Making it safe to speak up

Making it safe to speak up

This week in DuhaOne: SVB’s miss, keeping onboarding fresh, make safety to spot danger, and tackling inclusion.

Leadership Moment: Silicon Valley Bank

The postmortems have already begun for the SVB failure, the second-largest in US history. This line inside CNN’s summary leapt out at me:

Several experts who spoke to CNN said it’s likely that people within SVB knew about the risks but let them slide.

I want to be cautious about hearsay and supposition – and this is both – but I wonder if “let them slide” might be rephrased as “saw no clear way to challenge the risk decisions of the company.” History is littered with failures where staff spotted a problem, and the combination of executive incentives and entrenched bureaucracy made the knowledgeable staff feel helpless. Maybe the SVB failure can be eye-opening to other leaders to think about how to put in place processes that will enable escalations of truly toxic risks.

One Minute Pro Tip: Self-Updating Onboarding

You have an onboarding guide for new hires, right? Well, if you don’t, you should. Saving the time and energy of your new employees so they don’t have to hunt down the answers to basic questions they don’t even know yet is one of your key jobs in the workplace. But the most important instruction in an onboarding guide is one that is often left out, but should be the first step:

1. Update this guide.

The person who is using the guide is the one most likely to discover its deficiencies. At the same time, they’re the person who often feels least empowered to edit it. Until they understand the nuances of your workplace, they’ll likely constrain their critique … and problems in your onboarding guide will hit your next new-hire. So explicitly tell new staff to update the guide.

Chapter 39 Teaser: Create safety to let people warn you of danger.

It’s really rare that a crisis or incident completely surprises everyone in the organization. You’ll usually find multiple folks – often junior technical staff – who, away from their managers, comment that they are unsurprised. Likely they didn’t foresee this exact incident at this exact moment, but they saw the hazards that led to it. Maybe they expected something worse, maybe something better, but, either way, they saw something coming.

At the same time, executives are looking at each other asking, “How did we not see this coming? Why weren’t we on the lookout for this?” The disconnect between these two groups is a chasm that seems uncrossable. Most of those executives don’t remember that, at some point, one or more of those junior technical staff have pointed out risks and hazards, and been summarily shut down (I recall a product review where I noted that we hadn’t even done a risk assessment because the product team hadn’t shared anything with us, and a vice president said, “Are you going to stop what could be a billion dollar product over that?” (hint: the product ultimately failed on the market)).

The challenge is that executives are very decision-oriented. Any conversation is seen as an input to a yes/no decision, and risk conversations are a little more nebulous. Someone pointing out an unmanaged risk is perceived as trying to force a decision to stop, so they get run over very quickly. As a leader, you need to create space for staff to raise risks, so you can understand what risks you’re taking. If you’re not comfortable with those risks, then you might decide to implement some compensating controls to offset the risk. But don’t make it the responsibility of your team to solve all possible problems for you … or you’ll be blindsided more and more often.

Appearances

March 25, talk: How to CISO in the Cloud, CSA Cloud Threats and Vulnerabilities Summit.

March 30, webinar, host: Master Cloud Cost Optimization.

March 30, virtual roundtable, principal: with TechExecs.

April 11, webinar, host: Creating a Cloud Security Strategy.

April 18, 1% Leadership is released!

April 19, webinar chat: Writing your Cloud Opus: A Deep Dive into Orchestrating your Cloud Security Remediation

At RSAC:

April 24: 10:50 am, Telling Fairy Tales to Your Board

April 24: noon, RSAC bookstore, signing books

April 24: 5-7 pm, Welcome Reception, Orca Booth 527, book giveaway & signing

April 25: 7-9 pm, Orca Security Cocktail Reception, Terra Gallery

April 26: 6-9 pm, YL Ventures & Portfolio Companies Reception, Novela

May 7-12: Tel Aviv

May 16: panel moderator, Cloud Security Live

Behind the paywall on substack: 1% Coach: Inclusion

要查看或添加评论,请登录

Andy Ellis的更多文章

  • Leadership's Trolley Problem: Choices and Consequences

    Leadership's Trolley Problem: Choices and Consequences

    Balancing Accountability and Compassion in Moments of Crisis. This newsletter first appeared on the Duha One substack.

    4 条评论
  • Leaping from one horse to another

    Leaping from one horse to another

    Although it’d be relevant today to talk about national leaders, perhaps we can learn lessons from slightly smaller…

  • Cross-Pollination

    Cross-Pollination

    Taking lessons from one environment to another can be dangerous..

    1 条评论
  • An Inclusion Armistice

    An Inclusion Armistice

    How do we celebrate diverse perspectives without needing to denigrate one? This newsletter first appeared on the…

    4 条评论
  • Electing to Practice the Future

    Electing to Practice the Future

    It's easy to just respond in the moment — but think about how your choices might affect the future. This post first…

    3 条评论
  • Speak First, Even If You Carry A Big Stick

    Speak First, Even If You Carry A Big Stick

    The earlier your words come into play, the more you can shape the encounter. This post first appeared in the Duha One…

    2 条评论
  • Managing the End of The Year

    Managing the End of The Year

    The end of the year feels like a crisis, with too much happening in constrained time. Don't add micromanagement hassles…

    3 条评论
  • Including

    Including

    We always need to include even those that we've dismissed as not needing it. This newsletter first appeared on the Duha…

    5 条评论
  • The Perversity of Incentives

    The Perversity of Incentives

    How do you make sure you aren't creating adversaries out of your stakeholders with bad policies? This newsletter first…

    2 条评论
  • Get out of your team's way

    Get out of your team's way

    Great leaders put their team in place to succeed ..

    3 条评论

社区洞察

其他会员也浏览了