Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 6

Working Together To Improve Security

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

What everybody Welcome to episode 76 already of mornings with Mark? I want to follow up on yesterday's episode in episode 75. We talked about service design thinking how that's really security thinking about holistic point of view. I'm working through problems start to finish. It turns out I would love to say I planned that topic to follow or to proceed what I was doing for the rest of the day, but it was totally random totally circumstance.

I'm just a few things that triggered. I'm going to drive me to the airport seeing the signature service from Air Canada and you know dealing with some apple issues in seeing the end and support for service or product design review meeting yesterday all day was myself in a couple colleagues and what really struck me was that power of that end and thinking of service design thinking that's what I want to talk to you today.

I'm about any ties back to our continuing themed around perspectives. So in his review meeting and it won't go into the specifics and proprietary all that kind of deal. But what I wanted to talk about was the fact that we managed to get. 4 people in a room with very different viewpoints deep technical knowledge, but more importantly a deep respect for the other people in the room at least for their work, even if they haven't worked with him directly on in person, but knowing what they've accomplished knowing what they had achieved and just the general respect for people, right and we have that kind of vibe starting off a meeting things really start to get rolling because we were discussing the work not somebody's work but the work itself and that's a really fine distinction and I know I struggled with this early in my career took a long time and a lot of gray hair to get to the point where I can clearly separated the work and the issue versus the people and that was critical to this.

We spent a whole day working through a problem working through a set of design then we started start to finish Food Services. I'm thinking we picked apart every little aspect of what was already a phenomenal set of choices of phenomenal. Finally made it even better because everybody focused on the work they focused on the issue not the politics not the personality not attributing or through anthem from I can never even say the word.

I will type it down below anthropomorphizing no see it's too early. I haven't had my tea yet not on associating the work with the person but talking with the work itself in a respectful Manner and in going through in that only happens because of the strength of relationships because of the professionalism of the people involved but primarily because the leg work done to ensure the teams are working smoothly and I think this is a real problem and Security in general it goes to the isolation.

We talked about at 10 on the show and because security teams at order they should take our security Tom put them on a security team and shove them off to the side that makes it extremely hard for security teams to build strong relationships. You need people who go out of their way on the security team to go.

And create relationships me Taylor's relationship strengthen those relationships in order to have that sort of mutual respect in order to not let things break down and what I see so so often in organizations where the security team is seen as the enemy it's down there going to say no to me and they're seen as a roadblock.

But if you want to make an idea better, you know, you need to collaborate you need to work together people with different Viewpoint in this is what I loved. I got so energized even though I was literally in the same room though. We left a little bit obviously for bile breaks and we we had some food brought in and I was in the same room for almost 8 hours with these folks and we were it was so energizing.

It was so invigorating because we were working for a problem with a shared goal of trying to make it better for our customer for our user and that's a rare thing unfortunate should be there should be happening all the time. So what do you need to make this happen already mentioned relationships lipless review this let's have this is the takeaway.

How do you implement Services? I'm thinking How do you implement a group review? How do you make ideas better? Couple things running through the gate you want to make sure that you're talkin about the idea that you're talking about the merits of the idea or the product of the solution or whatever your building out you're talking about that you're not talking with the people who did the work.

So it's a different if you have a problem with me, you should not have a problem with the work. You should view validate to work on its own merits and people who did the work should not take it personally. If there are things that can be done better or things that should be changing.

That's hard. People are tricky. I know that's tricky for me to do the trick for everybody knew but that needs to be called that you need to talk with the work in isolation not is associated with people or groups. You can't worry about hurting somebody's feeling don't be a jerk about it.

And but you need to talk about the work isolated that leads into the second point you need to be respectful respectful. You need to understand that everybody around that table. If you've done your job well getting the right people to the table everyone around that table has a different set of expertise.

They have a different perspective and they deserve to be heard. And they should be heard and their what they suggest should be again evaluated on its merits not on who it's coming from and I think that the third is willing to put aside your own preconceptions and your own biases and that's really really tricky especially when you're coming from a particular group or particular angle.

