trees

Why should someone do this?  Because looking over the master plan and ensuring you’re still on course helps you see your goals and take stock in those things you are doing right.  When reflecting upon conducting warfare President Dwight B. Eisenhower once mused, “In preparing for battle I have always found that plans are useless, but planning is indispensable.”  By planning, we make it easier to stay of course when random acts of the universe come to mix things up…and you know they will.

 

“Every time I find myself stressed out, it’s because I do things primarily driven by growth.”

Tim Ferriss

 

As for me, this year I was fortunate enough to get away and discover some white space this last week. With no electronics (except for the ever-present smart phone for emergencies) or distractions, I had a few days of reading, reflecting and note taking.  And yes, I also found some quiet time for my own cup of coffee with myself…and a friend.

jack

 

Note: Last year several people wrote back to me and shared their own thoughts after having that cup o’ joe with themselves and (more importantly) what they discovered.    Let me know how yours goes too.

Keep your head down