3 Steps to Fix your Culture Today

thank you love coming to besides Augustus so much today even looking forward to this already got the dates for next year's on my calendar but let me take you back in time just a little bit year was 2015. year was 2015. and this idea of what is it going to look like to go start to work at a new company and to talk about this idea of what are three things that you can do to fix your culture today and if we have time I've actually got four things we'll see how this goes for this topic but as I think about what does culture actually mean well we can look at the dictionary we can figure that out and try to understand that a little bit better and maybe it can give us a better vocabulary a little bit better language to understand when I talk about culture what does that look like but I remember back when click let me 2015 I was recruited to go be the Chief Information Security Officer at the Federal Reserve Bank of Atlanta you've heard of them their names on the money that we spend and go do things and I had a great job before that I knew the culture I'd worked there for a while I knew how things kind of played out there how did things work there but as they asked me to consider going to work literally right there I had a bunch of questions sure I wanted to know about compensation that's important benefits yep insurance you have family and kids that need well whatever we need help with but if you were to go back to the HR recruiter that recruited me for over a year to go there and you were to like somehow Place him right here and you were to ask the question what's the number one question Russell asked before making that job decision it was around well that were from the previous lab the culture what's it like to be there well I like being there well they like me being there and those are legit questions I want to know that those of you who's changed jobs and you're like how do I know what it's like here but what about there and honestly the only way I could find out was when I go to my previous boss and I say hey boss I think I'm going to go work there instead but what I cared the most about was the culture was I going to like to be there how could I understand that what are some questions I could ask to help me put myself in a position before it was too late to know that perhaps I did a bunch of things say I knew about I had to take two classes in economics in college so surely I knew how a bank worked but how an organization like that operates the things that are important to them was something that was kind of tricky to me so what I want to do is walk through three steps if we had extra time a bonus step to help you understand the language some things that you can do to make a better culture where you're at right now so some of those steps these ideas things that you can do to fix your culture today so the first one is maybe a little bit non-technical but maybe a little bit of a surprise afternoon at security besides Augusta can you believe it's like the 10th year 10th time they haven't I can't even believe it but this idea of an elevator speech so if you heard of you've seen you've maybe studied or even practiced an elevator speech before any heads nodding any hints of it yeah so the premise is this idea let's just imagine this pretend scenario where in this pretend scenario an executive is a ball someone with an important title uh gets on the elevator and kind of awkward it's like I don't know what to say do I even get to talk to them or not and actually some executive elevators actually like when the executives gets on it it just goes like straight up to their floor because they're important to things like that but if the awkwardness Fades and someone who might be your boss's bosses bosses boss's boss looks at you and says what do you do here what do you say what are the pardon what do you say little is possible because you don't want to get fired because it's your boss's boss and you wow I see you on TV but I don't really like see you like up in my space how do we think about ways to communicate what's going on the things that are the most important we're kind of Trapped and so initially maybe nervously we'll say well I I do cyber things I block the bad people the apts I say some acronyms I talk about packets I talk about blocking and attacking and red teaming and blue teaming and all the things that we could talk about when it's just us but what about the not us what about the leaders the decision makers those who names might actually be on our paycheck they don't come to besides they don't go to classes they don't learn things and spend time in our Echo chamber hmm so while we do the blue team and we do the red teams and we do all the things that we do GRC all the things that we do those are important when someone who's not at besides Augusta ask what are the things that we do is there a better way and this is not taking away from the security things that we do the risk that we treat the problems that we solve the servers that we patch and the applications that we paint is it's not taken away from any of those things at all but what if we spoke in a language where that executive that leader that boss could understand it a little bit better so the first hack for ways to change the culture foreign has a different approach what if we decided to not just be Technical and cyber and all the things we do what if we decided that we wanted to learn how to speak another language does anyone else speak more than one language anyone bilingual what languages do you speak Spanish English clearly and Spanish you bilingual what if someone in the back raised their hand yes sir little German and English now how to take your word on both of those but you have that skill you have that ability if you had to or maybe you do a lot able to speak another language so what I want to do in this hack here is to help you speak another language like a Russell how do you do that I don't have an app there's not a Duolingo how can we speak another language what if we speak not Spanish not German and all the other languages that you know and speak but what if we learn how to speak the language of business what if we became bilingual and were able to speak the language of business and one way to do that is to maybe spend a bit of time on your company's website or your internet site and kind of look at the mission I've worked at a lot of places that just means I'm old I've done a lot of things old I've never worked at a place that existed because of cyber like that's not the reason that's not the mission We Exist because of cyber there could be places