Leadership Moment: D-Day
As we observe and celebrate the 80th anniversary of D-Day this week, there’s also a solemnity: this may be the final “interesting” (numerically) anniversary in which living veterans of D-Day participate. As usual, France has rolled out the red carpet for the heroes who through themselves into harm’s way, by sea and air, to begin the liberation of the European continent from the Nazi regime.
All too often, it’s easy to simply forget the costs paid in the past to achieve what we have today. It takes massive effort — both in education and coordination — to celebrate those who have come before, and requires us to not only remember their efforts, but to contemplate the reality of what could have been.
One Minute Pro Tip: Celebrate Avoidance
A colleague used to ask why we celebrate the heroes who often (visibly) correct their own mistakes in businesses, but don’t celebrate those who just don’t make those mistakes. It’s a good, and hard, question; figuring out who isn’t making mistakes will often require a different, unpleasant leadership choice: tracking who is making mistakes, which generally leads to blame culture.
Instead, track, and celebrate, the people who prevent mistakes from becoming huge problems. When you implement a process or technical control to inhibit major incidents, observe when it works, and celebrate the work, again and again, as a way to demonstrate the value created by the team who did that work.
Appearances
Recent
May 8: You Can’t Measure Risk (RSAC talk): writeup in Decipher, LinkedIn blog
May 14: CISO Series Podcast: Our Help Desk Plaque Reads “Over 100,000 Threat Actors Served”
May 15: Tabletop Blog Post: Raiders of the Lost Datastore
May 21: CISO Series Podcast: You Can’t Leak What You Don’t Collect
May 23: Security Insights with Gunnar Peterson
Upcoming
June 5: SIM Boston CIO Roundtable: Where are the CIO/CISO roles heading?
June 18: Vulcan Cyber Risk Summit
June 24/25: Cyberweek in Tel Aviv (Sessions TBD)
September 24: HOU.SEC.CON
Sneak Peek: The Ideal CISO Job Description
Soon, I’ll be publishing the Zeroth Volume of How To CISO (You may recall Volume I, “The First 91 Days,” published with Orca Security), titled “The Idealized CISO”. It’ll be a review of all (okay, maybe just a lot) of the expectations facing a modern CISO and their team. Below is an early view at the varied components of that role. What have I missed?