Cyber Talk: Be The Change That You Seek.
Cyber Challenge 3: Speaking of Cyber….
Speaking clearly can drive a culture of openness and trust, leading to smoother delivery.
We all need to communicate Cyber topics effectively, consistently, and clearly. When we engage with our employers and stakeholders, we should be avoiding buzz-words, techno-jargon, and ‘Cyber-geddon’ phrases. Complex issues should be presented in an understandable format to business colleagues without ‘dumbing-down’ so far that the fidelity of the issue is lost in a simple choice between ‘bad thing’ and ‘big stick’ which precludes the decision maker from making an informed decision. When they don’t understand well enough to make an informed decision the adviser is often landed with most of the responsibility or blame.
Getting the balance right will make the difference between action and reaction-fatigue for business leaders and of course we need to consider how our role fits into business (more on this in an upcoming article called “Cyber Challenge 4: The Cybercratic Oath”)
Never Say the “B-Word”, say “Incident”
Using the right language can prevent significant business cost or liability.
I have a rule: Don’t say the “B-Word” (B-r-e-a-c-h) either in emails or in business conversation unless learned Security Operations colleagues have formally confirmed. I also avoid, where I can, using the “A-Word” (A-t-t-a-c-k). Instead I prefer to use the “I-Word” Incident. By not writing or saying the “A-word”, or “B-Word” and letting expert colleagues formally confirm, we avoid creating a chain of events that leads to a conversation with the ICO before we have all the facts. I would venture that if you are not working in Security Operations then you likely will rarely if ever need to use the “B-Word”.
Minding your language will not only save time but will also help others to use the right terms and avoid mutual misunderstanding.
What’s the real risk here?
Straight talk about risk can help business leaders to make the hard financial choices.
‘We’re rolling out a smartphone app live trial pilot ahead of our competitors to 1,000 preview customers and the app isn’t quite finished, but we must get it out there first! [a real example]
”Smartphone App Gets Hacked”?“who, why, what, how much and when”:
A criminal attacks the smartphone app for financial gain resulting in initial financial fraud loss (max 1,000 x £20 £20k) and secondary reputational brand damage (£100k min) estimated at once in 2 years.?
Explaining a risk clearly will keep deliveries aligned with the actual business needs and a shift to the value at risk in thinking will help with prioritisation smoothing business flow.
Phil Huggins writes that further clarification for decision makers can be provided by adding exacerbating factors (made worse if) and mitigating factors (reduces impact and/or likelihood if). A link to Phil's site is below and to his earlier work on risk.
Speak Clearly
Speaking clearly helps avoid unneeded business friction.
In the last 10 years, I have been privileged to work for some household name brands, with some highly motivated and talented individuals. Almost invariably, commonly understood vocabulary is key to ensuring we all play our part. Being able to define boundaries and expectations in plain language is key to improving delivery flow (Heijunka 漢字):
Boundaries (who does what): Plain language statements to drive terms of engagement help. “Programme managers drive the pound signs and dates, solution architects define the how the products fit together, Second-Line keep us aligned to the rules”. Where we can make boundaries clear the resulting business friction is reduced (mura 斑, muri 無理).
Expectations (what we want and how it is measured): Plain language definitions of the outcomes you are seeking underpinned by a clear explanation of how you will measure the outcome help to focus delivery resources. Where we can define the capability and how it will be measured or assessed business delivery flow is improved (muda 無駄).
领英推荐
Escalations (when and where to escalate): Plain language, clear scenarios can drive better management engagement. “Engage the COO when there is an enterprise wide impact and multiple business divisions are involved”. Where we can define when we escalate and how, escalations become more effective and flow stopping (jidoka 自働化) events are fewer.
By speaking clearly, describing who does what, how it is measured and when we need to stop are three founding principles I have appropriated from Lean Production approaches.
Adding the Rosetta
Always make sure you explain your terms and abbreviations.
I have made it policy to ask in any meeting for an explanation of all abbreviations and to note those down for my teams in a shared location so that if they see an abbreviation that they can know (hopefully) what it means in that context. The stock phrase that I use whenever I use a new term or abbreviation is “which means” or “which means that” – I call this “adding the Rosetta”.
We create too many acronyms and backronyms, adding the Rosetta ensures that business friction through misunderstanding is minimised.
One final word
My late boss, Paul Jobbins, used to say: “plain speaking can be hard, but saves time in the long run”. I believe that good leaders are good with other people’s time and so I believe in plain speaking even if (and especially when) the news is not that palatable.
Want to read more? Here are a few links that may be of interest to you:
Here are some links to my other articles about #PeopleCentredCyber:
and...
4.Coming soon…Cyber Challenge 4 : Doing The Right Thing – The Cybercratic Oath -?Be The Change That You Seek
5.Coming soon:...Cyber Challenge 5 : Team Creation-Build The Team You Need - Be The Change That You Seek
Communicating risk well, see the collected works of Phil Huggins https://www.dhirubhai.net/in/huggins/ and especially this link: https://blog.blackswansecurity.com/2018/02/writing-a-good-risk-statement/ and also the work of Jack Jones https://www.dhirubhai.net/in/jonesj26/ here: https://www.fairinstitute.org/
Lean flow in cyber and IT, why not take a time out to read The Phoenix Project: A Novel about I T, Devops, and Helping Your Business Win and if you’d like to know more about Heijunka you can find out more from Toyota here: Muda, Muri, Mura – Toyota Production System guide
Talks About - Business Transformation, Organisational Change, Business Efficiency, Sales, Scalability & Growth
1 年I do like what you're sharing here Leon, it's good of you ??