Continuing Curiosity: My CES Experience

Kathleen Misunas

I first attended the Consumer Electronics Show (CES) more than 30 years ago and have visited periodically over the intervening years. Rest assured that the creativity and sheer volume of innovation exhibited there never ceases to amaze and impress me. While some of it is developed and showcased by global companies like Samsung and Kohler, the showroom floor is also filled with talent previously working behind the scenes at various brands, or by truly start-up entrepreneurs.

This was the first time that I have viewed the show through the eyes of a corporate director. As I walked more than ten miles through the aisles over the course of CES 2018, I considered the governance implications of what I saw.

To me, one of the benefits of being at CES is being away from daily routines and taking the opportunity to observe and just let your mind cogitate the possibilities. And cogitate I did. In some cases, I wanted to know not only what the product did, but how it was made. In other instances, I wondered how a product could be marketed or sold, what companies would create its competitor products, and what adoption rate was required to make the product financially successful.

So, what did I find exciting? What made the governance wheels in my head turn? Below are a few themes that stood out.

  • Quantum Computers. From a pure technology standpoint, the quantum computer stands out due to its astounding small size yet incredible processing power. Intel, which is one of the leaders of the quantum computing race, kicked the week off by exhibiting its own advancements in engineering one of the most powerful quantum chips yet. The IBM Research group, on the other hand, displayed their quantum computer as a stunning piece of art.
  • Sensors and the Internet of Things. Sensors—which were imbedded in everything from fabrics to headsets, from vehicles to medical products, and in everything else you might imagine would benefit from being connected—continued to impress due to the breadth of their utility.One clever use of sensors was the ShadeCraft patio umbrella whose electronics and robotics allowed it to automatically raise and lower itself based upon current light and weather conditions. This product not only understood sunrise and sunset, but followed the sun throughout the day to properly tilt the umbrella and gauged wind speed or rain to automatically close the umbrella without human intervention. No more worrying about your expensive patio umbrella being turned inside out, upending your table, or taking off as a projectile when you weren’t available to tend it.
  • Autonomous Vehicles. There was an incredible number of offerings around autonomous vehicles. I use the term vehicles instead of cars because the auto-drive implications are also clear for vans, trucks, tractors, forklifts, campers, and other vehicles. Here again the use of sensors was key, and there is no doubt that many of these machines will perform better than the drivers that we currently encounter on the road, human foibles and all.
  • Medical Aids. Regarding other products, I found so many to be interesting. There was an audio system that not only provided a hearing test but progressed to actually construct an ear bud that utilized the results of the hearing test to produce a customized hearing aid. Phenomenal! Anyone who has gone through the rigor of selecting a hearing aid device can appreciate this speedy, streamlined approach, especially when it is at half the price point of today’s offerings.Next, I liked the Gyenno Co., which developed a special spoon that automatically levels its contents to eliminate spilling. This will provide such a caring and practical solution for those with Parkinson’s or other medical issues that have a problem feeding themselves due to tremors.
  • 3D Printing. Another greatly improved invention is 3D printing. Although the method has been around for a while, it is now not limited to plastics or small items. Printers can fabricate in a variety of mediums and to great scale. For example, there was a camper-type van displayed on the showroom floor that was created by 3D printing. It was produced quickly and at much less expense than a traditional van. It is easy to extrapolate the utility of 3D printing to assist various businesses since it permits specialty solutions that previously did not have the volume to be economically feasible from the producer’s perspective, and were not affordable from the buyer’s standpoint.
  • Odds and Ends. Three fun offerings were related to beer, fingernails, and laundry. Although I am not a beer drinker, the PicoBrew easily allows making craft beers at home and would be a hit with many of my friends. And I know those who would like the fingernail machine that can use any photos to create vinyl nails for application at home. Finally I’ll introduce the FoldiMate, a device that folds your laundry when you feed it into the machine. It could be the next best thing since sliced bread for the lazy among us.