I think it's critical to be able to kind of put that to the side and say, okay. What's the bigger picture here? What is the shared goal for the team in this happens a lot in Security reviews for the security people come out in the know you absolutely have to adhere to this implementation and because that's just the way it's done and not that the only way to be secure.

Where is he need to take a step back and look at the bigger picture. You need to understand. Okay. We'll wait a minute sample use yesterday's you you can't ask people to do a new passwords for your service if they're using a bunch of other crappy passwords back there because they're going to get resentful at the better security guess it's better choice to do passphrases.

We need to look at the holistic Angela need to put yourself in somebody else's Shoes and more often than not that's the end user or the customer and you need to understand that the trade-off in this is absolutely critical to the last aspect so and put yourself in their shoes have that perspective.

But the last thing I would say is you need to understand that if somebody needs to have a pain at point in the experience should be internalized not by your customer and I think a lot of people fall down and I go well for an engineering perspective, it's easier if we build this.

Yeah, but that means the customer takes three extra steps every time. Yeah, but it will save us 6 months of development. I'm wrong call always in favor of the customer with very very very few exceptions. This is not like everyone's an above-average driver. I mean very few exceptions of stuff to do these things are very difficult to do but I think if you're aware of them, I think if you're aware of talking with the ID on its merits getting different perspectives in being respectful.

I'm making sure you put the customer first and thinking and and I think you're going to have a successful time and then you could be locked in a room for the most of the day but come out energize have because of that collaboration that shared set of ideals. Everybody working towards a common goal, and it's a rare experience.

That should be a common experience work towards that what do you think? Hit me up at Markin caionline in the comments down below her eyes always by email me at Mark n. CA how do you find collaborating working on promise you get into the Whiteboard together on are you breaking down those barriers? What do you find? The biggest barrier is and let me know as always you only get better by talking about this stuff by working together by collaborating what you're getting with FEMA today's episode.

So, you know, hey double doubling down on that and I hope you're set up for fantastic day. I will talk to you tomorrow. Take care. What everybody Welcome to episode 76 already of mornings with Mark? I want to follow up on yesterday's episode in episode 75. We talked about service design thinking how that's really security thinking about holistic point of view.

I'm working through problems start to finish. It turns out I would love to say I planned that topic to follow or to proceed what I was doing for the rest of the day, but it was totally random totally circumstance. I'm just a few things that triggered. I'm going to drive me to the airport seeing the signature service from Air Canada and you know dealing with some apple issues in seeing the end and support for service or product design review meeting yesterday all day was myself in a couple colleagues and what really struck me was that power of that end and thinking of service design thinking that's what I want to talk to you today.

I'm about any ties back to our continuing themed around perspectives. So in his review meeting and it won't go into the specifics and proprietary all that kind of deal. But what I wanted to talk about was the fact that we managed to get. 4 people in a room with very different viewpoints deep technical knowledge, but more importantly a deep respect for the other people in the room at least for their work, even if they haven't worked with him directly on in person, but knowing what they've accomplished knowing what they had achieved and just the general respect for people, right and we have that kind of vibe starting off a meeting things really start to get rolling because we were discussing the work not somebody's work but the work itself and that's a really fine distinction and I know I struggled with this early in my career took a long time and a lot of gray hair to get to the point where I can clearly separated the work and the issue versus the people and that was critical to this.

We spent a whole day working through a problem working through a set of design then we started start to finish Food Services. I'm thinking we picked apart every little aspect of what was already a phenomenal set of choices of phenomenal. Finally made it even better because everybody focused on the work they focused on the issue not the politics not the personality not attributing or through anthem from I can never even say the word.

I will type it down below anthropomorphizing no see it's too early. I haven't had my tea yet not on associating the work with the person but talking with the work itself in a respectful Manner and in going through in that only happens because of the strength of relationships because of the professionalism of the people involved but primarily because the leg work done to ensure the teams are working smoothly and I think this is a real problem and Security in general it goes to the isolation.

