J Wolfgang Goerlich's thoughts on Information Security
Friday Books and Talks 01/23/2015

By wolfgang. 23 January 2015 16:15

Drucker on Leadership
by William A. Cohen, Ph.D.

Although Peter Drucker, "The Father of Modern Management," died in 2005, his timeless teachings are studied and practiced by forward-thinking managers worldwide. His lessons and wisdom on the topic of leadership-the central element of management-are in constant demand, yet he wrote little under that actual subject heading. In Drucker on Leadership , William A. Cohen explores Drucker's lost leadership lessons-why they are missing, what they are, why they are important, and how to apply them. As Cohen explains, Drucker was ambivalent about leadership for much of his career, making it clear that leadership was not by itself "good or desirable." While Drucker struggled with the concept of leadership, he was well aware that it had a critical impact on the accomplishment of all projects and human endeavors. There is no book from Drucker specifically dedicated to leadership, but a wealth of information about leadership can be found scattered throughout his 40 books and hundreds of articles. Drucker's teachings about leadership have saved many corporations from failure and helped guide others to outstanding success. Many of the leadership concepts revealed in this book will surprise and perhaps shock Drucker's followers. For example, who would have thought that Peter Drucker taught that "leadership is a marketing job" or that "the best leadership lessons for business or any nonprofit organization come from the military"? Written for anyone who values the insights of the man whose name is synonymous with excellence in management, Drucker on Leadership offers a deeper understanding of what makes an extraordinary leader.

 

Just Listen
by Mark Goulston

The first make-or-break step in persuading anyone to do any thing is getting them to hear you out. Whether the person is a harried colleague, a stressed-out client, or an insecure spouse, things will go from bad to worse if you can't break through emotional barricades. Drawing on his experience as a psychiatrist, business consultant, and coach, and backed by the latest scientific research, author Mark Goulston shares simple but power ful techniques readers can use to really get through to people--whether they're coworkers, friends, strangers, or enemies. Getting through is a fine art but a critical one. With the help of this groundbreaking book readers will be able to turn the "impossible" and "unreachable" people in their lives into allies, devoted customers, loyal colleagues, and lifetime friends.

Sitting people down and lecturing them rarely works, because it makes them defensive and when they’re defensive, they hide things from you. Work side by side with them in a cooperative activity, however, and you’ll lower their guard and get them to open up.

Tags:

General

Friday Books and Talks 01/16/2015

By wolfgang. 16 January 2015 06:12

I am revisiting some classic books, investigating ideas about constraint management.

Critical Chain
by Eliyahu M. Goldratt

"Critical Chain," a gripping fast-paced business novel, does for Project Management what Eli Goldratt's other novels have done for Production and Marketing. Dr. Goldratt's books have transformed the thinking and actions of management throughout the world.


by Eliyahu M. Goldratt

Learn more about the powerful techniques first presented in the best-selling business novel, The Goal. In this book, Dr. Goldratt, through examples in a variety of industries, shows how to apply TOC to sales and marketing, inventory control, and production distribution. In addition, techniques in conflict resolution are introduced on both a business and personal level.

Tags:

General | Project Management

Upcoming keynote: CampIT

By wolfgang. 12 January 2015 08:56

I am keynoting the upcoming Camp IT on Enterprise Risk / Security Management

Donald E. Stephens Convention Center
5555 N River Rd
Rosemont, IL 60018

February 5, 2015
9:00am-5:00pm

Calculating Your Acceptable Level of Risk

With so many potential risks it can be difficult to determine which an enterprise can live with, which it can't, and which it can cope with when reduced to an acceptable level of risk. Determining an acceptable level of risk needs to be undertaken when there is a significant change in a business' activities within the environment. Examples are updating policies and training or improving security controls and contingency plans, the risks need constant monitoring to ensure the right balance between risk, security and profit.

In this session attendees will learn how to build a framework to define an acceptable level of risk. 

Tags:

Risk Management

Friday Books and Talks 01/09/2015

By wolfgang. 9 January 2015 07:05

Macrowikinomics
by Don Tapscott, Anthony D. Williams

In this follow up to their 2007 bestseller, Wikinomics, Don Tapscott and Anthony Willliams once again use original research to provide new examples of organizations that are successfully embracing the principles of wikinomics to change the world. Find out how in this executive book summary of Macrowikonomics.

 

Judgment on the Front Line
by Chris DeRose, Noel Tichy

Management experts Chris DeRose and Noel M. Tichy explain why frontline employees are so important and why it is crucial to involve them in decision making. Judgment on the Front Line provides a five-step process for building a frontline-focused organization and includes examples of frontline leadership in action.

  • Define a Customer-Based Vision.
  • Develop a Front Line–Focused Culture.
  • Obsess over Talent.
  • Define the Judgment Playing Field.
  • Live on the Line.


Tags:

General

Finding And Using A Mentor

By wolfgang. 3 January 2015 10:30

Forbes posted several good tips on finding and using mentors. I thought I would add my experience from the information security perspective. You can read the original article here: How To Find And Use A Mentor.

