If you ran your company like an NFL team…
It’s the midpoint of the NFL football season, and thus, for the next few months, American media will be saturated with examples of leadership successes and failures from within the football world … and corporate leaders will try to draw from these lessons to improve their own leadership style. Sometimes this is really useful. But not always. The NFL environment is nothing like corporate America, so some of the lessons might not apply (or might be harmful). Let’s take a gander at what practices you might adopt if you wanted to be more like your favorite NFL team:
-
Every year, you’re going to hire an extra person for every frontline role in your business. Two months later, you’re going to fire half of them.
-
You’re going to judge your organization based on 17 hours of performance every year. If your org is really good, you might get up to 21 hours.
-
You need to plan on having 10-20% of your team unable to perform, or performing at a reduced capacity, due to injuries at any given point.
-
You can’t just hire folks away from your competition. But you can trade for them!
And that’s just on the front-line side. How about your management team?
-
After a bad year, expect to see senior management get wiped out. The owner will fire the CEO (General Manager) every few years, and to keep their job longer, the CEO is going to fire the COO (Head Coach) or CHRO (Head of Personnel) whenever the owner’s temperature gets a little too heated.
-
Every week, you have to talk to the press. “Keep your head down” isn’t advice you get to follow. And it’s not just the C-level execs talking to the press; reporters have access to all of your front-line employees.
The NFL is an extreme environment, and the people who work inside it are forced to be extremophiles: beings that thrive in that extreme environment. The advice that works for them may not be relevant in a different environment.
Understanding the CISO
A really neat study came out last year: Inexpert Supervision: Field Evidence on Boards’ Oversight of Cybersecurity. I missed it when it came out, but it’s a useful survey of how CISOs, C-suites, and boards interact. The most telling observation, to me, was that “uncertainty tends to be greater when boards lack cybersecurity expertise,” which, while not surprising in hindsight, is probably a blind spot that many boards have today when they lack that expertise.
Understanding Risk
Volume 2 of How to CISO: Risk is now out! In this tight 28-page ebook, I talk about the language of risk, as well as cover a lot of ways people try to measure and compare risk. If you’re interested in leveling up your game around risk and decision-making, check it out!
Collaborative Writing vs Competitive Editing
I’ve recently worked on three different documents with three very different groups, and the difference in styles—necessitated by the different needs of the groups—has been staggering.
One document was a mission statement. The entire group was already mission-aligned, but didn’t have the right (or even the same) way to express it. Writing was strongly collaborative, inside a shared document, with one main editor. After every conversation, the editor cleaned up everyone’s contributions, writing separate notes explaining the key differences from one version to another (often checkpointing versions for quick readability for folks not familiar with Google Doc’s version control tools). Key disagreements were aired, placeholder wording established, and negotiated over time to an agreeable result. After about a dozen meetings over half a year, and everyone was bought in—and happy with every word in the final result.
The second document was a contract. The participants were aligned on “get a contract in place,” but had very divergent goals. Instead of a shared document in one place, edits in distinct Word documents were mailed back and forth. Each party had unstated objectives, which they’d only bring up if there were key edits at hand, so sometimes long-settled wording would come up much later. The language of the contract wasn’t a mutual understanding for the parties; it was a weaponized pact to govern what would happen if everything went badly in the future. After rounds of edits—each one argued over by every party—everyone was tired. The group was willing to tolerate the end result, especially when it seemed like the other sides hadn’t caught the few landmines that had snuck their way in.
The third was a (supposedly simple) operations guide. A team of aligned people wanted to document what they actually did, and keep track of their ideas of how to do better. Most of the team approached it like the first group: aligned on the goal, willing to have frank conversations, and happy to have a main editor do the heavy lifting to keep progress rolling. A minority approached it competitively: no edits could be approved without complete agreement, even on interim drafts. The stress of the minority’s style on the majority was palpable, as arguments returned back to the same points over and over, making progress difficult and challenging. Minor points turned into treatises, while the large, as-yet-unwritten, sections of the guide languished, energy focused not on creation, but on the adversarial process.
The challenge of the third situation wasn’t that some of the people were adversarial: that’s a fine, even correct, approach if you only get one shot at your document, and it’s binding. The challenge was that the adversarial approach didn’t match the rest of the team’s collaborative style, nor was it appropriate for this stage of the process.
Make sure you know how your team needs to work together, so you aren’t the one tearing them apart.