Leadership Lessons From The Dark Side

Slides:



Advertisements
Similar presentations
CTS Strategic Roadmap Walkthrough, v1.2 Dan Mercer.
Advertisements

Product Officer Functional Lecture
Tech Made Simple: Boosting Your Business Using Technology.
& C ORPORATE A UDIT & S ECURITY. Who We Are A Snapshot of BANK ONE & CORPORATE AUDIT & SECURITY.
Forward: Analytics Red Queen Moving Eden Dahlstrom, Director of Research Maturing the November 5, 2015 Practices.
Information Technology Assessment Findings Presented to the colleges of the State Center Community College District.
Ideas 2008 The Next Step. What are we after? Consumable and Understandable by broader department.
Practical IT Research that Drives Measurable Results Establish an Effective IT Steering Committee.
Sharing Data: Issues and Opportunities Transportation Research Board Annual Meeting January 22, 2006 Leni Oman Director of Transportation Research Washington.
Planning & budgeting 25 th November, 2009 Eva Stevens Community Accounting Plus.
MUST Apply found knowledge to identify advantages and disadvantages of various sources of finance (C/B). SHOULD Reach conclusions by justifying choices.
1 BDO-I2I India-Israel Business Consulting Company Profile 1.
State-of-the-States: CIO Priorities, Trends and Opportunities
Today’s managers & leaders are challenged unlike any of the past generations in their roles.
Customer Experience: Create a digitally led customer experience
Cautious Consumers 2015 Educurious Partners--All rights reserved UNIT 3 LESSON 9.
THE FINANCE DEPARTMENT
Strategic Planning – How it All Comes Together
“Let’s Do This…. No, Let’s Do That”
Six Steps to Secure Access for Privileged Insiders and Vendors
Updating the Value Proposition:
Challenges and opportunities for the CFO
UNLEASH YOUR FULL POTENTIAL
Cyber Risk Presentation to the Board of Directors
Selection & Deployment - Principals
1. How do we measure vale and the cash and cash and coins. 2
Create Data Strategies for the Small Enterprise
Campaign Fundamentals
Policies and Planning Premises: Strategic Management
Shared Leadership: From IT Silos to IT Alliance
PMI Chapter, IT Governance, Portfolio and Project Management in State Government Chris Cruz, Chief Information Officer, California Department of Food and.
Organization Strategy and Project Selection
Going Independent Pre discussion:
Leverage What’s Out There

F5 PRO ASSETS We’ve created these Pro Assets to help you communicate the ideas in this article to your team. Feel free to remove these intro pages, and.
Six Steps to Secure Access for Privileged Insiders and Vendors
WEBINAR The Rise Of Insights Services
Organization Strategy and Project Selection
Updating the Value Proposition:
Transforming IT Management
What are the Key Benefits of Owning Investment in Real Estate
Company Overview & Strategy
Personal Finance Money Markets
How to build a defense-in-depth
B-Hive Europe Open Innovation Platform Fabian Vandenreydt
Growth-Driven Performance Management
Utilizing Internal Audit Metrics to Advance Your Department
Succession Planning The 10 Most Important Non-Legal Questions
LENDING TO CO-OPERATIVES Presentation by:
Walk the Talk A Discussion on Frontline Worker Safety.
Assistant Vice President and Chief Technology Officer
League for Innovations Conference March 2018
Succession Planning The 10 Most Important Non-Legal Questions
How to address security, cost, IT and migration concerns
Integrating The Components of A Financial Plan
GRC - A Strategic Approach
Investing in Data Management Capabilities
KEY INITIATIVE Shared Services Function Management
KEY INITIATIVE Finance Function Management
KEY INITIATIVE Shared Services Optimization
GIG Presentation: Igniting insight
KEY INITIATIVE Financial Data and Analytics
Sample Strategic Planning Sales Presentation
KEY INITIATIVE Finance Function Management
Organizational Priorities
Growth-Driven Performance Management
Outsourced CFO, Accounting and Bookkeeping
Chapter 4 Financial Decisions and Planning
Presentation transcript:

Leadership Lessons From The Dark Side Adam Shostack

Overview Why Can’t Vader and Tarkin crush the rebellion? Concrete approaches to Leadership Cyber Portfolio Management Call to Action Which one are you?

