J Wolfgang Goerlich's thoughts on Information Security
Friday Books and Talks 04/24

By wolfgang. 24 April 2015 10:06

Best Practices Are Stupid 
by Stephen M. Shapiro

What if almost everything you know about creating a culture of innovation is wrong? What if the way you are measuring innovation is choking it? What if your market research is asking all of the wrong questions? It's time to innovate the way you innovate.

Hire people you don't like. Bring in the right mix of people to unleash your team's full potential. Asking for ideas is a bad idea. Define challenges more clearly. If you ask better questions, you will get better answers. Don't think outside the box; find a better box. Instead of giving your employees a blank slate, provide them with well-defined parameters that will increase their creative output. Failure is always an option. Looking at innovation as a series of experiments allows you to redefine failure and learn from your results.

Nonstop innovation is attainable and vital to building a high-performing team, improving the bottom line, and staying ahead of the pack.


Flash Foresight: How to See the Invisible and Do the Impossible
by Daniel Burrus, John David Mann

Flash Foresight offers seven radical principles you need to transform your business today. From internationally renowned technology forecaster Daniel Burrus—a leading consultant to Google, Proctor & Gamble, IBM, and many other Fortune 500 firms—with John David Mann, co-author of the Wall Street Journal bestseller The Go-Giver, comes this systematic, easy-to-implement method for identifying new business opportunities and solving difficult problems in the twenty-first century marketplace.


How I use sonar to navigate the world
By Daniel Kish

Daniel Kish has been blind since he was 13 months old, but has learned to “see” using a form of echolocation. He clicks his tongue and sends out flashes of sound that bounce off surfaces in the environment and return to him, helping him to construct an understanding of the space around him. In a rousing talk, Kish demonstrates how this works and asks us to let go of our fear of the “dark unknown.”



Friday Books and Talks 04/17/2014

By wolfgang. 17 April 2015 10:33

Give and Take: Why Helping Others Drives Our Success
by Adam M. Grant

For generations, we have focused on the individual drivers of success: passion, hard work, talent, and luck. But today, success is increasingly dependent on how we interact with others. It turns out that at work, most people operate as either takers, matchers, or givers. Whereas takers strive to get as much as possible from others and matchers aim to trade evenly, givers are the rare breed of people who contribute to others without expecting anything in return.

Using his own pioneering research as Wharton's youngest tenured professor, Adam Grant shows that these styles have a surprising impact on success. Although some givers get exploited and burn out, the rest achieve extraordinary results across a wide range of industries. Give and Take highlights what effective networking, collaboration, influence, negotiation, and leadership skills have in common. This landmark book opens up an approach to success that has the power to transform not just individuals and groups, but entire organizations and communities.


Anticipate: The Art of Leading by Looking Ahead
by Rob-Jan de Jong

Business schools, leadership gurus, and strategy guides agree - leaders must have a vision. But the sad truth is that most don't...or at least not one that compels, inspires, and energizes their people. How can something so essential be practiced so little in real life? Vision may sound like a rare quality, unattainable by all except a select few - but nothing could be further from the truth. Anyone can expand their visionary capacity. You just need to learn how. In Anticipate, strategy and leadership expert Rob-Jan de Jong explains that to develop vision you must sharpen two key skills. The first is the ability to see things early - spotting the first hints of change on the horizon. The second is the power to connect the dots - turning those clues into a gripping story about the future of your organization and industry. Packed with stories and practices, Anticipate provides proven techniques for looking ahead and exploring many plausible futures - including the author's trademarked Future Priming process, which helps distinguish signal from noise. You will discover how to: tap into your imagination and open yourself to the unconventional; become better at seeing things early; frame the big-picture view that provides direction for the future; communicate your vision in a way that engages others and provokes action. When you anticipate change before your competitors, you create enormous strategic advantage. That's what visionaries do...and now so can you.



Comfortable professionalism

By wolfgang. 17 April 2015 06:57

"I will show you some absolutely terrifying things, as we progress through today and tomorrow, and I will show you things you guys can do to make people very, very, very uncomfortable where you work."

Every time I turn on my car, John Strand’s voice says the above quote. The clip is audio from a SANS course that my car has stuck on repeat. I have heard it thousands of times now.

"Make people very, very, very uncomfortable" came to mind when watching Chris Roberts (@Sidragon1) tweet about plane hacking Wednesday night and into Thursday morning. He tweeted about messing with a plane's oxygen … while on a plane … on the day the FBI released a report on plane security hacks. 

People were indeed very uncomfortable. And the story did not end comfortably for Chris, that day.

