The document provides guidance from Jack Nichelson, Director of Infrastructure & Security at Chart Industries, on creating a results-oriented culture. Some of the key points discussed include:
- Taking ownership of problems and focusing on influencing outcomes rather than making excuses. Effective leadership requires improving one's own skills and enabling the team.
- Beginning with defining practical outcomes and creating a problem statement to provide goals and plans. It is also important to prioritize tasks and focus on initiatives that provide the biggest returns.
- Understanding stakeholders and their needs in order to solve the right problems. Customer service is important and security should help others accomplish their work safely.
- Being proactive through self-management, setting goals,
The kickstarter to measuring what matters Evanta CISO 2017Jack Nichelson
Does counting the number of intrusions a firewall blocked in a month really justify the capital spend on security projects? What kind of operational data demonstrates cybersecurity leaders’ long-term budgetary needs for their programs and at the same time shows the progress they’ve made over the years? Learn how a duo of cybersecurity professionals used thought leadership and a goals-based approach to build the case for past capital and future spend — a system that won them both dollars and trust with peers and their boards.
You're the newly-minted CISO in your organization, charged with the (un)enviable task of improving security. Unfortunately, your superiors and peers aren't quite sure what good security looks like, what they expect to see from you, or how you should go about doing it. All the execs know for sure is that if a security breach happens, it’s definitely your fault...and if a breach never comes, they question the need for security’s budget.
It falls to you to chart your own path, and help define what good security looks like within your organization. In this session we will provide real-world examples of how the three speakers have faced this challenge in multiple organizations, what metrics were chosen to show progress, and how the speakers have gone about gathering them. You will leave this session not with abstract ivory-tower ideas on measurement, but with actionable tactics you can put in place within your own program today. This session will address:
• How to show security progress
• Presenting security to senior leadership
• Real-world security metrics
• Identifying and using easily collected data
• Aligning with existing organizational metrics
Shaping Tomorrow - Getting Started - IntroductionKerry Richardson
Equip yourself with AI-driven research, instant forward intelligence, auto scenarios & collaborative strategic thinking to plan your future & act in time.
The system helps you to define, gather, analyze, prioritize and distribute forward intelligence about products, customers, competitors, policies, strategies and your environment to support you in 'making better decisions today'.
Shaping Tomorrow is the world’s first, multi-award winning, and only AI-driven, systems thinking model that delivers strategic foresight and anticipatory thinking in real-time.
The kickstarter to measuring what matters Evanta CISO 2017Jack Nichelson
Does counting the number of intrusions a firewall blocked in a month really justify the capital spend on security projects? What kind of operational data demonstrates cybersecurity leaders’ long-term budgetary needs for their programs and at the same time shows the progress they’ve made over the years? Learn how a duo of cybersecurity professionals used thought leadership and a goals-based approach to build the case for past capital and future spend — a system that won them both dollars and trust with peers and their boards.
You're the newly-minted CISO in your organization, charged with the (un)enviable task of improving security. Unfortunately, your superiors and peers aren't quite sure what good security looks like, what they expect to see from you, or how you should go about doing it. All the execs know for sure is that if a security breach happens, it’s definitely your fault...and if a breach never comes, they question the need for security’s budget.
It falls to you to chart your own path, and help define what good security looks like within your organization. In this session we will provide real-world examples of how the three speakers have faced this challenge in multiple organizations, what metrics were chosen to show progress, and how the speakers have gone about gathering them. You will leave this session not with abstract ivory-tower ideas on measurement, but with actionable tactics you can put in place within your own program today. This session will address:
• How to show security progress
• Presenting security to senior leadership
• Real-world security metrics
• Identifying and using easily collected data
• Aligning with existing organizational metrics
Shaping Tomorrow - Getting Started - IntroductionKerry Richardson
Equip yourself with AI-driven research, instant forward intelligence, auto scenarios & collaborative strategic thinking to plan your future & act in time.
The system helps you to define, gather, analyze, prioritize and distribute forward intelligence about products, customers, competitors, policies, strategies and your environment to support you in 'making better decisions today'.
Shaping Tomorrow is the world’s first, multi-award winning, and only AI-driven, systems thinking model that delivers strategic foresight and anticipatory thinking in real-time.
Final cycles overview jan 2019 with toolkitBryan Cassady
Scaling up is hard and deadly if done wrong. We would like to help you get it right.