like that I've not worked at places like that so let's try this exercise let's just pretend I had the authority and made all of us here as CSO of a company named Ted like you've probably seen her maybe one of you is given a TED talk before it's kind of like on my goal list one of the days I want to be able to do that but let's just pretend right now that we become all Chief information security officers of the company whose name is they're on the screen does anybody know what the mission statement the reason why the company Ted exists it's just two words just two words a lot of missions tape was like a bunch of words a bunch of things and had like a long t-shirt to put all the words on there but Ted the company two words to spread ideas the reason Ted the company exists is to spread ideas so those of you who've watched a TED talk before what do you think did they do a good job or a bad job at achieving the mission see a couple of Thumbs Up couple nods are they spreading ideas it seems like they do a good job of spreading ideas so if somehow Us in this job I just gave us isn't it cool we're all csos of the same company uh Ted the company and we were on an elevator if they have elevators at Ted and an executive who's in charge of and running Ted instead of responding to cyber things and apt things and blue teams and red teams and pin tests and GRC and all the things that we do that are important what if we said hi I'm Russell I'm the Chief Information Security Officer and what do I do here just two words I spread ideas so what is the mission the how might be blue team the how might be preparing for the next board briefing or the next audit that's coming or the the next thing that needs to happen in my specific role but in speaking the language of business it might just be a good idea I believe it's a good idea I found it to be a good idea to help people that understand how to run and operate businesses to connect what I'm doing and what you're doing and what all of us are doing on a daily basis without making them go learn cyber or get a degree or get a certification in our chosen field so what would it look like if we tried a better way for our elevator speech of I spread ideas now picked Ted because Ted's a company we've probably heard of we looked at their talks and thinking about that this idea of how we might be able to do that still being respectful of the things that we know the teams that we might be privileged to lead even if we're just leading ourselves how can we make it be easier for folks to understand the why behind the what of what we have done so what could be the wisdom in this first step might be what if you looked at your job descriptions what if you look at your mission statement what if you said you know what my homework if I don't have the power but if you were to like write down I'm going to go figure out the mission of my company and make it easier to communicate why you're doing the things that you're doing and how it connects how you're being bilingual speaking cyber and speaking business what if your job description had something about that like if it we worked at Ted if somehow maybe it led off with I'm going to do these cyber things because Ted the company exists because two words they want to spread ideas what if your job annual performance review like when you have that uncomfortable conversation with your boss Your Leader your manager your supervisor at the end of the year where they kind of evaluate how'd you do and for a lot of us the percentage of your annual bonus or your raise or your incentives or whatever financial compensation depends on how well we did our job what if we were incentivized to help people see how the things that we're doing help at Ted the company better spread ideas what if it we were rewarded or compensated or incented in some way to help us communicate and do that there at Ted the company how did I help how did you help how did we help spread ideas and this totally made up real world example now if you choose to do this I believe that this will only cost you time and not cost you any money at all if you spread ideas so the wisdom of the step could be if you wanted to be clear for helping people who don't do what we do people understand what US people do perhaps using that language could be helpful there so again this idea we could fix or modify or also or copy paste the words from our company's Mission and say here's what I do maybe it's a small teeny tiny contribution to help show what you're doing and how it fits into larger plans of your respective organization and again not taking away from anything all the things that you and the teams that you lead and things that you've done and it's not taking away or minimizing that at all it's leading with a language it's leading with a vocabulary that your leaders can ideally better understand so step two uh non-tech non-cyber way to fix your culture today is to do what I call a calendar audit so raise your hand if your calendars look like my calendar before yeah how many what's the most number of meetings you've had at the same time on your calendar anybody had two two three 97 meetings at the same okay so clearly you win I I was thinking like two three four five ninety seven wow 97 things so I thought I had problems wow that's uh that's impressive what I found is it's very easy to be busy like it you don't do anything you can be busy like very very easy meetings come in you get on committees you get on work streams you get on work groups your calendar can look like this or worse without having to do a whole lot of work it's really easy to be busy what's hard is to work on things that matter the most when I was at I was a CIO and CIO so at the Atlanta fed at the beginning of the year my boss the second in command gave me a list of things he said to me here's the things that you're going to do get done through others all the things you're going to do and you've got some portion of the year to get that done and I've been around I've been working long enough to know that at the end of the year that same boss would evaluate how well did I do the things that he in that case told me to do and I thought you know how could I position myself for success I decided what I didn't want to do is have a conversation with my boss that says hey you might not have done the math you might not have looked at my calendar but I just want you to know at the end of the year this whole year my highlight for my years I went to four thousand three hundred and twenty one meetings isn't that why you hired me that you wanted me to go to those meetings because I didn't have to do