"1. Examine yourself. Evaluate your strengths and weaknesses. Make a list of goals and objectives. How will you use a mentor? To find an internship? To help you hone your presentation skills? To advise you on your career path?"

Information security is a broad field with several specialities. Often, the first step of mentoring someone is for us to decide what they even want to learn. Doing the digging and researching what areas are of interest will save time for more hands-on mentorship.

"2. Decide what you want in a mentor. What are the qualities you seek in a mentor? Try to envision the ideal person. Is it Oprah? If so, why? Figure out what characteristics you're looking for, perhaps a particular wealth of knowledge or set of skills."

Information security is a wide community with several specialists. Finding the right person to provide guidance goes along way. Look for areas where they have researched, worked, or exceled. Match their strengths to your needs.

"3. Cast a wide net. Network. Use social media like LinkedIn. Parents and their pals can prove especially useful. Don't forget professional associations and your schools' career offices."

For our field, make use of Twitter and IRC. Find the person, do your homework (osint style), and get an introduction.

"4. Be specific when you reach out. Ask for something specific, like a 20-minute meeting over coffee to learn about the person's career path, or a short desk-side meeting to ask advice about internships. Use these meetings to build rapport before you make requests for more time."

"5. Go after more than one mentor. One person may help you land an internship in your desired field; another may help you see the big picture of your unfolding career."

Rinse and repeat the above steps, filling in the gaps in your knowledge and network. 

"6. Offer something in return. Are you an expert at social networking? Offer your services and ideas generously and frequently."

With information security, it is less about sharing social networking tips and more about building on a body of research. Most of the mentors you will reach out to have an active project list, with little time to explore. By offering to do the work, you help them by progressing the idea while you help yourself by learning.

"7. Be an active protégé. Show enthusiasm for your mentor's help. Express gratitude."

Don't over do this one. I have had mentees go too far in the other direction, to the point of fawning. The ideal state is to show you are active and engaged, without overwhelming your mentor's inbox.

"8. Follow up. Even after you've landed that internship or job, don't let your communication with your mentor lapse. Keep her apprised of your progress."

It has been said that 80% of success is simply showing up. I believe this. The number one mistake I see from newcomers to the field and from people seeking mentors is that they simply do not show up. Do not have one great conversation and then let the idea go cold. Do not have a great couple weeks and then disappear. Most people do. But you are different. If you want to make it in this field, you have to show up, be steady, and see projects thru to the end.

 


Tags:

General | Team management

Exercising with Threat Models

By wolfgang. 18 October 2014 14:39

The video of my GrrCon talk is now online. If you want to see the talk in context of my year-long series, please see my post on Story-Driven Security.

Exercising with Threat Models @ GrrCon 2014

Everyone advocates for threat modeling. Few actually do it. This session aims to close that gap by demonstrating the #misec Attack Path methodology. First, we will select and analyze a security incident. Using threat modeling, we will break the incident down into the path the attacker followed through the network. Second, we will perform a table top exercise to identify the detective and preventative controls along that path. Using a controls assessment, we can determine our actual defense-in-depth for this particular attack. Finally, we will create a security exercise that tests the controls along the path. The session will conclude with a discussion of using the Attack Path for incident response exercises.

 

Tags:

Threat modeling

Friday Books and Talks 06/06/2014

By wolfgang. 6 June 2014 21:53

How the Best Leaders Lead
by Brian Tracy

In How the Best Leaders Lead, Brian Tracy reveals the strategies he teaches top executives to achieve astounding results in difficult markets against determined competition. You will learn how to set clear goals and objectives for yourself and others, set priorities and focus on key tasks, solve problems faster and make better decisions, determine the ideal leadership style for any situation, motivate your people, and develop an exciting future vision for your business.

The Coaching Manager
by Joseph R. Weintraub, James M. Hunt

When managers communicate a genuine interest in helping rather than evaluating their employees, they create opportunities for everyone to learn. Managers who try to help employees learn and become more productive in the process. In The Coaching Manager, James Hunt and Joseph Weintraub introduce an easy-to-implement developmental coaching model based on their extensive work with thousands of managers, executives and MBA students. The goal is for managers to help employees learn to be more productive on a day-to-day basis. This model encourages employees to take greater responsibility for their learning and development while forging a healthy relationship between manager and employee.

 

How sampling transformed music
By Mark Ronson

Sampling isn't about "hijacking nostalgia wholesale," says Mark Ronson. It's about inserting yourself into the narrative of a song while also pushing that story forward. In this mind-blowingly original talk, watch the DJ scramble 15 TED Talks into an audio-visual omelette, and trace the evolution of "La Di Da Di," Doug E. Fresh and Slick Rick's 1984 hit that has been reimagined for every generation since.