This presentation introduces the ABCs method of innovation and provides toolkits you could use to grow fast while reducing riks
Details
A study by Startup Genome analyzed the results of 3,200 start-ups, they found that of the majority of start-ups failed. That shouldn’t come as a surprise to anyone. What is more important is they found, 70% failed because of premature or faulty scaling.
In this workshop, you learn about the ABCs method. The ABCs method is a system-based approach to growing your business. It has been proven to build ideas up to 6x faster while reducing risks 30-80%.
There are companies that succeed and companies that fail. The biggest difference between winners and losers is smart winners make good, even mediocre, ideas great over time.
This presentation includes a draft version of the tools that will be presented in our new book Cycles
Keywords: Bryan Cassady , Innovation , Lean
Velocity is one of the most commonly used – and abused – agile team metrics. Teams (and their stakeholders) often focus on “improving velocity” without either a proper consideration for root causes that impact velocity, or a holistic view.
Join Andy in an interactive discussion that explores how we can remove the perverse incentives and provide healthier ways for teams to gain meaningful insights on the outcomes of their experiments.
Growing your business can be hard work. But, it becomes even harder when you continually focus on “areas for improvement”… There is an alternative; it is called a “Bright Spots Approach”.
In this presentation you will learn:
- Why you should focus more on bright spots
- How other companies are successfully using bright spots to grow faster
- Why bright spots focus will also help you fix the weak spots in your company
- How you can get started quickly
Cycles: The simplest, proven way to build your businessBryan Cassady
Scaling up is hard and deadly if done wrong. We would like to help you get it right.
A study by Startup Genome analyzed the results of 3,200 start-ups, they found that of the majority of start-ups failed. That shouldn’t come as a surprise to anyone. What is more important is they found, 70% failed because of premature or faulty scaling.
In this workshop, you learn about the ABCs method. The ABCs method is a system-based approach to growing your business. It has been proven to build ideas up to 6x faster while reducing risks 30-80%.
Communication to the business is very different to exploitation. This talk helps bridge the gap between a finding and a business risk.
Presented at HackFest 2018
A lot of research has shown that systems are the key to innovation success.
Systems are made up of interrelated components of people and processes with a clearly defined, shared destination or goal.
Systems work best when everyone shares an understanding and commitment to the aim or purpose of the system.
The foundations are clarity and a commitment to learn, and improve.
Great companies have 3 characteristics that set them apart from the rest. These characteristics are:
1. An ability to see and build on strengths
2. A commitment to build innovation eco-systems and
3. A commitment to ongoing action
Deliverables: Simplifying the challenges, structuring the learning process, getting better internally and in your eco-system.
This course covers what is Innovation and why everything needs to start with alignment.
If you don’t know where you’re going... Chances are you won’t get where you want to go.
Alignment is the foundation of effective growth and Innovation. It is about finding what is important to you (MISSION) and matching this with what the market wants (NEEDS) and plan to deliver and extract value. It is also about an honest assessment of who you are. (CULTURE)
Deliverables: After this course you will be able to identify 3-4 True North priorities for your company /division (True north) priorities can be:
1. Changing what you are doing and why
2. Changing how you work to generate or extract more value
3. How to work smarter and / or get your culture supporting your innovation objectives
3 beliefs you need to let go to start you agile journey – Agile EE 2017Antti Kirjavainen
The biggest reasons so many agile transformations fail have reported to be lack of management support and general resistance to change.
In my talk I describe the 3 underlining beliefs that cause resistance to change and lack of management support for agile transformations.
These paradigms are fundamentally incompatible with the agile way of working. Trying to transform or change an organization where these beliefs are prevalent will fail.
How to change these beliefs? Answering that question is the second part of my talk. I will describe my experiments to help people unlearn these beliefs and share what I have found to work to support this kind of change in mindset and culture.
My talk will help people in any knowledge work organisation who want to change their organisation into more agile mindset and ways of working.
Automated decision making with predictive applications – Big Data BrusselsLars Trieloff
My slides from Dataconomy's Big Data, Brussels event in March 2015. Key topics: what are predictive applications and how can they help companies make better decisions, faster and cheaper.
Information Security - Back to Basics - Own Your VulnerabilitiesJack Nichelson
When a security program isn't as good as it should be it can be tempting to conclude that it needs more resources and solutions. Jack Nichelson decided to take a different approach: simplification. By focusing on fewer problems with bigger returns, he was able to reduce malware by 60 percent and improve the results of his annual pen report. He’ll share a back-to-the-basics case study for removing complexity and running a simple, effective, start-up worthy security program.