It is worth noting that one of the great joys of CES is that everyone is welcome, and that the exhibitors and subject matter experts arrive from many countries. CES makes clear that the desire to innovate transcends borders and creeds, and that the glue holding this incredible meeting together is not so-called “geekiness,” but a superior level of creativity, intellectual curiosity, and desire for business success—and, perhaps above all, the desire by many to improve living conditions around the world.

I’ll close by saying everyone should attend this show once their life time. As a director, I suggest setting the goal of attending every three to five years. CES presents a soup-to-nuts view of developments in products and technology that consumers will anticipate. Even if you are not affiliated with what is considered a consumer business, you do serve customers that will continue to expect innovation. As I absorbed the week’s events and considered the possibilities around every corner, CES opened my mind about what could or should be considered in the boardroom related to strategy and risk. It was well worth my time, and would be for you, too.

Kathleen Misunas is a director of Boingo Wireless and Tech Data Corp., two publicly-traded technology companies. 

Want to learn more about NACD’s CES Experience? Explore dispatches from the event here

Career Partners International Launches Breakthrough Job Search Platform: PowerMyCareer™

Career Partners International (CPI) has released the latest in technology advances to its job seekers and is proud to announce PowerMyCareer™, CPI’s proprietary digital Outplacement system. Combining cutting-edge programs, state-of-the-art technology, and interactive content, Career Partners International prepares Outplacement candidates for the future.

PowerMyCareer™ provides personalized job-matching and job leads, highly competitive and differentiated resumes and CVs, individualized social media marketing plans, and interactive interview training. This system is available in 16 languages for a uniform delivery system across the globe, including over 30 Quick-Talk learning videos on all steps of the job search process.

Career Partners International’s Outplacement candidates develop peer networks and communicate with career experts, while staying current with the latest news and trends in the employment marketplace. PowerMyCareer™ is accessible by any mobile or other web-enabled device and is flexible to accommodate participants’ preferences in their career transition experience.

The PowerMyCareer™ system also includes incredible tools to help individuals attain high quality job offers faster.  These tools include:

  • PowerMyResumeCV™ – allows participants to create competitive resumes, CVs and online interactive portfolios while leveraging social networks and tracking performance
  • PowerMyJobSearch™ – analyzes and aligns resumes and CVs to job descriptions, optimizing keywords for better resume performance on Applicant Tracking Systems (ATS)
  • PowerMyInterview™ – provides interactive interview training utilizing real-time video technology and professional coaching feedback

With its high-tech and high-touch approach, Career Partners International achieves one of the strongest landing rates in the Outplacement industry for its job-search candidates. “Client companies can depend on Career Partners International for their employees’ quick and seamless transition into the marketplace with equal or better placement” said Doug Matthews, President and CEO of Career Partners International.

The post Career Partners International Launches Breakthrough Job Search Platform: PowerMyCareer™ appeared first on CPIWorld.

The Power of Principles

Peter R. Gleason

An old boardroom adage is that directors must be “proactive,” rather than “reactive.” But what does this mean? When disruptive events occur, boards need to respond to them—so isn’t this reaction? I believe that board action must be based on principles, which I define (with Merriam-Webster) as a “moral rule or belief that helps us know what is right and wrong and that influences our actions.”  A board’s response is reactive if directors focus mainly on an event; it is proactive if it stems from their values.

Principles Matter

Principles can make a positive difference in the destinies of enterprises that embrace them. That is why NACD is in the principles business, so to speak. Every year since our first Blue Ribbon Commission gathered to discuss executive compensation a quarter century ago, we have been asserting general concepts that have had a measurable impact on boards. As this past research blog explains, many of our Blue Ribbon Commission reports and the principles they advocate have had a measurable influence on board practices. We know this by comparing the recommendations of our reports, and subsequent changes in practices as measured by our surveys.