anything I just had to click keep on clicking the accept button yep yep yep yep yep yep and if I did nothing I was going to be set up for failure instead of set up for success so I thought hmm I've got attention I want to go to the meetings I want to maybe see some colleagues or get an update on a status but if not careful and honestly if you're not careful you're not going to be set up for success at all you're not going to be set up for success I want to get some stuff done GSD I want to be able to get stuff done how can I get stuff done hmm so when I was privileged to be there the CIO of the fed the Atlanta fed called everyone together I only did that occasionally everyone again everyone else privileged to lead okay hey I want to give you permission let's try and experiment and this experiment was every time you get a new meeting invite hey come to this meeting we'll meet every Wednesday at noon for whatever important reason is there if there's not an agenda you have my permission to say no and there's like gasp in the room huh wait you can do that you can say no I thought there was just a click the accept to move on because I got emails coming in all the time and wait you can do that and I said yes and to make it better you can click no and you can blame me like if you want to type my boss told me that I could say no blame me I'm totally okay with it now the neat thing was I didn't go to my boss and say hey boss I want to do this experiment for hundreds of folks I was privileged to lead but instead I kind of just did it well it was fascinating was my never got in trouble and once every few weeks someone I was privileged to leave they come up to me and smile really big I got some time back I'm actually getting some work done and my work is not going to all those millions and millions of meetings and somehow progress continued to happen and for folks some of the folks who are like I'm not sure I believe you and all these things I said well hey maybe you can reply tentative there's another button that may be not used as all when and your meeting invites come through I get a tentative me and what is it that you need from me how specifically do you looking for my contribution at this meeting before I go in and say yes I'll go and contribute in this way because of having that clarity and another hack if you use iCal on the Mac which what I've got or maybe use Microsoft Outlook when you set up a meeting what time does meeting always start it kind of starts at the top of the hour and the default meeting typically is an hour long so you're like wow that's a very expensive I've got an idea so if you if you could help me with this idea we can go in business we go on Shark Tank we can be rich I've got this idea that when you click on a meeting it says I want to invite all these people and you just imagine that everyone makes a hundred dollars an hour and I know not everyone does but if you for math purposes 10 people times 100 an hour there's a financial cost of the meeting and before you can click Send if there was a little pop-up window and nobody likes pop-up windows but if a pop-up window came up and said here's the expense of this meeting are you sure you're gonna pinky swear that you're going to expect to get that much value out of the meeting before you click Send it seems like financially There's an opportunity let me know my contact information is coming up at the end I think we can do a lot of good but what if before you make that and we go on to Shark Tank and make a lot of money what if you did a little hack what if you introduced a constraint that says you know what if I have back to back to back to back to back meetings or Bunches of meetings I literally can't go from one building to another from one office to another unless I introduce a constraint hmm what would it look like to have the constraint of being able to have a little bit less time stand out and actually get some other stuff done and my anti-meeting do I just hate me some meetings are necessary some are important I'm not saying don't ever have a meeting I'm thinking of from a financial stewardship perspective as a way to stand out so a lot of folks aren't doing things like this we'd have the opportunity to be really good stewards when I was commuting traffic in Atlanta is just terrible terrible terrible live 25 miles away from the office which means about an hour in each Direction sometimes even more something I decided I would do is what are three things that only I as the leader could do that's not saying I'm better not saying none of those things it's just saying some things if I didn't do them they just didn't get done maybe approving someone's promotion letting them go to training whatever it might be but this idea of assigning myself some things to hold myself responsible for the the duties that I had and then on the way home thing number one thing number two things on the occasion where I did all three I would like really be happy with myself and say that's awesome great great great it's good to do that but this idea of how can I look for ways and look for things that only I could do to recognize that some things just required that to be done and so the wisdom to that is it's really easy like super easy to be busy it's really hard it's very difficult to say what are the things that matter the most what are some of the things that only I and you and we can do and how can we intentionally focus on just doing those things before doing other things what are some things that only we can do so thing number three lesson number three is and ways to fix your culture today think about this idea of free fuel free fuel so we all care about the environment in fact I rented a car to drive from Atlanta to here uh and it's actually a hybrid I've never driven a hybrid until like right now I thought oh this is kind of neat it's kind of like driving a golf cart but not uh very entertaining I'm like maybe we should have one of these so we care about that because we care about the world and our environment and the place that we live and we worry about this quite a bit and we think eventually you know the cost the expense of putting fuel in our vehicles like that really adds up thinking is there a way to think about that and how we lead and how we show up what if we talked about not battery power cars and hybrid power cars and gasoline or diesel powered cars but what have we thought about fuel a little bit differently any fans of Disney besides me a couple of you yeah so the former EVP of Disney Lee Cockrell wrote this book in his book he talked about this concept of what would it look like to burn f