ThorntonMay
“A New Joining of Hands”
Security Summit: Challenges to our Future State of Readiness12 August 2009
1
Part 1
I am part of…
A Time-Boxed, Multi-ActExecutive Learning Experience…
My role is to…
Set the Stage for the messages that follow…
Before We go too far…Why Are Humans at the Top of the Food Chain?
If We Did a S.W.O.T. Analysis On Humans…
Our eyesight is limited - we possess no ability to see the ultraviolet light that guides
butterflies.
No night vision that aids owls and ocelots.
We can’t see as far as eagles.
We have none of the echolocation by which bats and whales hunt and orient.
We are olfactory idiots, having a very primitive sense of smell.
We can’t run as fast as the antelope, swim as well as the dolphin, nor possess the strength
of the lion.
So how come we aren’t lunch?
The trait which separates us from the lower orders…
the thing that generates our inter-species competitive advantage…
the behavior that places us at the top of the food chain
is the ability to work with others.
Species-to-Species S.W.O.T. Analysis
How we ‘Collaborate’ is important
200
20
2
Macro Changes I have been on a massive ‘walk-about’
More to Know
More Ways to Know
Increased ExpectationsThat You Will Do Something
Efficacious With What You Know
Macro Change
Key Actors & High Performance Enterprises
Have become adept at Collaborative
‘knowing’
Wisdom of Crowds
Collaboration Matters!
“If people knew how to collaborate well,
the world would simply work better.”Morten T. Hansen
“Good collaboration amplifies strength,
but poor collaboration is worse than
no collaboration at all.”Jim Collins
In your group:
Please Come Up With
Two Examples Where ‘good’ collaborationmade the enterprise more secure;
And two examples where ‘bad’ collaborationmade the organization less secure
Collaboration/SecurityStory Telling
QuickWarm UpExercise
Report Backs
Collaboration is increasing on the enterprise radar screen…
…is almost universallyperceived as
a key ingredient of success in just about
every field of endeavor
What were your major take-awaysfrom Ken’s comments last night?
The Value of Collaboration
Adapt the learnings of others to your particular circumstance
What were your major take-awaysfrom Ken’s comments last night?
The Value of Collaboration
We are at an inflection point
Changes in Threat Landscape
Transitioning from ‘Inhibitor’ to ‘Enabler”
“Automation”
New model Managed Infrastructure, Information-centric, Risk Based and Policy-Driven
Reputation-based security
Solution Gallery “Jump Ball”#1
16
Is the practice of security in your enterprise at an inflection point?
If so, what are you transitioning from?
What are you transitioning to?
Solution Gallery “Jump Ball”#2
17
What have you done to ‘automate’
the practice of securityin your enterprise?
Automation?
Coming Back to Socrates
20
Socratic Principle #1: “The unexamined life is not worth living”
Socratic Principle #2: “Wisdom begins by knowing that you don’t know”
Socratic Principle #3: “Skill is teachable and learnable”
Socratic Principle #4: “No One Does Evil Willingly”
Coming Back to Socrates
21
Socratic Principle #1: “The unexamined life is not worth living”
Please describe how your enterprise ‘examines’ [i.e., audits/monitors security]
Coming Back to Socrates
22
Socratic Principle #2: “Wisdom begins by knowing that you don’t know”
What don’t you know?
In early 2003, Howard Stringer, head of U.S. operations
for Japanese electronics giant Sony, was plotting to respond to
Apple’s amazing success with the iPod…
Sony did not want to let Apple take over the market.
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009].
Sony as Collaborator
It was after all, a market Sony should own. It had invented the idea of carrying music around on people’s heads
with the iconoclastic Walkman, which was introduced in 1979 and had sold nearly 200 million units by the time the iPod became the new kid on the block.
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009].
Sony as Collaborator
It was after all, a market Sony should own. It had invented the idea of carrying music around on people’s heads
with the iconoclastic Walkman, which was introduced in 1979 and had sold nearly 200 million units by the time the iPod became the new kid on
the block.
Stringer was the right man to lead the charge. A jovial, Oxford-educated Englishman
in a six-foot-three-inch frame, he had been brought into Sony in 1997
to help forge unity among its headstrong and independent music, film, and electronics divisions
in the United States. Stringer had had a long career in media –
as a journalist, head of CBS news, and president of CBS –
and was an experienced executive who understood media and could cultivate
collaboration in Sony.
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009].
Sony as Collaborator
By 2003 Sony was a formidable company.
