Presentation is loading. Please wait.

Presentation is loading. Please wait.

Answering the WHYS in Cybersecurity

Published byHilary Tyler Modified over 6 years ago

Similar presentations

Presentation on theme: "Answering the WHYS in Cybersecurity"— Presentation transcript:

1 Answering the WHYS in Cybersecurity
BSides Fredericton 2017 Kathryn Chamberlain

2 How many... Deal with end-users? Run a security campaign?
Fix the technology when end-user break things? Are the security ‘lead’ for their organization? Are an advocate for cybersecurity?

3 About Me Mount Allison University Graduate Venture for Canada Fellow
Commerce & Mathematics Employee Engagement & Change Management Research Internships Venture for Canada Fellow Beauceron Security

4 Today Challenges for End-Users Employee Engagement
Organizational Culture Change Management Questions

5 Why are we talking about “HR STUFF” at a cybersecurity event?

6 Why do I have a role in this? Why can’t you just fix it?
Why does this matter? Why do I have a role in this? Why can’t you just fix it? Why would someone target me anyway? Why would someone want our data? Why should I care?

7 Top Challenges for Security Professionals
Communication Upper Management Support Employee Engagement Other Time Money Culture Enforceability of a program Resources Staff SANS 2017 Security Awareness Report

8 Today Challenges for End-Users Employee Engagement
Organizational Culture Change Management Questions

9 Employee Engagement

10 Employee Engagement High degree of emotional and intellectual commitment to the organization; employees fully involve themselves in work, are absorbed, focused and energized, going above and beyond with discretionary efforts, fostering change, and dedication. Kahn, 1990; Macey & Schneider, 2008; Unal, Zeynep and Tu Tugurt, 2015

11 Common Themes Each person is unique- what engages you doesn’t necessarily engage the person standing next to you.

12 Some Examples Autonomy Models of upward feedback
Career growth opportunities Opportunity to be creative/innovative Clarity of expectations Personality Conscientiousness Psychological Safety Communication Recognition Culture Role Expansion Feelings of energy and empowerment Senior management Feeling Informed Supportive colleagues Flexibility Supervisor commitment Involvement in decision making Values Leadership Styles Work/life balance

13 Research Study Narrative Inquiry Interviews & Focus Groups
Collaborative Effort

14 A Short Story When asked most engaging experience …
Recruiting event for their company Answering questions about the company, Interacting with boss & others Meaningful Assignment When asked about person they trusted most… Getting to know them outside of work Their communication style Feedback Leadership Style Kathryn Chamberlain (2017)

15 Kathryn Chamberlain (2017)

16 Engaging Security Programs
Meaningful Work - Why does this matter? Ownership - Why is this my job? Problem Solving - What can I do to fix this? Alignment of Mission - Why is this important to me? Feedback - How can we make this better? Personal Histories - Why are you interested in security? Communication - How consistently are you talking about security? Do you walk the talk?

17 Today Challenges for End-Users Employee Engagement
Organizational Culture Change Management Questions

18 The Way We Do Things Around Here, Everyday.
Organizational Culture

19 Shared Assumptions, Values and Beliefs Amongst Organization Members
Organizational Culture

20 Does your organization value security?

21 Suggestions 1. Ensure a security representative is attending all board meetings Educate security representative on how to effectively communicate cyber-risk Provide security representatives with business context Clearly differentiate between cyber-risk management and compliance. Fred Kniep from Compliance Weekly

22 Today Challenges for End-Users Employee Engagement
Organizational Culture Change Management Questions

23 Change Management “Change management is the discipline that guides how we prepare, equip and support individuals to successfully adopt change in order to drive organizational success and outcomes. While all changes are unique and all individuals are unique, decades of research shows there are actions we can take to influence people in their individual transitions. Change management provides a structured approach for supporting the individuals in your organization to move from their own current states to their own future states.” Prosci Change Management Definition

24 Levels of Change Management
Individual Change Management Individual change management requires understanding how people experience change and what they need to change successfully.  Organization/ Initiative Change Management Driving successful individual transitions should be the central focus of the activities in organizational change management. Enterprise Change Management An enterprise change management capability means effective change management is embedded into your organization’s roles, structures, processes, projects and leadership competencies. Prosci Levels of Change Management

25 Change Agents “Change agents sponsor and promote change initiatives in organization; change recipients are those organizational members who carry out the change measures.” (Klonek, Lehmann-Willenbrock &Kauffeld, 2014) 36 minutes

26 Change Agent Keys External validation of the method of change 1
Individual change agents need to have some credibility within the organization2 Focus on the big picture- frame initial communications on broad concepts than detailed specifics 3 Bring it back to the individual- why should it matter to them 3 Help provide business context – why should it matter to the organization, what are the lasting impacts of the decision 3 1- Birkinshaw et al., Armenakis et al., Larry Powers at Boxley Group - Consulting Blog

27 Key Take-Aways Build an engaging security program
Think about the impact on each individual user Create a level of ownership Build trusting relationships throughout the organization Identify the level of change you’re making Communicate frequently, consistently and don’t forget to walk the talk.