This Talk is for - Security Managers looking to better focus on the real vulnerabilities and more effectively communicate your progress
The Goals of this talk – Find the real problems, create a formal plan, build support for the plan, and report the progress
Final cycles overview jan 2019 with toolkitBryan Cassady
Scaling up is hard and deadly if done wrong. We would like to help you get it right.
This presentation introduces the ABCs method of innovation and provides toolkits you could use to grow fast while reducing riks
Details
A study by Startup Genome analyzed the results of 3,200 start-ups, they found that of the majority of start-ups failed. That shouldn’t come as a surprise to anyone. What is more important is they found, 70% failed because of premature or faulty scaling.
In this workshop, you learn about the ABCs method. The ABCs method is a system-based approach to growing your business. It has been proven to build ideas up to 6x faster while reducing risks 30-80%.
There are companies that succeed and companies that fail. The biggest difference between winners and losers is smart winners make good, even mediocre, ideas great over time.
This presentation includes a draft version of the tools that will be presented in our new book Cycles
Keywords: Bryan Cassady , Innovation , Lean
Velocity is one of the most commonly used – and abused – agile team metrics. Teams (and their stakeholders) often focus on “improving velocity” without either a proper consideration for root causes that impact velocity, or a holistic view.
Join Andy in an interactive discussion that explores how we can remove the perverse incentives and provide healthier ways for teams to gain meaningful insights on the outcomes of their experiments.
Growing your business can be hard work. But, it becomes even harder when you continually focus on “areas for improvement”… There is an alternative; it is called a “Bright Spots Approach”.
In this presentation you will learn:
- Why you should focus more on bright spots
- How other companies are successfully using bright spots to grow faster
- Why bright spots focus will also help you fix the weak spots in your company
- How you can get started quickly
Cycles: The simplest, proven way to build your businessBryan Cassady
Scaling up is hard and deadly if done wrong. We would like to help you get it right.
A study by Startup Genome analyzed the results of 3,200 start-ups, they found that of the majority of start-ups failed. That shouldn’t come as a surprise to anyone. What is more important is they found, 70% failed because of premature or faulty scaling.
In this workshop, you learn about the ABCs method. The ABCs method is a system-based approach to growing your business. It has been proven to build ideas up to 6x faster while reducing risks 30-80%.
Communication to the business is very different to exploitation. This talk helps bridge the gap between a finding and a business risk.
Presented at HackFest 2018
A lot of research has shown that systems are the key to innovation success.
Systems are made up of interrelated components of people and processes with a clearly defined, shared destination or goal.
Systems work best when everyone shares an understanding and commitment to the aim or purpose of the system.
The foundations are clarity and a commitment to learn, and improve.
Great companies have 3 characteristics that set them apart from the rest. These characteristics are:
1. An ability to see and build on strengths
2. A commitment to build innovation eco-systems and
3. A commitment to ongoing action
Deliverables: Simplifying the challenges, structuring the learning process, getting better internally and in your eco-system.
This course covers what is Innovation and why everything needs to start with alignment.
If you don’t know where you’re going... Chances are you won’t get where you want to go.
Alignment is the foundation of effective growth and Innovation. It is about finding what is important to you (MISSION) and matching this with what the market wants (NEEDS) and plan to deliver and extract value. It is also about an honest assessment of who you are. (CULTURE)
Deliverables: After this course you will be able to identify 3-4 True North priorities for your company /division (True north) priorities can be:
1. Changing what you are doing and why
2. Changing how you work to generate or extract more value
3. How to work smarter and / or get your culture supporting your innovation objectives
3 beliefs you need to let go to start you agile journey – Agile EE 2017Antti Kirjavainen
The biggest reasons so many agile transformations fail have reported to be lack of management support and general resistance to change.
In my talk I describe the 3 underlining beliefs that cause resistance to change and lack of management support for agile transformations.
These paradigms are fundamentally incompatible with the agile way of working. Trying to transform or change an organization where these beliefs are prevalent will fail.
How to change these beliefs? Answering that question is the second part of my talk. I will describe my experiments to help people unlearn these beliefs and share what I have found to work to support this kind of change in mindset and culture.
My talk will help people in any knowledge work organisation who want to change their organisation into more agile mindset and ways of working.
Automated decision making with predictive applications – Big Data BrusselsLars Trieloff
My slides from Dataconomy's Big Data, Brussels event in March 2015. Key topics: what are predictive applications and how can they help companies make better decisions, faster and cheaper.