And the good news is that a principles-based approach to governance can improve corporate financial performance. While many governance researchers have tried and failed to show a correlation between specific governance practices and financial performance, performance does seem correlated to an overall principles-based approach. Following the introduction in various countries around the world of principles-based governance (e.g., comply or explain stock listing standards), there have been improvements in financial performance. Studies in many jurisdictions, including AustriaCanadaKenyaNew Zealand, demonstrate the evidence.

Principles can also forge consensus. When you boil things down to basic principles, the three main actors on the governance stage—management, shareholders, and directors (the three sides of the so-called governance triangle)—think remarkably alike. Governance pioneer Ira M. Millstein noted this ten years ago in an NACD board discussion. When Ira speaks, boards listen. He was the original author of the first governance guidelines at General Motors Co., and, with Holly Gregory, a drafter of the original OECD Principles of Corporate Governance, another powerful guide to board work.

The NACD board responded to Ira’s idea by urging us to undertake what became the original Key Agreed Principles, which presented all known areas of agreement in principles published by the Business Roundtable, the Council of Institutional Investors, the International Corporate Governance Network, and NACD. NACD principles at the time numbered in the hundreds; they resided in the many Blue Ribbon Commission reports we had published on various governance subjects.

Other Notable Principles Documents

Since then, the Key Agreed Principles document has remained relevant to many boards.  We have seen these Key Agreed Principles affect positive change in many areas, and we have seen other groups seek a principles-based approach to their activities.

In 2015, the Global Network of Director Institutes (GNDI), a group cofounded by NACD, developed and released Guiding Principles of Good Governance intended to be useful for the some 100,000 directors around the globe who belong to the institutes comprising GNDI. Another notable example is the set of “Commonsense Principles”document released in 2016 by a group of major company CEOs and leading institutional investors. In 2017, the Investor Stewardship Group released Principles: Stewardship Framework for Institutional Investors.

In the future, in consideration of the new blueprints from these other groups, as well as developments at NACD itself, we will release a new edition of the Key Agreed Principles. To do so, we will once again compare the principles currently advocated by the original signatories.

Why Principles?

Why keep the Principles document going? I believe that when directors apply sets of principles, rather than a hodgepodge of arbitrary rules, they can engage their minds and wills for action. Some principles in corporate governance prove so true that they operate as powerfully as first principles in science, determining outcomes. It may well have been principles that created our very nation. After all, Thomas Paine noted that “An army of principles can penetrate where an army of soldiers cannot.”

With good principles at hand, boards are always ready to respond to the next crisis, and to prevail with strength and wisdom. We trust that the power of principles will continue to animate corporate governance—and improve firm performance—in the years to come.

Spotlight on Engaging a Global Workforce

Collaboration, agility, transparency, innovation and productivity are the five key challenges facing global companies over the next five years, according to data based on more than five million employees worldwide by global management consultancy Hay Group. However, the research also found that engagement and enablement levels in many global businesses remain a key area of concern.

The business environment is changing rapidly and operating across a number of global locations – including emerging markets – is now ‘the norm’.  However, global operations can introduce a host of additional challenges, concerns and issues when it comes to engaging an organization’s most important asset – its people.   The Hay Group research goes onto confirm that “Firms rated highest for engaging and enabling their staff achieve four and a half times the revenue growth of their lowest scoring counterparts and see up to 54% improvement on staff retention”. These statistics demonstrate just how important a consistent level of engagement is to sustaining performance across the globe.

Challenges for HR can be seen across all stages of the employee life-cycle and include cultural differences, attracting and retaining the right talent and communication issues.  Using an external provider with extensive global expertise and a unified and cohesive approach can alleviate many of these issues and ensure the right, culturally appropriate support for all parties. Situations that can most benefit from globally consistent external support may include:

ONBOARDING

Attracting and retaining the right talent is a challenge the world over.  It’s widely acknowledged that getting onboarding ‘right’ can reap rewards in terms of staff engagement and retention.  New employees form opinions about your organisation through their early experiences – this determines and drives their loyalty and motivation to stay.  An effective onboarding program sets a strong foundation for developing and retaining a happy, productive workforce.

