Technology | Geoff Snyder's Leadership and Team Collaboration Project

Archive - Technology RSS Feed

Thinking Big

October 21, 2009 in Business, Finance, Health and Wellness, Technology with 13 Comments

left brain right brain 283x300 Thinking Big I had recently chatted with a Recruitment Director for one of the nation’s largest Information Technology firms. Four months each year she visits college campuses to recruit graduating seniors for her company’s junior executive training program. The tenor of her remarks indicated she was discouraged about the attitudes of many people she talked with.

“Most days I interview between 8 and 12 college seniors, all in the upper third of their class, all at least mildly interested in coming with us. One of the main things we want to determine in the screening interview is the individual’s motivation.

We want to find out if he or she is the kind of person who can, in a few years, direct major projects, manage a branch office, or in some other way make a really substantial contribution to the company. “I must say I’m not too pleased with the personal objectives of most of those I talk with. You’d be surprised,” she went on, “how many 22-year-olds are more interested in our retirement plan than in anything else we have to offer. A second favorite question is ‘Will I move around a lot?’ Most of them seem to define the word success as synonymous with security. Can we risk turning our company over to people like that? “The thing I can’t understand is why should young people these days be so ultra-conservative, so narrow in their view of the future? Every day there are more signs of expanding opportunity. This country is making record progress in scientific and technological development. Our population is gaining rapidly. If there ever was a time to be bullish about America, it’s now.” The tendency for so many people to think small means there is much less competition than you think for a very rewarding career.

Where success is concerned, people are not measured in inches, or pounds, or college degrees, or family background; they are measure by the size of their thinking. How big do we think determines the size of our accomplishments.

Now, let’s see how we can enlarge our thinking.

Ever ask yourself, “What is my greatest weakness?” Probably the greatest human weakness is self-deprecation that is selling oneself short. Self-deprecation shows through in countless ways.

John sees a job advertisement in the paper; it’s exactly what he would like. But he does nothing about it because he thinks “I’m not good enough for that job, so why bother.” Or Jim wants a date with Joan, but he doesn’t call her because he thinks he wouldn’t rate with her. Tom feels Mr. Richards would be a very good prospect for his product, but Tom doesn’t call. He feels Mr. Richards is too big to see him. Pete is filling out a job application form. One question asks, “What beginning salary do you expect?” Pete puts down a modest figure because he feels he really isn’t worth the bigger sum that he would like to earn.

Philosophers for thousands of years have issued good advice: Know Thyself. But most people, it seems, interpret this suggestion to mean Know Only Thy Negative Self. Most self-evaluation consists of making long mental lists of one’s faults, shortcomings, inadequacies. Its well to know our inabilities, for this shows us areas in which we can improve. But if we only know our negative characteristics we’re in a mess. So, look at any challenge as an opportunity to grow and move forward.

What have you experienced yesterday that is helping you today? How is it helping others?

Recent Information Security Task

October 13, 2009 in Business, Technology with 8 Comments

TheSecurityCycle 300x297 Recent Information Security Task A client called me up the other day and asked me to come to his office. Once I arrived, he asked me to install a firewall so that his network would be secure. I asked him for his company’s security policy so I could configure the firewall. He gave me a curious look and asked, “What do I need that for?” In the years since the explosion of the Internet, this response is still the rule rather than the exception. Companies have comprehensive employee policies, sometimes filling two inch binders, but do not have information security policies. If they do, they will hand you 5 sheets of paper that cover the assets of a multimillion-dollar corporation. Just as employment policies describe the practices that employees and managers must take, security policies describe how the company wants to protect its information assets. That is an important concept to remember: Information is an asset. You might not be able to assign it a value, but your competitors might pay thousands or even millions of dollars to understand or even steal those assets.

Information security policies are high-level plans that describe the goals of the procedures. Policies are not guidelines or standards, nor are they procedures or controls. Policies describe security in general terms, not specifics. They provide the blueprints for an overall security program just as a specification defines your next product. Questions always arise when people are told that procedures are not part of policies. Procedures are implementation details. A policy is a statement of the goals to be achieved by procedures. General terms are used to describe security policies so that the policy does not get in the way of the implementation. For example, if the policy specifies a single vendor’s solution for a single sign on, it will limit the company’s ability to use an upgrade or new product. Although your policy documents might require the documentation of your implementation, these implementation notes should not be part of your policy.

Although policies do not discuss how, properly defining what is being protected assures that proper control is implemented. Policies tell you what is being protected and what restrictions should be put on those controls. Although product selection and development cycles are not discussed, policies will help guide in product selection and best practices during development. Implementing these guidelines should lead to a more secure system.

When management participates in the creation of information security policies, it demonstrates that management supports the effort, lending credibility to the entire security program. Having management support is always important. Without leadership, employees will not take policies seriously. Therefore, if you do not have the support of your upper management, your program is doomed to fail before you finish writing the policy.

First you can try to reason with them. You can point out that the systems and data have real costs. You can demonstrate how an outsider or a disgruntled insider can easily access sensitive information that could damage the company’s business functions. You can show them studies, articles, even this book. But if this doesn’t convince them, you might have to wait until your first disaster.

Management might say that everybody is responsible for his or her own security. That might work in the short term, but it prevents the company from working with itself. If one department uses one standard and another department uses another standard, interoperability could be a problem. Policies ensure that the company uses the same standards in every security instance. This consistency makes it easier for the company to integrate, interact with customers, and maintain a sense of security throughout the system.

Finally, an information security policy will help avoid liability. We live in a litigious society. If you try to enforce rules that are not expressly written, you will be sued. If you fire an employee for security violations that have never been written, presented to the employee, or previously enforced, that employee also can sue your company. I know it sounds harsh, but the reality can be devastating when the subpoena arrives.