Developing your team through coaching

We discussed improving team productivity previously. I received a few comments regarding this topic, which I decided to address here. I would like to cover the question of developing your team members through coaching.

I remember attending a workshop once, where the participants were divided into two teams and were presented with a rather peculiar exercise. The facilitator announced that the goal of this competition was to use newspaper and tape to construct a giraffe. The teams would be judged on the height of the animal: the team who will manage to build the tallest one wins.

teamwork and securtiy - exercise as a distraction

There are many variations of this exercise, but they all boil down to the same principle. The real aim is to understand how people work together. How they plan, assign roles and responsibilities, execute the task, etc.

In the end, everyone had a chance to discuss the experience. Participants were also presented with feedback on their performance. But can people’s performance be improved? And if yes, what could have been done in order to achieve positive and lasting change?

The answer to these questions can be found in coaching.

Coaching is all about engaging people in an authentic way. Yes, there might different opinions on the same problem, which doesn’t necessarily mean that there is only one universal truth. How much do you appreciate and respect what other people think?

Coaching, however, is not about knowing all the answers, but about listening, empathising and understanding others. Here are some example questions you can use:

  • What is happening in your life and career?
  • What’s going well?
  • Where do you want to be?
  • What do you need to do to get there?
  • What is the first step you would take today?

IMG_2039

The last thought I would like to mention here is about giving people time to reflect. Some silent and alone time can yield unexpected results. Our brain is bombarded with enormous amounts of information on a daily basis. Finding time to quiet your mind and slow down can help you to listen to your inner voice of intuition.  This can help you come up with innovative solutions to seemingly unsolvable problems.


Project Planning

What is the difference between two photos below?

fog and planning 2fog and planning

Yes, you are right – without the mist we can see the building more clearly. Something similar is happening with our projects: early in the initiation stage, there is a lot of uncertainty. It is really hard to estimate time and cost requirements, especially when the scope of work is not clearly defined.

However, it is still important to come up with an estimate, even if it is very high-level. Ideally, we have to define a way to manage the scope, schedule, requirements, financials, quality, resources, change, risks, stakeholders, communications, etc. Later in the project we can progressively elaborate on the plan to make it more accurate.

As far as an initial estimate for a timelines goes, even creating a list of activities and understanding dependencies can dramatically reduce the fog.

Plan

Try engaging your team members: ask them how long they think certain work packages might take to complete. Organise a workshop to discuss and capture the dependencies and risks. Make sure you have buy-in from your team and everyone is aware of the critical path

Yes, things can and will change, but having a plan helps you to become more aware of the potential impact of this change on budget, scope or quality. Ultimately, a good plan can help project managers put things into perspective and monitor and control projects more effectively.


The Analogies Project

The-Analogies-Project-Presnetation-Logo

I’m passionate about helping people understand security better. In my experience, using analogies has proved to be one of the best tools to help them learn. People have a far better and long-lasting understanding when they can relate to an experience that illustrates the concept they are to comprehend. Describing situations and possible outcomes can be just as easily done by telling stories: They are not only pleasant to read, hear or imagine, but they also transfer knowledge in the most effective way.

That’s why I decided to contribute to The Analogies Project.

Here’s what their website say about about the project:

Mission
The aim of the Analogies Project is to help spread the message of information security, and its importance in the modern world.
By drawing parallels between what people already know, or find interesting (such as politics, art, history, theatre, sport, science, music and every day life experiences) and how these relates to information security, we can increase understanding and support across the whole of society.

Why use analogies?
Many aspects of information security are highly technical and require a deep specialist knowledge. However, we know that all security depends ultimately on the awareness and preparedness of non-specialists.
Information security professionals cannot rely solely on technology to protect their organisations. They must engage with senior management and users in a way that their message is understood, fully appreciated and implemented. In this way they can drive changes in attitude and behaviour that will make the organisation more secure.
To do that, they must find a new language to get their points across to the non-specialist. And this is where the Analogies Project comes in….
Our past is littered with examples of how the prosperity or decline of individuals, enterprises, governments and nation states has depended to a greater or lesser extent, on the confidentiality, integrity and availability of information. By using storytelling, analogies and metaphor we can transform these real life events into powerful tools for engagement.

