Dan Pallotta of Pallota Teamworks authored an interesting HBR blog post outlining five actions that Apple CEO Tim Cook should take following his appearance before Congress. Pallota’s article outlines five actionable steps to achieving something to which Tim Cook, and many information security teams, aspire – connection with their customers.
Make a Self-Deprecating Joke
Tim Cook projects a stoicism that alienated the Steve Jobs-brand followers. While exceptions exist, many security teams are reputed to have similar social challenges. While amiable and jovial at like-minded gatherings, their relationship skills seem to atrophy when relating to business professionals in the workplace. These actions perpetuate the geek stereotype of the akward, cynical and patronizing security professional.
These teams must embrace self-deprecating humor to disrupt the prevailing stereotypes. By projecting an awareness of their social learning opportunities, they can take control of the perceptual dialogue and influence it positively.
Run a Great Ad Series
Creative advertising not only shaped Apple’s brand but also stimulated a culture whose influence is felt beyond the experience of their products and services. Branding and promotional strategies is not the solve purview of Apple or companies of its ilk. The information security practice can shape its service brand to convey its organizational value.
Security teams must identify the touchpoints between their service offerings and the products/services that generate business value. These touchpoints can then be sculpted into stories which resonate with the corporate culture.
Employ Influence to Promote Security Initiatives
The third item in Pallotta’s list discusses how Tim Cook has delegated to others the very things which shape how others perceive him and the Apple brand. These instances include product launches and keynotes at important industry events. This is in stark contrast to Steve Jobs, a master orator and storyteller that generated excitement around Apple products. Tim Cook has surrendered this opportunity to others.
How many times do security teams do the same thing?
Security team members must be trained in basic storytelling techniques and given the opportunity to share information with the rest of the organization. As a member of the U.S. Treasury’s security community, I seek opportunities to share the value generated by my team in the form of lunch and learns. I am also aware of other teams in the healthcare sector that hold day-long events associated with specific areas of interest to their customer business units.
Integrate Information Security as a Product Differentiator
Pallotta argues that Apple must differentiate between its product design plans and its future strategic offerings. It is easy to focus on particular services/products as representing the company’s direction. This is a trap many security team fall into. In response to the pressure to “do more with less”, the resulting myopic focus on specific security offerings becomes the team’s strategic direction.
The security function drives value by applying its suite of service to a company’s product line. Thus, security team must create synergistic services with which its customers can deliver differentiated offerings to market.
Don’t Worry About Being Liked
Pallotta argues that Tim Cook is working too hard at being liked by Apple, its stockholders and customers. Interestingly, Steve Jobs did not have this problem. While admired for this promotional and design genius, Jobs’ brash management style was evidenced by stories of uncompromising focus on delivering quality to the customer. He suffered not those who lacked this commitment.
The security function must build relationships based on mutual respect and trust. This trust must be enforced by consistent results, not by encouraging sycophant behavior among team members. One of my clients, for example, transformed its organizational relationship by replacing low-performing, well-liked team members with high performers. These team members focused on demonstrating the business value of the security function in a manner understood by business customers. They also built a reputation for renegotiating business requests to comply with security policies, gradually building an adibing respect within the organization despite challenging certain proposals.