28 Challenges to You Think about why you got into security in the first place – talk about that story with your team Have/Attend cross-department meetings – try to understand the challenges they are facing and how security impacts their strategic objectives Leverage your people – find people throughout your organization who believe in a security culture and empower them with the knowledge and resources they need

29 How can I get involved? Why does this matter?
Why do I have a role in this? Why can’t you just fix it? Why would someone target me anyway? Why would someone want our data? Why should I care? How can I get involved?

30 Questions @_kachamberlain Kathryn Chamberlain

Download ppt "Answering the WHYS in Cybersecurity"

Similar presentations

PINNACLE CONSULTING & COACHING / TABLE GROUP CONSULTING PARTNERS

PINNACLE CONSULTING & COACHING / TABLE GROUP CONSULTING PARTNERS
Close Hold – Company Confidential – Not for Distribution Engagement Every Day: 2011 Engagement Survey – List of Q12 & SAIC-specific 2011 Engagement Survey.

Close Hold – Company Confidential – Not for Distribution Engagement Every Day: 2011 Engagement Survey – List of Q12 & SAIC-specific 2011 Engagement Survey.
2013 CollaboRATE Survey Results

2013 CollaboRATE Survey Results
CalSTRS Goals CalSTRS is committed to providing a sustainable employee culture to promote our mission of securing the financial future and sustaining the.

CalSTRS Goals CalSTRS is committed to providing a sustainable employee culture to promote our mission of securing the financial future and sustaining the.
Maintaining Industrial Harmony at Work

Maintaining Industrial Harmony at Work
Leadership Development Nova Scotia Public Service

Leadership Development Nova Scotia Public Service
Leadership in the Baldrige Criteria

Leadership in the Baldrige Criteria
Strategic HR Management

Strategic HR Management
Imran Ghaznavi Course Code: MGT557 COMSATS Strategic Human Resource Management.

Imran Ghaznavi Course Code: MGT557 COMSATS Strategic Human Resource Management.
Strategic role of HR. The Strategic Nature of HR The work of HR practitioners can be divided into two main areas: 1.Transactional activities – consist.

Strategic role of HR. The Strategic Nature of HR The work of HR practitioners can be divided into two main areas: 1.Transactional activities – consist.
The Esteemed Agency: Managing Human Services Teams Week Fifteen.

The Esteemed Agency: Managing Human Services Teams Week Fifteen.
Angela Baron and Jill Miller Chartered Institute of Personnel and Development

Angela Baron and Jill Miller Chartered Institute of Personnel and Development
Gallup Q12Yes/ No Do you know what is expected of you at work? Do you have the materials and equipment you need to do your work right? At work, do you.

Gallup Q12Yes/ No Do you know what is expected of you at work? Do you have the materials and equipment you need to do your work right? At work, do you.
Employee Engagement. What is Employee Engagement  An engaged employee is one who is fully involved in, and enthusiastic about his/her work.  Desire.

Employee Engagement. What is Employee Engagement  An engaged employee is one who is fully involved in, and enthusiastic about his/her work.  Desire.
Empowerment Empowerment simply means giving people authority – to make decisions based on what they feel is right, have control over their work, take risks.

Empowerment Empowerment simply means giving people authority – to make decisions based on what they feel is right, have control over their work, take risks.
©SHRM 2015 1 SHRM Speaker Title Bhavna Dave, PHR Director of Talent SHRM member since 2005 Session 2: Relationship Management Competencies for Early-Career.

©SHRM SHRM Speaker Title Bhavna Dave, PHR Director of Talent SHRM member since 2005 Session 2: Relationship Management Competencies for Early-Career.
Building Teams and Empowering Members 1. Empowerment Empowerment is not bestowed by a leader, it is the process of an individual enabling himself to take.

Building Teams and Empowering Members 1. Empowerment Empowerment is not bestowed by a leader, it is the process of an individual enabling himself to take.
Today Oct-Nov 2015 JanFeb Mar - May FY17 Engagement Survey administered Results shared with senior leadership Results shared with HUIT Local meetings in.

Today Oct-Nov 2015 JanFeb Mar - May FY17 Engagement Survey administered Results shared with senior leadership Results shared with HUIT Local meetings in.
The Many Faces of Employee Engagement Leisha DeHart-Davis, Associate Professor.

The Many Faces of Employee Engagement Leisha DeHart-Davis, Associate Professor.
1 Chapter 9 Implementing Six Sigma. Top 8 Reasons for Six Sigma Project Failure 8. The training was not practical. 7. The project was too small for DMAIC.

1 Chapter 9 Implementing Six Sigma. Top 8 Reasons for Six Sigma Project Failure 8. The training was not practical. 7. The project was too small for DMAIC.

Similar presentations

Ads by Google