Information Security - Back to Basics - Own Your VulnerabilitiesJack Nichelson
When a security program isn't as good as it should be it can be tempting to conclude that it needs more resources and solutions. Jack Nichelson decided to take a different approach: simplification. By focusing on fewer problems with bigger returns, he was able to reduce malware by 60 percent and improve the results of his annual pen report. He’ll share a back-to-the-basics case study for removing complexity and running a simple, effective, start-up worthy security program.
This Talk is for - Security Managers looking to better focus on the real vulnerabilities and more effectively communicate your progress
The Goals of this talk – Find the real problems, create a formal plan, build support for the plan, and report the progress
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
So exactly how do you integrate information security metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program.
Information Security Metrics - Practical Security MetricsJack Nichelson
So exactly how do you integrate information security metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program.
10 Critical Habits of Effective Security ManagersJack Nichelson
How to Secure Things & Influence People:
10 Critical Habits of Effective Security Managers
Have you ever felt that the security problems you're faced with would be so simple to solve if only your colleagues had your perspective on them? Are you frustrated that security does not have a more prominent seat at the table?
Often times identifying security problems and developing the appropriate controls is the easiest part of the security job. Getting our peers and superiors to buy-in to those solutions and understand the risk decisions they're making is an under-appreciated but arguably much more important part of our jobs in security.
Chris and Jack will share techniques that help to turn your employees into an army of human security sensors, to get security done regardless of where it sits on the org chart, and to earn major security victories even with a meager budget and a small team. Along the way you’ll learn about the “10 Critical Habits” which we have observed effective security leaders using to achieve their goals.
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...Pedro Henriques
The "life" of a company is the sum of its decisions. Hasty decisions can be disastrous, late decisions could mean loss of opportunity, but these decisions have to be made. Therefore it is important to have a tool that assists in decision making.
The main focus of this talk is to show the importance of support to decision making, understand the importance of risk and impediment management in agile environments and to present an approach to identify actions to mitigate risks and solve impediments based on Agile Community Knowledge.
This talk includes an example of a simple tool from the company SCRAIM. You can also check the video goo.gl/SBqAW4
Similar to Creating a Results Oriented Culture (20)
Senior Project and Engineering Leader Jim Smith.pdfJim Smith
I am a Project and Engineering Leader with extensive experience as a Business Operations Leader, Technical Project Manager, Engineering Manager and Operations Experience for Domestic and International companies such as Electrolux, Carrier, and Deutz. I have developed new products using Stage Gate development/MS Project/JIRA, for the pro-duction of Medical Equipment, Large Commercial Refrigeration Systems, Appliances, HVAC, and Diesel engines.
My experience includes:
Managed customized engineered refrigeration system projects with high voltage power panels from quote to ship, coordinating actions between electrical engineering, mechanical design and application engineering, purchasing, production, test, quality assurance and field installation. Managed projects $25k to $1M per project; 4-8 per month. (Hussmann refrigeration)
Successfully developed the $15-20M yearly corporate capital strategy for manufacturing, with the Executive Team and key stakeholders. Created project scope and specifications, business case, ROI, managed project plans with key personnel for nine consumer product manufacturing and distribution sites; to support the company’s strategic sales plan.
Over 15 years of experience managing and developing cost improvement projects with key Stakeholders, site Manufacturing Engineers, Mechanical Engineers, Maintenance, and facility support personnel to optimize pro-duction operations, safety, EHS, and new product development. (BioLab, Deutz, Caire)
Experience working as a Technical Manager developing new products with chemical engineers and packaging engineers to enhance and reduce the cost of retail products. I have led the activities of multiple engineering groups with diverse backgrounds.
Great experience managing the product development of products which utilize complex electrical controls, high voltage power panels, product testing, and commissioning.
Created project scope, business case, ROI for multiple capital projects to support electrotechnical assembly and CPG goods. Identified project cost, risk, success criteria, and performed equipment qualifications. (Carrier, Electrolux, Biolab, Price, Hussmann)
Created detailed projects plans using MS Project, Gant charts in excel, and updated new product development in Jira for stakeholders and project team members including critical path.
Great knowledge of ISO9001, NFPA, OSHA regulations.
User level knowledge of MRP/SAP, MS Project, Powerpoint, Visio, Mastercontrol, JIRA, Power BI and Tableau.
I appreciate your consideration, and look forward to discussing this role with you, and how I can lead your company’s growth and profitability. I can be contacted via LinkedIn via phone or E Mail.
