Author Archives: Bill Murphy

A Thesis for Handling Defensive Security

Read Full Transcript

Ok, this is one thing that is near and dear to me that we built up. It’s a thesis on how I believe defense should be handled.

When you are moving at speed, and you have questions, for example I had questions within my company about how data loss prevention was being handled. In DLP different tools can be used to look for communication. For example, I received a communication from a bank, and I was talking with this bank officer about a variety of subjects and I replied to him. In that reply the bank officer had in the bottom heading of his email, way at the bottom under all of the legal language, which said “do not forward”. It was a “do not forward” rule. Well, when I replied to him that “do not forward” rule triggered our filter, but then that went and got distributed to people that would actually take care of that within our organization. We have a “do not forward rule” for a reason.
However, that potentially, could have been a problem because it was a reply to a bank officer. What if that communication to the bank officer is because we were in a financial crisis, and all of a sudden that got forwarded to people in my organization, that then saw we were in a financial crisis? We’re not at all, this was just planning items with a bank person, but pay attention to that.

Ask your team for what all of the DLP rules are, and ask for a screen shot of them. Don’t just ask for what they are, ask for a screenshot, proof, so you can review them, and look at them, and say ‘hah, this is interesting; this is an unintended consequence of something good’. I want to know that if a customer is sending a Visio diagram to my team, I don’t want that forwarded, and that’s why we have it there. We actually put “do not forward it” in this, and it won’t go anywhere.

Just look for the unintended consequences of these advanced security systems, so you can know how your systems are actually set up. OpenDNS helps with mobile devices, we want to know where people are going. If you want to see how those rules are set up, just ask. Ask your team to send you the screenshots, and to explain the different rules. It’s a 15 minute conversation but it helps you understand how your systems are set up.

That’s my tip for today.

 

In this CIO Innovation Insider, I wanted to share with you what I believe is an important step to take in managing your business’ advanced security systems. Ask your team about your DLP rules, and ask them for proof – don’t just take their word for it. It is important to understand these rules so that you can protect yourself from any unintended consequences.

Major Take-Aways from This CIO Innovation Insider:

Continue reading

Looking at Security From an Offense-Defense Point of View

Read Full Transcript

One of the things that came up out of my meetings yesterday, an in particular with a gentleman I’ve known for 20 years, is this concept of, especially in small and medium businesses, and I’m qualifying those between a hundred and a thousand employees, is a lot of times the CIO and the CISO go to bed with this nagging, this nervousness, because they don’t quite have everything taken care of on defense and they know it. It could be on the governance/compliance side, the audit side, or it could be on the actual real security management, which is the execution of the day to day reality that maps to the governance plan, and this is the challenge.
What I shared with a CIO last night that I’ve known for years is that his natural gut instinct is to play offense because he knows that’s where he adds tons of value to the company. Nobody’s coming to him saying ‘tell me about your defensive strategy and how it’s helping the company’. Unless you’re a bank, and they’re not a bank, but they do have security concerns, and his value is offense and happens to be world class at project management. Not just project management, they’re doing more with agile – he knows about more with agile methodology for project management then most of you ever know about. I’m actually going to have him on the podcast to talk about that because he’s just world class at it. That’s where his value is, but he can’t ignore defense, he knows it. I’m coming up with plans to help him with that, be much organic to the company.
I want to encourage all of you to start to look at security from an offense/defense point of view. If you could have your defense taken care of. If you could plug into a platform or a methodology that allows you execute at real-time on the real security management that’s needed, but then also be able to do the governance piece as well, really look at that as a vision for your security so that you can free up for offense. That’s super interesting for me, and I think it’s resonating with a lot of you that I’m talking to.
One of the pieces about this is I break it – offense and defense – into two categories. Message me about when we do the offense sessions. We have an offense session coming up next month, we have them very repeatedly, and it’s really geared to how you optimize as a digital transformation leader – offense, revenue generation, supporting revenue generation, within the company, and also you going out and potentially, pending the size and maturity of your company, going out and actually using some of the innovation design thinking principles to test the market so that you’re building products, whether you’re at that point or you’re just supporting the underlying infrastructure, both are equally valuable, you need to keep doing that for sure, for sure.
However, we want to keep taking care of the defense because that is super important that we can move fast with innovation and be able to build speed. However we also need to have an infrastructure defense capability that moves at pace and moves at a cadence as well where it doesn’t limit you.
That’s my message for today. Have a good day everybody.

In this CIO Innovation Insider, I wanted to share something that came out of a recent CIO meeting that I had. I want to encourage all of you to start looking at security from an offense-defense point of view. Imagine if you could plug into a platform or a methodology that allows you execute at real-time on the real security management that’s needed, but then also be able to do the governance piece as well, really look at that as a vision for your security so that you can free up resources for offensive security strategies.

