Better Late, than Never

This morning, as I was thinking about what I might post about today, and even contemplating skipping a day - it occurred to me - I didn't get my weekly newsletter out last Sunday!

So, here it is, a few days later, but filled with all the same looking back content you didn't realize you missed.

One of the great things about conversations with a broad community is you get to have your current way of thinking challenged. It gives you a chance to decide if you're basing your thinking on solid ground, or something which needs to be reviewed in light of better information. Being here on LinkedIn, sharing so many thoughts over the last two years, I've learned a ton!

In the realm of cybersecurity, one great example is how to combat the threat phishing, social engineering, and the like pose on an organization. I was revising a policy recently, and stumbled upon this opening line:

The weakest link in cybersecurity defense is people.

It's almost certain I wrote it myself a few years ago. And today, I realize just how wrong this line is. This is a blame-focused statement. It says, "I, the policy writer, am doing everything I can, so don't blame me if someone gets phished, blame them!"

Which, we all should accept as a terrible position to take as a leader. It's also a terrible position to take to make your organization safer. If you're forming policy around the opinion that people are your weak link, you're never going to win. Instead of blame-centric thinking, switch the mindset to strength-building. How can we always be getting better?

Change the line to:

To build a strong security program, training is essential.

People don't get better when you accuse them of being bad. People get better when you give them the resources, opportunity, and motivation to do so. If you're a cybersecurity leader, your mission is to create a culture of security within your organization. You need everyone in the organization to be on your team. And this comes from training, awareness, and outreach.

This has been my approach over the last few years, so it was a bit of a shock to stumble upon the old phrase in the old policy. But it was an easy fix, and a critical one. Policies are part of the voice of the organization and the language they use matters.

If your policies have outdated theories, I encourage you to review and update them as part of your regular review. Keep them reflective of what you want to accomplish for your organization and be a statement of the type of leader you are trying to be.

What's your take on shifting from a blame-centric to a strength-building mindset?

Upcoming Event

What: December Cybersecurity Coffee Chat

When: Friday, December 15th, 9:30 AM EST (New Time!)

Where: LinkedIn Audio Event

Click here to register!

Week In Review

This past week has been filled with a lot of great conversations and insights from all of you! Check out what we've been talking about here:

• Long nights in IT - what's your longest?
• Blank Page Syndrome - how do you overcome it?
• Printing Moving 3d Parts
• Professional Interviewing - what's your take?
• Call you emergency CTO!
• Pineapple on Pizza
• Brand Partnership - is a post sponsorship a good idea?

Looking forward to hearing your thoughts!

Job Seeker Spotlight!

It's coming back through my You Just Found ME?? job seeker support brand!

I'm going to be doing a series of focused job seeker posts highlighting individual job seekers. For group spotlights, I accept any human looking for work. For the individual ones, there are a few restrictions. Check out my post on Saturday for details:

You Just Found ME?? Jobseeker Spotlight

In Conclusion

Thanks for reading my "better late than never" edition of my weekly "week in review"! I appreciate everyone who reads, comments, and shares my effort, and all of the conversations in the comments, in private messages, or in the real world. As I mentioned in the beginning of this week's post, it's one of the ways I've learned these past years. It's great to be part of the community.

If you've read this far, throw the word "keyboard" in the comments. I still have some free things to offer you, if you're interested!

I hope this week is unfolding to be all you want it to be!

If you want to keep up with everything I’m posting, click here and also the bell (??) to be notified when I post!

Follow You Just Found ME?? to help support job seekers!

Subscribe to my Substack here: https://ebspoke.substack.com/

I'm on Medium as well - find me here.

Check out #EBSpoke for more of my recent posts here...

About Erik

Erik Boemanns is a technology executive and lawyer. His background covers many aspects of technology, from infrastructure to software development. He combines this with a "second career" as a lawyer into a world of cybersecurity, governance, risk, compliance, and privacy (GRC-P). His time in a variety of companies, industries, and careers brings a unique perspective on leadership, helping, technology problem solving and implementing compliance.