Comics that ask "what if?"
By Randall Munroe

Web cartoonist Randall Munroe answers simple what-if questions ("what if you hit a baseball moving at the speed of light?") using math, physics, logic and deadpan humor. In this charming talk, a reader’s question about Google's data warehouse leads Munroe down a circuitous path to a hilariously over-detailed answer — in which, shhh, you might actually learn something. "And I love calculating these kinds of things, and it's not that I love doing the math. I do a lot of math, but I don't really like math for its own sake. What I love is that it lets you take some things that you know, and just by moving symbols around on a piece of paper, find out something that you didn't know that's very surprising. And I have a lot of stupid questions, and I love that math gives the power to answer them sometimes."

What ants teach us about the brain, cancer and the Internet
By Deborah Gordon

Ecologist Deborah Gordon studies ants wherever she can find them — in the desert, in the tropics, in her kitchen ... In this fascinating talk, she explains her obsession with insects most of us would happily swat away without a second thought. She argues that ant life provides a useful model for learning about many other topics, including disease, technology and the human brain.

Tags:

Team management

Friday Books and Talks 05/30/2014

By wolfgang. 30 May 2014 16:51

Change the Culture, Change the Game
by Roger Connors, Tom Smith

Roger Connors and Tom Smith show how leaders can achieve record-breaking results by quickly and effectively shaping their organizational culture to capitalize on their greatest asset-their people. Change the Culture, Change the Game joins their classic book, The Oz Principle, and their recent bestseller, How Did That Happen?, to complete the most comprehensive series ever written on workplace accountability. Based on an earlier book, Journey to the Emerald City, this fully revised installment captures what the authors have learned while working with the hundreds of thousands of people on using organizational culture as a strategic advantage.

Open Leadership
by Charlene Li

"Be Open, Be Transparent, Be Authentic" are the current leadership mantras-but companies often push back. Business is premised on the concept of control and yet the new world order demands openness-leaders do not know how to be open and be in control. This must-have resource will help the modern leader understand how to lead in the new open world-where blogging, twittering, facebooking, and digging are becoming the norm. the author lays out the steps that leaders must take to transform their organizations and themselves into being "open" -and exactly what that will mean.

 

Color blind or color brave?
by Mellody Hobson

The subject of race can be very touchy. As finance executive Mellody Hobson says, it's a "conversational third rail." But, she says, that's exactly why we need to start talking about it. In this engaging, persuasive talk, Hobson makes the case that speaking openly about race — and particularly about diversity in hiring — makes for better businesses and a better society.

 

Tags:

Team management

Friday Books and Talks 05/23/2014

By wolfgang. 23 May 2014 19:10

Tribal Leadership
by Dave Logan, John King, Halee Fischer-Wright

Within each corporation are anywhere from a few to hundreds of separate tribes. In Tribal Leadership, Dave Logan, John King, and Halee Fischer-Wright demonstrate how these tribes develop—and show you how to assess them and lead them to maximize productivity and growth. A business management book like no other, Tribal Leadership is an essential tool to help managers and business leaders take better control of their organizations by utilizing the unique characteristics of the tribes that exist within.

 

Tribal leadership
By David Logan

David Logan talks about the five kinds of tribes that humans naturally form — in schools, workplaces, even the driver's license bureau. By understanding our shared tribal tendencies, we can help lead each other to become better individuals.

Why good leaders make you feel safe
By Simon Sinek

What makes a great leader? Management theorist Simon Sinek suggests, it’s someone who makes their employees feel secure, who draws staffers into a circle of trust. But creating trust and safety — especially in an uneven economy — means taking on big responsibility.


Tags:

Team management

Friday Books and Talks 05/16/2014

By wolfgang. 17 May 2014 12:58

Multipliers
by Liz Wiseman, Greg McKeown

Are you a genius or a genius maker? A diminisher or a multiplier? In this executive book summary, you will learn the difference between these two leadership styles, how to become a multiplier of talent and people and how multiplying can have a resoundingly positive and profitable effect on your organization.

A thought-provoking, accessible, and essential exploration of why some leaders (“Diminishers”) drain capability and intelligence from their teams, while others (“Multipliers”) amplify it to produce better results. Including a foreword by Stephen R. Covey, as well the five key disciplines that turn smart leaders into genius makers, Multipliers is a must-read for everyone from first-time managers to world leaders.

 

What it takes to be a great leader
By Roselinde Torres

There are many leadership programs available today, from 1-day workshops to corporate training programs. But chances are, these won't really help. In this clear, candid talk, Roselinde Torres describes 25 years observing truly great leaders at work, and shares the three simple but crucial questions would-be company chiefs need to ask to thrive in the future.

The key to success? Grit.
By Angela Lee Duckworth

Duckworth, the recipient of a 2013 MacArthur Foundation "genius" grant, may be most known for her work in studying the role of grit, rather than intelligence, in predicting success in students. But this talk is also a worthy reminder for leaders of the attributes they should look for in people -- perseverance, self-control and sustained interest in long-term goals -- as well as that they should work on in themselves.

 

Tags:

Team management

    Log in