With annual sales of $62 billion, it was ten times as large as Apple,
which had $6.2 billion in sales.
Sony was much better placed than Apple to launch portable music players
and an online music store.
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009].
Sony as Collaborator
Sony had the Walkman division [and so could develop its own hard-disk music player],
the VAIO personal computer line [and so it knew computers],
Sony Music [and so it knew a thing or two about music],
and Sony Electronics [and so it had a range of devices and batteries]. Ironically, it supplied the batteries for the iPod.
Sony was also well known for sleek design.
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009].
Sony as Collaborator
October 23, 2001 – that day Steve Jobs, introduced the iPod to the world:
“This amazing little device holds a thousand songs, and it goes right in my pocket.
The 200 invited guests, many of them journalists,
had no idea that Apple was introducing a portable music player that day.
[The coy invitation letter read,“Hint: It’s not a Mac.”]
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009], 5-6.
Appleas Collaborator
It was a great comeback moment for Jobs, who had cofounded Apple in 1976 at age 21, was fired by CEO John Sculley in 1985,
and then resurfaced as interim chief executive in 1997 when Apple had sunk close to bankruptcy.
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009], 5-6.
Appleas Collaborator
The iPod was not the first portable music player using a hard drive to hit the market
[the Rio, a portable music player holding about 100 songs, appeared in 1998]. But the iPod was easy to use, looked cool, and worked with Apple’s iTunes
software to allow users to manage music on their computers.
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009], 5-6.
Appleas Collaborator
As people started looking under the hood, they soon realized that the iPod
wasn’t a marvelous technological revolution but rather
a shrewd combination of many existing pieces.
“This was a highly leveraged product from the technologies we already had in place.”
Jon Rubinstein, Apple’s senior vice president of hardware.
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009], 7.
Appleas Collaborator
The hard disk holding the songs was a tiny 1.8-inch drive from Toshiba;
the minute battery was from Sony;
the hardware blueprint was provided by a small Silicon Valley company called PortalPlayer;
the digital-to-analog converter came from Wolfson Microelectronics;
the FireWire interface controller was shipped by Texas Instruments;
and some of the software came from Pixo.”
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009], 7.
Appleas Collaborator
Inside Apple, a hardware team lead by Tony Fadell and reporting to Rubinstein had crafted the architecture of the dwelling that housed these technologies.
According to The Perfect Thing, Steven Levy’s book on the iPod, the team had had to integrate all the pieces from outside Apple
and work across several units inside the company.
This included Rubinstein’s hardware division, Jeff Robbin’s iTunes division,
and Apple’s vaunted industrial design unit, headed by design wizard Jonathan Ive [dubbed the ‘Armani of Apple”].
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009], 7.
Appleas Collaborator
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009], 7.
Appleas Collaborator
Inside Apple resolving complicated issues required many interactions
between the hardware and software teams.
Robbins described this complexity:
“We had to figure out how iTunes was going to sync the content onto the ‘pod, how the ‘pod was going to access that
information,how we could do a database on the device
that was just incredibly simple to use.”
Tony Fadell had started the projectin February 2001, and the product was readyby October 2001, just before the Christmas season.
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009], 7.
Appleas Collaborator
Meanwhile, at Sony, Stringer was busy trying to connect the parts…
The problem was that a critical piece was missing from Stringer’s plan: a culture of collaboration among Sony’s various divisions.
“Sony has long thrived on a hyper-competitive culture, where engineers were encouraged to outdo each other, not work together,”
observed Wall Street Journal reporter Phred Dvorak.
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009], 8.
Sonyas Collaborator
Hyper‐CompetitiveCulture
In the past, Sony’s competitive culture had worked wonderfully, allowing entrepreneurial groups to work largely by themselves
to develop hit products like the Walkman and the Playstation video game player.
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009], 8.
Sonyas Collaborator
Hyper‐CompetitiveCulture
But Connect was not a stand-alone product. It required collaboration among five Sony divisions: the personal computer group based in Tokyo; the portable audio team responsible for the Walkman; another team responsible for the flash memory players; Sony Music in the United States; and Sony Music in Japan.
It was a new ball game, and Sony’s organization was not up to it.
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009], 8.
Sonyas Collaborator
Hyper‐CompetitiveCulture
For starters, each division had its own idea about what to do. The PC and Walkman groups introduced their own competing music players, and three
other groups – Sony Music in Japan, Sony Music in the United States, and Sony Electronics in the United States – had their own music portals or download services.
Stringer, who had no authority over Japanese operations, complained, to no avail, that the Connect software being developed in Japan was hard to use.