The positive impacts on productivity, employer reputation, staff retention and commercial success are all significant benefits of providing tailored onboarding support and remain the same regardless of where your employees are based.

Just some of the areas of support that may be beneficial include:

  • Candidate Referencing
  • Assessment and Testing
  • Executive Onboarding
  • First 90 days support

DEVELOPMENT

Forward-thinking organisations recognize the value in developing not only their leaders, but employees at all levels. Often, the development of staff within central locations or headquarters is well structured, but those working in other locations or peripatetically are ‘left to their own devices’. A structured career plan and regular career conversations which reinforce global messages are key contributors to engagement and retention and can also help to fill any talent and future leadership gaps.

Support may include:

  • Individual and Group Coaching
  • Leadership Team Development
  • Coaching the Coach
  • Board Facilitation
  • Critical Career Stage programs

CHANGE

Organizational change is a given in today’s volatile, uncertain, complex and ambiguous (VUCA) environment and research suggests that less than 60% of change initiatives succeed. Reasons for failure vary but, typically, they have one thing in common – a focus on the change process rather than the people affected.

By properly managing and supporting both leaders and individuals across all locations and countries,  you can build confidence in the change and help to maximize productivity both during and after the event.

Communication across global sites can be a real challenge at this time – relying on changes to be communicated remotely is often a recipe for disaster. When working with team members who have different native tongues, it’s common for key messages to get lost in translation and for rumors to take over. The globally connected environment in which we all operate means that a message delivered in one country can quickly reach a population in another without any of the relevant context. Fully integrated, global yet personally tailored communication can enhance engagement, resilience, behavior and morale resulting in a better outcome for all.

Support may include:

  • Talent Retention strategies
  • Embedding change
  • Leading teams through change
  • Increasing Resilience
  • Supporting personal transition

OUTPLACEMENT

When consolidations, downsizing, mergers and acquisitions affect your workforce, emotions can run high. However, with the right support, it can lead to a positive outcome for all involved. Good employers want to fully support their employees to move on positively and with confidence to new opportunities as well as minimize business risk in terms of brand reputation and staff morale.

For global staff reductions an outplacement provider who can support a globally consistent approach whilst ensuring in depth local market expertise can prove invaluable.  An understanding of the local job market and local opportunities, as well as offering access to international career options and more varied career paths, is essential to a successful outcome.  Advice around available benefits, taxation, routes to volunteering and retirement options on a country by country basis can make all the difference to affected employees.

Support may include:

  • Individual and group outplacement
  • Skills development
  • Line manager support

 

This article was featured on HR Grapevine Magazine.

The post Spotlight on Engaging a Global Workforce appeared first on CPIWorld.

Risks Illustrate Imperative to Balance Corporate Ambition with Resilience

Richard Smith-Bingham

A positive outlook for the global economy notwithstanding, the operating and investment risk for companies in today’s global environment should not be underestimated. Building resilience against a wide and expanding array of potential shocks will be required for sustainable success.

For corporate directors, this is a time for challenging institutional assumptions — and recognizing not just that new risks are appearing on the horizon but that operational risks may become strategic ones, known risks may become unknown, controllable risks may become uncontrollable, and risks assumed to be acceptable may acquire “fat tails.”

The newly released Global Risks Report, prepared by the World Economic Forum with the support of Marsh & McLennan Companies and other partners, evaluates the major threats facing the world over the next decade and provides a rich context to help organizations chart an aggressive growth strategy.

The risk landscape is shifting.

This year’s survey revealed deep pessimism about the direction of international relations. Ninety-three percent of survey respondents from across the global risk community expect that political and economic confrontations between major powers will increase in 2018. There were high levels of concern about an increase in state-on-state conflicts that may draw in other countries. Western respondents also highlighted growing concern about economic protectionism.