Please feel free to check out my profile and read my analogies.


Discussing Ethical Hacking at the University of Bradford

Bradford

I was invited to deliver a lecture on ethical hacking to the graduate students at the University of Bradford. We started off by discussing basic principles and approaches and concluded covering specific tools and techniques.

The students, with various backgrounds ranging from mobile application development, to communications and networks actively participated in the discussion. I was also very happy to share some case studies and real-world examples around vulnerability, threat and risk management.


Find out how security controls affect productivity in your company

 

speedometer

 

To expand on my research on the human aspect of security, I created a simplified model to highlight the relationship between productivity and security. The main hypothesis, is that there is a productivity cost associated with the security controls.

The interactive simulation was created and is available at http://www.productivesecurity.org. It allows users to implement their own security policies and observe the relationship between risk reduction and impact on productivity cost. Easy to understand visual feedback is available immediately for the users. This helps to understand security managers’ perspective when implementing security controls in a company.

The creation of the model was inspired by research conducted by Angela Sasse and her colleagues at the University College London.

Please get in touch if you have any feedback or would like to discuss the underlying research findings.


Back to School

IMG_4243

This week I was really happy to be back at the University College London where I got a degree in Information Security from. I was invited to the Technology & Entrepreneurial Start Ups Insight session organised by the Management Science & Innovation Department. I met many bright students interested in technology, including current MSc Information Security students. It was very interesting to find out how the curriculum changed to address modern industry trends and needs.

UCL

The day after I was proud to represent KPMG at the UCL IT and Technology Careers Fair. It comes as no surprise that there were many students interested in starting a career in the information security field. I was happy to help out with some suggestions, especially remembering that I attended the very same event some years ago.


NextSec Conference: The Changing Face of Cyber Security

NextSec

We am delighted to invite you to the NextSec Cyber Security Conference ‘The Changing Face of Cyber Security’ on 11 December 2014 at EY, 1 More London Place, SE1 2AF, London.

The conference will provide an opportunity for you to hear senior cyber security leaders, from a range of industries, share their cyber security experiences and insights through presentations following three main themes:
1) the changing cyber threat landscape,
2) the diverse techniques that have been adopted in response to the threat, and
3) the range of cyber security roles across different sectors.

The second half of the conference will address the changing dynamics required for leadership in cyber security including gender diversity and inclusiveness.

An open Q&A panel discussion will close the conference sessions.

Event Details:

  •  Date:           11 December 2014
  • Time:            5.00pm – 8.30pm followed by networking and drinks
  • Location:     Mulberry Restaurant, EY, More London Place

 Chairs

  • Cheryl Martin, Partner, EY
  • Leron Zinatullin, NextSec Committee Member and Information Security Advisor, KPMG

Confirmed speakers and panellists:

  • Cheryl Martin, Partner, EY
  • Sian John, Security Futurologist, Symantec
  • Robert Coles, Chief Information Security Officer, GlaxoSmithKline
  • Elena Cinquegrana, Associate Director, Navigant
  • Lucy Chaplin, Assistant Manager, KPMG
  • Freddie Hult, Senior Cyber Resilience Adviser, Cyber Resilience Ltd

Please visit the website to register for free.

NextSec is a networking group of young professionals working in cyber security and information risk management in the UK. The group exists since January 2012 and currently has over 290 members. These 290 members work for over 59 organisations in the UK. We have a diverse representation of young professionals working in financial services, oil and gas industry, industrial goods and retail, marketing, telecommunications, software, technology, professional services, and public sector. For more information about NextSec, please visit our website and LinkedIn group.


Follow

Get every new post delivered to your Inbox.