I appreciate John’s work and the SANS courses. I enjoy Chris's work and his One World Lab research. Both are fine people, with intelligent ideas, and enjoyable presentations. But let's put hacking aside for the moment.

I wonder if car mechanics get training on how to make drivers feel very uncomfortable. I wonder if medical students have conferences celebrating making patients feel uncomfortable. I wonder the same about virtually any professional services. Perhaps I am a fortunate exception, however, every service I use is staffed with folks who do the exact opposite.

The folks I hire go out of their way to put me at ease, answer any questions, share knowledge without pretense. It is what professionals do. It fosters trust. It is the mark of customer service. It defines their role as trusted advisor for my health, my car, my home, my family.

Returning to hacking and information security, there is no need to make folks uncomfortable. The terrifying things in IT are well publicized. We know. Things are broken. Criminals are misusing technology. We have a lot of work to do. Everyone gets it. 

Let’s make the people we work with comfortable. Let’s look at absolutely practical things. Why? Because that is what professionals do. Let's get some work done.



Website update

By wolfgang. 11 April 2015 12:33

It has been a busy quarter. With some room to catch my breath this weekend, I took a moment to update my website. Recent articles and interviews are up on:



Friday Books and Talks 04/10/2014

By wolfgang. 10 April 2015 09:28

Working with Emotional Intelligence
by Daniel Goleman

Do you have what it takes to succeed in your career?

The secret of success is not what they taught you in school. What matters most is not IQ, not a business school degree, not even technical know-how or years of expertise. The single most important factor in job performance and advancement is emotional intelligence. Emotional intelligence is actually a set of skills that anyone can acquire, and in this practical guide, Daniel Goleman identifies them, explains their importance, and shows how they can be fostered.

For leaders, emotional intelligence is almost 90 percent of what sets stars apart from the mediocre. As Goleman documents, it's the essential ingredient for reaching and staying at the top in any field, even in high-tech careers. And organizations that learn to operate in emotionally intelligent ways are the companies that will remain vital and dynamic in the competitive marketplace of today—and the future.

Comprehensively researched, crisply written, and packed with fascinating case histories of triumphs, disasters, and dramatic turnarounds, Working with Emotional Intelligence may be the most important business book you'll ever read.

Drawing on unparalleled access to business leaders around the world and studies in more than 500 organizations, Goleman documents an astonishing fact: in determining star performance in every field, emotional intelligence matters twice as much as IQ or technical expertise.

Readers also discover how emotional competence can be learned. Goleman analyzes five key sets of skills and vividly shows how they determine who is hired and who is fired in the top corporations in the world. He also provides guidelines for training in the "emotionally intelligent organization," in chapters that no one, from manager to CEO, should miss. 

Working with Emotional Intelligence could prove to be the most important reference for bottom-line businesspeople in the first decades of the 21st century.


Power Listening: Mastering the Most Critical Business Skill of All
by Bernard T. Ferrari

Listening is harder than it looks- but it's the difference between business success and failure.

Nothing causes bad decisions in organizations as often as poor listening. But Bernard Ferrari, adviser to some of the nation's most influential executives, believes that such missteps can be avoided and that the skills and habits of good listening can be developed and mastered. He offers a step-by-step process that will help readers become active listeners, able to shape and focus any conversation.

Ferrari reveals how to turn a tin ear into a platinum ear. His practical insights include:

  • Good listening is hard work, not a passive activity
  • Good listening means asking questions, challenging all assumptions, and understanding the context of every interaction
  • Good listening results in a new clarity of focus, greater efficiency, and an increased likelihood of making better decisions
  • Good listening can be the difference between a long career and a short one




Friday Books and Talks 04/03/2014

By wolfgang. 3 April 2015 07:45

Extreme Productivity: Boost Your Results, Reduce Your Hours
by Robert C. Pozen

In Extreme Productivity, author Robert Pozen reveals the secrets to workplace productivity and high performance. This book is for anyone feeling overwhelmed by an existing workload — facing myriad competing demands and multiple time-sensitive projects. Offering antidotes to a calendar full of boring meetings and a backlog of e-mails, Extreme Productivity explains how to determine your highest priorities and match them with how you actually spend your time.


The Pause Principle
by Kevin Cashman

The constant barrage of information can overwhelm a person's decision-making ability. In The Pause Principle, Kevin Cashman makes the argument that today's leaders need to take the necessary time to deeply pause before acting. Leaders must make an effort to create vision, understanding, clarity and agility. Cashman describes the need to pause to grow personal leadership, develop others, and foster a culture of innovation. By following the pause practices Cashman describes, executives will learn how to step back to lead forward.