Technological risks are seen as a rising global threat. Business leaders in advanced economies consider large cyber attacks to be the number-one risk for doing business in their respective countries, and respondents in most parts of the world anticipate these attacks will get worse in 2018. Societal risk emanating from the increase in media echo chambers and fake news is also expected to grow.

On a longer-term horizon, environmental risks ranked highest in both likelihood and impact. Extreme weather and failure to adapt to climate change showed the greatest leap in concern since last year’s report, perhaps reflecting the hurricanes, earthquakes, and wildfires suffered during September when the survey was open. However, even before the devastating events of 2017, apprehension in this area was strongly reflected in this survey.

Companies are increasingly vulnerable to shocks and disruption.

Positive growth in recent months shouldn’t blind businesses to potential economic fragilities. The debt-to-equity ratio of the median S&P 1500 company (excluding financials) has almost doubled since 2010 and is now well above pre-financial crisis levels. Asset prices in some sectors are at historically high levels. Global debt has risen to a record $233 trillion, and at 318 percent, the global debt to GDP ratio remains near its all-time high.

Persistent low commodity prices continue to rattle exporter countries and their neighbors, which presents political and societal implications. Structural issues such as income inequality, rising health care costs, and diminishing long-term retirement security also show little sign of being resolved.

Against this backdrop, how will investor and corporate confidence fare in the event of a major geopolitical altercation, an aggravated trade stand-off, or a technological catastrophe—none of which are implausible?

A Business Lens

Corporate lifespans are dramatically shortening. The average time companies spend in the S&P 500 index has already decreased from approximately 60 years in the 1950s to 12 years today. The velocity of change in the current environment, creating both new opportunities and new threats, will likely drive this lifecycle down even further. The pressure to define and execute a strategy with both bold ambition and resilience against major shocks has never been higher.

It’s imperative for board members to ensure their company’s leadership makes every effort to reconcile growth and innovation opportunities with risk and security considerations, while rigorously assessing the value of potential initiatives in a wide range of scenarios. A dual focus on prevention and response—given the increased velocity of new and unpredictable risks—is needed.

As our recent paper on Getting Practical with Emerging Risks notes, clarity on the sorts of intelligence expected and opportunities for the board to discuss weak signals will help achieve a cohesive approach to sense-making and alignment with senior management on the way ahead. Boards that engage with complex uncertainties will be best positioned to help their firms negotiate today’s dynamic risk environment laden with potential shocks and disruption.

Richard Smith-Bingham is a director in Marsh & McLennan Companies’ Global Risk Center and leads MMC’s thinking on the evolving macro-level risk landscape and how companies and governments can best anticipate and negotiate rising threats. 

Career Partners International (CPI) Elects Terry Gillis as Vice-Chair of the Board of Directors

Career Partners International (CPI), a leading global provider of Outplacement, Career Management, Executive Coaching and Leadership Development services, has elected Terry Gillis as Vice-Chair of the Board of Directors. Terry will work closely with the Board Chairman, Larry Fisher, as CPI continues to grow at a strong pace.

Terry possesses an entrepreneurial spirit that fostered the growth of a small consulting firm into London, Ontario’s most trusted human resource and talent management company, Carswell Partners, where he is now President and Managing Partner.

With a passion for seeing people and organizations succeed together, Terry’s expertise is in improving organizational culture, developing leadership, and increasing employee engagement. This passion coupled with solid business acumen and rigorous academic training drives Carswell Partners and Career Partners International to leverage only the most recent validated scientific findings to inform the processes used to drive performance and decrease risk in organizations through their people.

Terry is a member of the part-time faculty at Wilfrid Laurier’s Lazaridis School of Business in Waterloo where he teaches human resources to MBA and undergraduate students.  He is an active volunteer in the community including a member of the board of directors of Youth Opportunities Unlimited.  He is also actively involved in Career Partners International as Chair of the Partner Recruitment & Accountability Committee.