Why Can’t Vader and Tarkin Execute? Darth Vader: Former Jedi, turned to the dark side “Search your feelings,” “You know it to be true” and “Ancient religions” Grand Moff Tarkin Focused on running a galactic empire for a crazy despot Culture and language Whatever the heck a “Grand Moff” is?

This guy is a bad leader!

Leadership Effective The Empire Vision Focus Execution Communication

How Security Communicates

Don’t be like director Krennic, begging for an audience with the boss!

Gartner’s “Top Ten Security Tech for 2016” Can you bring these to your board? Cloud Access Security Brokers Endpoint Detection & Response Nonsignature endpoint detection User Behavior Analytics Microsegmentation & flow visibility Sec testing for devops Intel-driven sec ops Remote browser Deception http://www.information-age.com/gartner-picks-out-top-ten-cyber-security-technologies-2016-123461612/

We need to stop presenting like this The question: why are you telling me this?

Leadership: Vision & Communication Effective Vision Challenging Muddle Concrete Compact Communicative/Clear Contextual No grounding Compliance (with what?) Risk (abstract) No request Collaboration is key to moving large organizations Draw on threat model diagrams

Cyber Portfolio Management

Analogy: A Financial Portfolio Account Value Checking $2,500 401K $50,000 Mortgage ($500,000) Student loans ($94,000)

Analogy: Financial Portfolio Analysis Activities: Analysis Inventory Analyze (mathematical) Assess (judgment) Some broadly applicable tools Debt:Asset, savings rate Churn, free cash flow Some very specific Anyone can invent new tools

Cyber Portfolio Management: Steps Inventory (step 1) Analyze (step 2) Assess (step 3) Keeping our eyes on assessment & decisions

Cyber Portfolio: Assessment Key questions Answers are: Right strategy & governance? Managing the right threats? Explain what and why? Concrete Compact Communicative/Clear Contextual Draw on threat model diagrams

Cyber Portfolio: Governance example Governance isn’t about Archer It is about the right resources and leadership “A neck to choke” Leadership, budget, staffing is rarely a “one slide view” (0/10 Fortune 500s interviewed under NDA)

Cyber Portfolio: Analysis (Step 2) Department Security Leader Security Budget Sec Staff Mortgage banking Alice, VP $5.2m/12% 35/100 (35%) Retail banking Bob, Director 3.4m/17% 29/400 (7%) Marketing None $1m/2% 1/35 (3%) Death Star Grand Moff Tarkin Small moon “Security is everyone’s responsibility” Numbers shown as security/total department

Cyber Portfolio: Inventory (Step 1) Where does your money go? Easy to ask, hard to answer Focus on spending, not “assets” — how is money allocated? Look across multiple views Capex & OpEx Salaries Projects & Programs Report-outs Good enough is good enough

Analyze (Step 2): Yu’s Cyber Defense Matrix

Cyber Portfolio: Present - Investments

Applying Cyber Portfolio Management Improve Security Manage Resources Manage Relationships Applying Cyber Portfolio Management

Improve Security Gap analysis Improve coverage Orchestration / & platform opportunities

Manage Resources Identify duplication Low hanging fruit Vendor management Incident recovery Duplication: as a result of M&A, misunderstandings, etc Low hanging fruit: products change Vendor management: are you in our priority space?

Manage Relationships Set & communicate about priorities Rhythm of business Exec briefings & education

Offer for attendees Book on the subject is in the works Free for today’s attendees! Just promise me feedback! How: Give me a card (or) adam.shostack.org/newthing.html Sign up for “Adam’s new thing” mail list – less than 12 emails/year, guaranteed

Apply What You Have Learned Today Next week you should: Get the free book! Inventory your security investments In the next three months you should: Analyze your investments Brief your peers and get their feedback Within six months you should: Brief leadership Set a new standard Benchmark with peers