Whereas the U.S. team wanted a hard disk for the music player [as in the iPod], the Japanese team went with the arcane MiniDisc.
And whereas the U.S. group pushed for using the MP3 format – the defacto U.S. standard – the Japanese PC division chose a proprietary standard called ATRAC.
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009], 8.
Sonyas Collaborator
The Sony Silos
Complained Stringer,
“it’s impossible to communicate with everybody when you have that many silos.”
It was a mess.
Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009], 8.
Sonyas Collaborator
The Sony Silos
When Connect finally debuted in May 2004, the mess turned into a market disaster. The influential Walt Mossberg of the Wall Street Journal panned the product in a review:
“The Walkman’s biggest weakness is its lousy user interface, which is dense and confusing. The SonicStage 2 software and the Connect music store are also badly
designed. This is because, for all its historic brilliance in designing hardware, Sony stinks at software…Until Sony fixes the multitude of sins in this product, steer clear of it.”
Walt Mossberg, “The Mossberg Solution: Sony’s iPod Killer – New Digital Walkman Offers Longer Battery Life, but Apple’s Player Still Rules,” Wall Street Journal [28 July 2004].
Sonyas Collaborator
The Sony Silos
Homo sapiens sapiens is the only animal that engages in
elaborate task-sharing –
the division of labor between genetically
unrelated members of the same species.
It is a phenomenon as remarkable and uniquely human as language itself.
Re-thinking the “Collaboration Thing”
The intersection of…
Collaboration Security
Culture
Do you currently measurecollaboration/”collaborativeness”
in your organization?
Should you?
Quick Level Set
As Harvard economist John Kenneth Galbraith
rightly observed,
“Measurement motivates.”
We need to put in place some motivational IA metrics.
Re-branding Information Security
Do you currently manage culturein your organization?
How do you do that?
Quick Level Set
May 29, 2009 was a hinge of history, a turning point in technology trajectory. This was the day President Barack Obama unambiguously
declared cyber-security a national security priority.
We meet today at a transformational moment -- a moment in history when our interconnected world presents us, at once, with great promise but also great peril.
…it's now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation….[The] status quo is no longer acceptable -- not when there's so much at stake. We can and we must do better….cyberspace is real. And so are the risks
that come with it.
From now on, our digital infrastructure -- the networks and computers we depend on every day -- will be treated as they should be: as a strategic national asset. Protecting this
infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient.
“Text: Obama’s Remarks on Cyber-Security,” New York Times [29 May 2009]. http://www.nytimes.com/2009/05/29/us/politics/29obama.text.html
[See Appendix “Text of Obama Speech on Cyber-Security”]
Do you currently measuresecurity
in your organization?
How?
Quick Level Set
Behavior ChangeMost organizations have an information assurance problem.
The problem is not one of commission – no one is doing anything wrong.
The problem is not one of omission.
The problem is perceptual.
Information assurance [IA] is, in many instances is perceivedas getting in the way of key value producing activities,
of adding unnecessary red tape, of being a non-value-added hassle, of causing work place misery.
Quick Level Set
IA as it is currently practiced at many enterprises todayis perceived as embodying all three elements of a miserable job:
ANONYMITY – IA tasks make the staff feel unknown and invisible.“When people feel subjected to arbitrary unintelligible actions… they feel anxious,
frustrated and, finally, angry.
IRRELEVANCE - IA tasks are perceived as negatively effecting the impact employees have on the lives of others, and reduces their ability to do their best work.
IMMEASUREMENT - IA tasks fail to provide a clear means of assessing progress or success toward a goal.
IA and risk management needs to be re-branded
Patrick Lencioni, The Three Signs of a Miserable Job, [NY: Jossey-Bass, 2007].
Do you agree with the following statements:
IA as it is currently practiced at many enterprises todayis perceived as embodying all three elements of a miserable job:
ANONYMITY – IA tasks make the staff feel unknown and invisible.“When people feel subjected to arbitrary unintelligible actions… they feel anxious,
frustrated and, finally, angry.
IRRELEVANCE - IA tasks are perceived as negatively effecting the impact employees have on the lives of others, and reduces their ability to do their best work.
IMMEASUREMENT - IA tasks fail to provide a clear means of assessing progress or success toward a goal.
IA and risk management needs to be re-branded
Re-branding Information Security
Re-branding Information Security
Loyalty beyond reason
Re-branding Information Security
Read this book:
The intersection of…
Collaboration Security
Culture