“Terry Gillis is an integral part of the Board of Directors and Career Partners International,” says Doug Matthews, President & CEO of Career Partners International. “He is fully committed to ensuring that Career Partners International protects its reputation as the highest quality service provider for the clients and participants we serve.”

Career Partners International’s global network of offices and experts guarantees excellent, personalized services with cutting-edge technology whether in a local market or cross-continent business to improve engagement of your employees that yields impressive business results and reduces unwanted attrition.

The post Career Partners International (CPI) Elects Terry Gillis as Vice-Chair of the Board of Directors appeared first on CPIWorld.

Ask Your Security Team These Questions in 2018

Corey E. Thomas

As a society, we must address cyber-risks from every angle: every technology or Internet user must be educated so they can better secure themselves. As business leaders, we bear this responsibility not only for ourselves, but also for our teams, colleagues, and organizations.

To help get you started, here are some questions I recommend you ask your head of security. I also highly recommend that, regardless of your role on the board, you get to know your security team. Help them understand how board-level oversight of risks works, and meet them with an open, inquisitive mind so they can educate you on security concerns and implications.

1. Does the security team have a full, well-informed view of the organization’s security posture?

One of the most fundamental challenges organizations face when it comes to security is getting full visibility of the technology assets being used across the organization and their associated risks.

You can’t defend something if you don’t know that you have it. Finding that one key weakness that provides the perfect opportunity for an attacker can be like finding a needle in a haystack.

It can also be challenging for security professionals to cut through the noise in the security industry to focus on the most relevant core threats. Doing so will enable them to focus their time, resources, and investments in areas that will have maximum impact for your organization.

Here are some additional questions you can ask:

  • Which threats are most relevant to the company, and which assets are most vulnerable, and which are most likely to be targets? Ask the security team to explain their answers.
  • Does the security team share threat information with security teams at other organizations of a similar profile?
  • Does the security team have full visibility and control of our entire technology environment, including assets we lease rather than own? Does the team have a detailed inventory of key assets, who is using them and how, and what known risks relate to them?
  • Is the security team part of the procurement process for all technology products and services? Do they vet technology vendors on the security of their products or services? Do they investigate the vendor’s practices for reporting and patching vulnerabilities?
  • Does the security team know who has access to what applications and services? Have they locked access down as far as possible, so people only have the privileges needed to perform their day-to-day role?

2. Is our organization resilient to attack?

Companies are under attack daily, either from automated, internet-wide attacks, or from more targeted and determined attacks. It is important to ask your security team questions about the security measures they have in place to reduce the likelihood and impact of a breach. There is no such thing as a silver bullet or impenetrable force field that will perfectly protect your organization. The key is to ensure your organization is taking a multi-faceted, layered approach that leverages technology, people, processes, and policies together for maximum effect. Your security team should be focusing their limited resources on actions that most reduce the risk associated with the greatest threats to your organization.

Take this opportunity to have your head of security explain why they made the trade-offs they did, and how those decisions could impact the business. Make sure they are aligning their decision making with overall organizational goals, compliance requirements, and real technical risks.

  • Is all company and customer data encrypted at rest and in transit? If not, which data is being encrypted and when?
  • Has the security team segmented the company’s networks to reduce an attacker’s ability to move through the network and reach valuable assets?
  • Does your organization regularly back everything up to reduce susceptibility to ransomware attacks? Do you run regular backup and restore drills?
  • Do you know how susceptible our employees are to phishing? Are you investing in education programs to raise security awareness?
  • Do you have multi-factor authentication in place on all of our technical services and applications?
  • Does the organization have cyber insurance to help it recoup any costs of a security incident? Which scenarios or factors are not covered by the insurance?