We talked about at 10 on the show and because security teams at order they should take our security Tom put them on a security team and shove them off to the side that makes it extremely hard for security teams to build strong relationships. You need people who go out of their way on the security team to go.

And create relationships me Taylor's relationship strengthen those relationships in order to have that sort of mutual respect in order to not let things break down and what I see so so often in organizations where the security team is seen as the enemy it's down there going to say no to me and they're seen as a roadblock.

But if you want to make an idea better, you know, you need to collaborate you need to work together people with different Viewpoint in this is what I loved. I got so energized even though I was literally in the same room though. We left a little bit obviously for bile breaks and we we had some food brought in and I was in the same room for almost 8 hours with these folks and we were it was so energizing.

It was so invigorating because we were working for a problem with a shared goal of trying to make it better for our customer for our user and that's a rare thing unfortunate should be there should be happening all the time. So what do you need to make this happen already mentioned relationships lipless review this let's have this is the takeaway.

How do you implement Services? I'm thinking How do you implement a group review? How do you make ideas better? Couple things running through the gate you want to make sure that you're talkin about the idea that you're talking about the merits of the idea or the product of the solution or whatever your building out you're talking about that you're not talking with the people who did the work.

So it's a different if you have a problem with me, you should not have a problem with the work. You should view validate to work on its own merits and people who did the work should not take it personally. If there are things that can be done better or things that should be changing.

That's hard. People are tricky. I know that's tricky for me to do the trick for everybody knew but that needs to be called that you need to talk with the work in isolation not is associated with people or groups. You can't worry about hurting somebody's feeling don't be a jerk about it.

And but you need to talk about the work isolated that leads into the second point you need to be respectful respectful. You need to understand that everybody around that table. If you've done your job well getting the right people to the table everyone around that table has a different set of expertise.

They have a different perspective and they deserve to be heard. And they should be heard and their what they suggest should be again evaluated on its merits not on who it's coming from and I think that the third is willing to put aside your own preconceptions and your own biases and that's really really tricky especially when you're coming from a particular group or particular angle.

I think it's critical to be able to kind of put that to the side and say, okay. What's the bigger picture here? What is the shared goal for the team in this happens a lot in Security reviews for the security people come out in the know you absolutely have to adhere to this implementation and because that's just the way it's done and not that the only way to be secure.

Where is he need to take a step back and look at the bigger picture. You need to understand. Okay. We'll wait a minute sample use yesterday's you you can't ask people to do a new passwords for your service if they're using a bunch of other crappy passwords back there because they're going to get resentful at the better security guess it's better choice to do passphrases.

We need to look at the holistic Angela need to put yourself in somebody else's Shoes and more often than not that's the end user or the customer and you need to understand that the trade-off in this is absolutely critical to the last aspect so and put yourself in their shoes have that perspective.

But the last thing I would say is you need to understand that if somebody needs to have a pain at point in the experience should be internalized not by your customer and I think a lot of people fall down and I go well for an engineering perspective, it's easier if we build this.

Yeah, but that means the customer takes three extra steps every time. Yeah, but it will save us 6 months of development. I'm wrong call always in favor of the customer with very very very few exceptions. This is not like everyone's an above-average driver. I mean very few exceptions of stuff to do these things are very difficult to do but I think if you're aware of them, I think if you're aware of talking with the ID on its merits getting different perspectives in being respectful.

I'm making sure you put the customer first and thinking and and I think you're going to have a successful time and then you could be locked in a room for the most of the day but come out energize have because of that collaboration that shared set of ideals. Everybody working towards a common goal, and it's a rare experience.

That should be a common experience work towards that what do you think? Hit me up at Markin caionline in the comments down below her eyes always by email me at Mark n. CA how do you find collaborating working on promise you get into the Whiteboard together on are you breaking down those barriers? What do you find? The biggest barrier is and let me know as always you only get better by talking about this stuff by working together by collaborating what you're getting with FEMA today's episode.

So, you know, hey double doubling down on that and I hope you're set up for fantastic day. I will talk to you tomorrow. Take care.