I am just leaving another Board of Directors (BoD) meeting and I am so thrilled for the CEO, CIO and Board.
This was another example of a CIO working very hard to deliver value to his BoD. I think he won because he adhered to four focus points:
- Radical Transparency always wins in IT Security.
- Courage and Truth trumps ego and bravado.
- Visualizing complexity and solution options beats words with non-technical smart people.
- Transparency without a ‘dig out’ plan of action is foolish.
The Courage to Be Transparent
The #1 reason his approach worked was he decided to be 100% transparent.
Now as you read this, no doubt, you are saying,
“Of course I am transparent. If I wasn’t, then I would be lying, and I would never lie!”
This is extremely hard because we are all tempted to ‘spin’ our story; our staff is tempted to ‘spin’; and same with vendors. With IT Security, there is so much noise, and the ceiling of complexity is rising fast. It is becoming harder and harder to separate the signal (truth) from the noise.
‘Spin’ and Lying are different. Very different. Spin is selling, convincing, and marketing yourself and your department’s capabilities.
Radical Transparency
What I am offering for you to consider is radical transparency, “a phrase used across fields of governance, politics, software design and business to describe actions and approaches that radically increase the openness of organizational process and data.”
Even HBR agrees with me in the article titled, “Why Radical Transparency is good for business.”
It is my belief that the Rising Ceiling of Complexity, caused by Moore’s Law, is pushing us towards a default position in which you have no choice of whether or not you are being radically transparent in presenting current state of your IT Security readiness for your company.
I think that the only way you get in trouble with radical transparency is when you don’t offer a clear ‘dig out’ or clear remediation plan to your executive team. This is hard because many times our internal staff don’t have the expertise to know How to ‘dig out’ a complicated security mess.
You counter this by gathering experts, approaches, ideas, and strategies that can help you simplify and approach complexity not by adding more, but by subtraction.
At the end of the BoD presentation, I remember the CEO saying,
“Instead of spending money chasing on IT, based on what the auditor is telling us to do, we have a balanced plan that coordinates and prioritizes spending based on critical items that actually present real IT Security and Operational risk.”
The CIO’s win is that he has coordinated the ‘opinions’ from staff, vendors, regulators, auditors, etc. and focused on the truth and prioritization of action needed to remediate his situation.
In Summary, what I was reminded of by this CIO is:
- Radical Transparency always wins in IT Security.
- Courage and Truth trumps ego and bravado.
- Transparency without a ‘dig out’ a plan of action is foolish.
Reduce the Ceiling of IT Security Complexity with the CIO Security Scoreboard. Learn more here