3. Is the security team confident it can detect and respond quickly to security incidents?

According to the 2017 M-Trends report, it takes an average of 99 days for organizations to discover attackers in their networks. The longer an attack goes undiscovered, the greater the likely harm will be, so it is critical that your organization is able to detect and respond to security incidents quickly. Full visibility across all technical assets, properly stored and analyzed logs, and sufficient manpower to investigate alerts in a timely manner are all essential ingredients for quickly detecting security incidents.

A properly coordinated response will likely involve representatives across the business, so it is important that your board and security team understand what roles each department plays in a response.

Some relevant questions include:

  • Does the security team map normal behavior (both for human users and machine entities) on the network? Are they able to detect anomalous behavior?
  • Is the security team able to investigate and verify alerts quickly? Do they have sufficient resources committed to monitoring systems that alert suspicious activity?
  • How quickly could the security team investigate a potential breach or determine which technology assets and users may have been compromised? Does the security team have sufficient visibility across all technical assets to investigate fully? Does the security team log any information that would be needed to investigate a security incident?

Does the company have an incident response plan in place, with roles clearly defined and understood across the organization (including legal, finance, communications, IT, customer support/engagement etc.)? When was the last time the company ran an exercise to test its preparedness and response? Who is responsible for driving this initiative in the organization?

4. How do you measure the effectiveness of our cybersecurity program and initiatives?

Testing and verifying the effectiveness of your security program and initiatives is part of many industry cybersecurity compliance requirements. It also a pragmatic measure that helps your organization understand where it needs to make investments, and how resilient it really is to attack. A key part of this review is engaging security professionals to penetrate the company’s infrastructure to test for vulnerabilities. This will help you understand the efficacy of your defenses, hopefully uncover the opportunities attackers may spot, and investigate the potential outcomes of an attack.

Some questions to ask your security team include:

  • Is the security team proud of the company’s patching program? Do they feel adequately supported by the IT team in their efforts?
  • Who is responsible in the organization for initiating testing of organization-wide breach readiness?
  • How frequently does the security team test the company’s defenses for effectiveness? Do they hire external security consultants to try to penetrate the network and facilities?
  • Is the security team able to track progress over time?
  • Does the security team have a view of the maturity of its program? Is there a clear roadmap for future progress?
  • What measures has the security team taken in the past six months to improve security posture? What results have they seen? How will they adjust the program moving forward?

5. Do political or financial considerations impact your ability to protect the organization effectively?

It’s the reality of every business that budgets and other resources are not limitless. Investment must be proportionate to the business growth and context. However, it is also worryingly easy to overlook financial or political constraints that can hamstring your security program. You do not want to become aware of fixable limits on the security program at the point that you are reeling from a security incident.

The challenges of internal politics may also hold your security program back and expose your business to unnecessary risk. Investigate the structure of your security organization, its reporting line, and its standing with key partner departments in the business such as IT, engineering, and legal.

Investigate any barriers that are limiting the effectiveness of the security program now, discuss them in an open environment with the organization’s leadership, and make informed decisions on how to move forward based on a realistic view of your organization’s risk tolerance and budget.

  • Are there any budgetary or political roadblocks to implementing foundational security controls?
  • Does the security team have adequate headcount and resources? How is the answer to this question determined? If not, in which areas are we below critical mass?
  • Does the head of security have the opportunity to be heard among the most senior executives in the organization?
  • Do the business leaders across the company truly understand the potential costs and implications of the business of being breached? Do they discuss risk tolerance and prioritization payoffs in an open, strategic way? Do they build resilience plans based on these discussions?
  • Is security considered an audit function, or does the organization strive to build security into its products, services, and operations by design?

Security is complex, constantly evolving, and often unfortunately viewed as a drain on the business. Yet the benefit and necessity should be clear: having an effective and well-managed security program is key to minimizing risk and building resilience for your organization. Every part of the organization must play a role in this, and must understand the security priorities for the organization—and that responsibility extends to the boardroom.

Corey Thomas is CEO, president, and a member of the board of Rapid7.