Securing The Development Lifecycle

By wolfgang. 6 March 2015 10:31

One line. Ever since the Blaster worm snaked across the Internet, the security community has known that it takes but one line of vulnerable code. Heartbleed and iOS Goto Fail made the point again last year. Both were one line mistakes. Even the Bash Shellshock vulnerability was made possible by a small number of lines of code.

To manage the risk of code-level vulnerabilities, many organizations have implemented security testing in their software development lifecycle. Such testing has touch-points in the implementation, verification, and maintenance phases. For example, an organization might ...

Read the rest at http://content.cbihome.com/blog/securing-development-lifecycle


Application Security | Security

Friday Books and Talks 02/27/2015

By wolfgang. 27 February 2015 17:19

by Douglas Conant, Mette Norgaard

A fresh, effective, and enduring way to lead—starting with your next interaction. Most leaders feel the inevitable interruptions in their jam-packed days are troublesome. But in TouchPoints, Conant and Norgaard argue that these—and every point of contact with other people—are overlooked opportunities for leaders to increase their impact and promote their organization's strategy and values. Through previously untold stories from Conant's tenure as CEO of Campbell Soup Company and Norgaard's vast consulting experience, the authors show that a leader's impact and legacy are built through hundreds, even thousands, of interactive moments in time. The good news is that anyone can develop "TouchPoint" mastery by focusing on three essential components: head, heart, and hands.

TouchPoints speaks to the theory and craft of leadership, promoting a balanced presence of rational, authentic, active, and wise leadership practices. Leadership mastery in the smallest and otherwise ordinary moments can transform aimless activity in individuals and entropy in organizations into focused energy—one magical moment at a time.


Friday Books and Talks 02/20/2015

By wolfgang. 20 February 2015 07:56

Talent is Never Enough
by John C. Maxwell 

Read the headlines, watch the highlights, or just step out your front door: Some talented people reach their full potential, while others self-destruct or remain trapped in mediocrity. What makes the difference? Maxwell, the go-to guru for business professionals across the globe, insists that the choices people make-not merely the skills they inherit-propel them onto greatness. Among other truths, successful people know that:

  • Belief lifts your talent.
  • Initiative activates your talent.
  • Focus directs your talent.
  • Preparation positions your talent.
  • Practice sharpens your talent.
  • Perseverance sustains your talent.
  • Character protects your talent.

It's what you add to your talent that makes the greatest difference. With authentic examples and time-tested wisdom, Maxwell shares thirteen attributes you need to maximize your potential and live the life of your dreams. You can have talent alone and fall short of your potential. Or you can have talent plus, and really stand out.


Low-Hanging Fruit
by Jeremy Eden, Terri Long

How can anyone, from the shop floor up to the C-suite, make their companies better? Despite years of corporate initiatives and implementing big fixes, are there really more simple and smart ways to improve productivity? In Low-Hanging Fruit, co-authors Jeremy Eden and Terri Long not only answer that question, they show how to get it. Low-Hanging Fruit is a fast-paced, fun read with 77 different ways to make a difference at your company. Eden, a former McKinsey consultant and Long, a former bank executive use many great examples from working with teams at Fortune 1000 companies helping them cut through the complexity, the politics and the waste. Low-Hanging Fruit gives you the best ideas culled from their experience such as how to deal with the "unintentional squelch" "zombie projects" and why mom was wrong about always doing your best. 

This isn't a theoretical business tome. This is an indispensable guide that should sit on every career-minded person's desk to be referenced regularly. Often contrarian, always passionate, Low-Hanging Fruit has the power to change your career and your organization. 



Action-Oriented IT Risk Management

By wolfgang. 19 February 2015 06:15

Last week at Chicago’s Camp IT, I presented on IT risk management and concluded with focusing on the intersection of risk and action. This is a CIO Centric Approach that re-prioritizes risks based on an organization’s constraints and IT capabilities. My Chicago talk led to several good discussions, and this article quickly summarizes the method and how you can apply it to your risk management program.

The advantage, for a security owner, is in immediately seeing which concerns, once mitigated, would produce the largest reduction in the organization’s overall risk. We can then produce the annual audit phonebook with a long laundry list of recommendations.

The disadvantage, for the IT owner, is in not factoring in effort. For example, suppose one risk rated 15 takes 12 months to resolve and another takes 3 months. Yet both are listed side-by-side and prioritized equally by the security owner. The trouble stems from the risk rating exercise not bubbling up quick wins and prioritized actions.

Read the rest at http://content.cbihome.com/blog/cbi-action-oriented-it-risk-management


Risk Management

    Log in