Continue reading

CIO Innovation Insider Event Recap – October 2017

The October Innovation Insider lunch event was an incredible success, with 30 CIOs in attendance at the National Automobile Dealers Association (NADA) out in Tysons, VA. RedZone Technologies President & CEO Bill Murphy opened up the event with a keynote presentation on Exponential Technologies, Offensive and Defensive Innovation, and marketplace disruption.

Continue reading

3 Strategies for Fast Learning and the Importance of Continued Learning

Read Full Transcript

Ok, this is Bill Murphy. We’re here with another Innovation Insider, powered by RedZone. I want to talk about a couple concepts I’ve written up on the board for you today.

One is this, I want to teach you a couple of strategies of how you can learn really fast in areas you don’t know a lot about, and how you ca n leverage some of your talent in your organization to help you learn fast. With some of the new technologies that you have to learn at scale, for example I have a customer who needs to learn about artificial intelligence. They need to learn about artificial intelligence, deep learning, machine learning, neural networks, and how this happens. How artificial intelligence works with these algorithms. How do you do that? If you don’t have the talent, you’re not going to buy the talent, you don’t have the budget for it, you necessarily even have a project, but you have a potential problem that might be solved.

Go to meetup.com. How many of you have been to meetup.com, and actually gone and go to the meetups, to where all the developers are. Go to the meetups where all the makers and the people that are actually building those technologies are. It sounds different, and it sounds odd, because you did it when you were in your twenties, but now you’re in your forties. I think you should go do it. I do it myself now. I go and I sit as a fly in the wall in the back. Listen to these guys. They’re smart as heck, they’re coming out of the universities; they’re really hustling to put their technologies out there. You can learn, you can listen, and here what they have to say. The largest VR community in D.C., I connected with the top guy there. The top guy there is brilliant. He has a small, little company. I’m not even sure if the company is making any money, but I’ll tell you what, he knows all the current technology and he’s connected deeply. Block chain is another perfect example. How can you use block chain? I know how to use it with security, but how do you use it with your business? Use it for smart contracts? How do you build applications with block chain? Patch into the community and figure that out; and that’s just you going to meetup.com. It’s a wonderful way to do that. You can send your team there and they can write reports, and kind of go on hunting missions. They would love it. You could just get written summaries as well, that’s another good idea.

Another is, I learned today – not learned it, but it was a young CIO I met with; super ambitious, but sometimes I run into these meetings and the guy’s new. He’s a newbie. He’s literally just landed. He doesn’t have the title of CIO, but he’s the highest ranking IT professional in the organization. You can tell by the maturity of the organization, it was a serious organization, it’s well known, everybody would know it. It’s just that their IT group was not as mature, but he would take meetings to learn. I said ‘no problem, I’ll teach you’ and we went down my little path of teaching; but he takes meetings to learn, and that’s a great way to have your team really examine and become students of the marketplace. That’s a little thing I learned today which was really interesting, the concept of going back to taking meetings. You can even limit those meetings in time, so you have 20 minutes, or you take 10 minutes for the meeting, or can have Skype meetings. You can have all types of meetings to make efficient use of your time. Consider that as an option to learn.

One of the biggest pieces when I run the CIO Innovation lunch series, which I’ve been running now for 20 years, one of the top, if not the second or third biggest trait is ongoing learning. It’s a passion for learning. You might lose your hunger for making money, you might lose your hunger for different areas, but don’t lose your hunger for learning. That’s one of the key traits that I find with the high performance CIOs. Not the Bs, and the C+s, and the Cs, I’m talking the B+s and the As. It’s ongoing learning. What’s the difference between a B+ and an A? Usually it’s just behind the wheel time. They’re just newer on the job, and they haven’t gotten their chops cleaned as much as an A, but they’ve got the energy, and they’ve got the passion to be an A, but it’s ongoing learning. It’s that deep desire to want to learn.

The other piece is, I brought it up in the last segment, was being romantic. Being romantic about the way things were. Being romantic about the way things were is really just fear. That’s why I’m layering in some of this education, and learning, and being aggressive, and offensive about going and digging up the technologies. Not that the vendors are bringing it to you; forget the vendors. The vendors have a vested interest. You go on a hunting mission to look at the exponential technologies, the VR, the augmented reality. Look at how these things can impact. Look at biotech, biomedicine, block chain, nanotechnology. Go find those meetups and learn. Sometimes cross domain learning is just as important as right in your domain. It all will help you not be romantic about the past, and embrace future, and not let fear subvert getting into an offensive gear where we’re still being generative, and creative, and innovative in our own thinking patterns.

Alright, until next time this is Bill Murphy with the CIO Innovation Insider.

In this CIO Innovation Insider, I wanted to share with you 3 strategies that you as IT leaders can use to continue to learn, and learn quickly. Both on subjects within your niche, and subjects outside it, and how you can leverage your team to help you learn fast as well.

Major Take-Aways from This CIO Innovation Insider:

Continue reading