Jim Smith
678-993-7195
jimsmith30024@gmail.com
Artificial intelligence (AI) offers new opportunities to radically reinvent the way we do business. This study explores how CEOs and top decision makers around the world are responding to the transformative potential of AI.
Specific ServPoints should be tailored for restaurants in all food service segments. Your ServPoints should be the centerpiece of brand delivery training (guest service) and align with your brand position and marketing initiatives, especially in high-labor-cost conditions.
408-784-7371
Foodservice Consulting + Design
The case study discusses the potential of drone delivery and the challenges that need to be addressed before it becomes widespread.
Key takeaways:
Drone delivery is in its early stages: Amazon's trial in the UK demonstrates the potential for faster deliveries, but it's still limited by regulations and technology.
Regulations are a major hurdle: Safety concerns around drone collisions with airplanes and people have led to restrictions on flight height and location.
Other challenges exist: Who will use drone delivery the most? Is it cost-effective compared to traditional delivery trucks?
Discussion questions:
Managerial challenges: Integrating drones requires planning for new infrastructure, training staff, and navigating regulations. There are also marketing and recruitment considerations specific to this technology.
External forces vary by country: Regulations, consumer acceptance, and infrastructure all differ between countries.
Demographics matter: Younger generations might be more receptive to drone delivery, while older populations might have concerns.
Stakeholders for Amazon: Customers, regulators, aviation authorities, and competitors are all stakeholders. Regulators likely hold the greatest influence as they determine the feasibility of drone delivery.
The Team Member and Guest Experience - Lead and Take Care of your restaurant team. They are the people closest to and delivering Hospitality to your paying Guests!
Make the call, and we can assist you.
408-784-7371
Foodservice Consulting + Design
CV Ensio Suopanki1.pdf ENGLISH Russian Finnish German
Creating a Results Oriented Culture
1. Creating a Results Oriented Culture
Jack D. Nichelson
Director of Infrastructure & Security
Chart Industries
April 26, 2017
@Jack0LopeJack@Nichelson.net
2. ACKNOWLEDGEMENTS
Steve Holt, CIO - Chart Industries
Craig Shular, CEO - GrafTech
David Hilmer, VP & CIO - Graftech
Erick Asmussen, VP & CFO - Graftech
John Kocsis, Dir. IS Ops - Swagelok
Jason Middaugh, Dir. Infrastructure - Cliffs
Chris Clymer, Dir. Info Sec - MRK
Matt Neely, Threat Manager - Progressive
Bob Kemp, CISO - TA
Chris Prewitt, VP Advisory Services - TrustedSec
Ed Pollock, CISO - STERIS
“When the student is ready the master will appear”
3. JACK NICHELSON
Director of Infrastructure & Security for Chart Industries.
Executive MBA from Baldwin-Wallace University
Recognized as one of the “People Who Made a Difference
in Security” by the SANS Institute and Received the
CSO50 award for connecting security initiatives to
business value.
Adviser for Baldwin Wallace’s, State winner Collegiate
Cyber Defense Competition (CCDC) team.
I defend my companies competitive advantage
by helping solve business problems through
technology to work faster and safer.
“Solving Problems, is my Passion”
4. GUT CHECK – TAKE OWNERSHIP
If I just had a better team, I would do better. "Wrong"
If I am a better leader, my team will be better. That is what I had to learn as a
leader and step up to make happen.
Be Proactive – Focus on what you can influence
Begin with the end in mind – Define practical outcomes
Create a Problem Statement – A goal without a plan is just a wish
Put first thing first – Plan weekly, act daily
Chart Performance & Adjust – Shine a light on the problem
“There are no bad teams, only bad leaders.” - Jocko Willink
5. GOOD ADVICE
The most important person for you to manage effectively is yourself. To grow
personally and professionally you need to know yourself before you can help
others.
“Think about how you can simplify security –
make it easy – and focus on the basics.” - Dave Kennedy
Recommendations:
Take a step back and read “REWORK”
Remove complexity – Start small
Start at the epicenter, on what won’t change
Focus on fewer problems that provide bigger returns
Build an audience
Keep score & publish it (Good or Bad)
6. KNOW YOUR STAKEHOLDERS
To make stuff that matters, you have to know what matters so work on
solving the right problems.
Effective managers take the time to identify stakeholders and know their pain points.
Security is about a lot more than just you
You are taking actions to protect assets in the
stewardship of others
You are making choices which will impact the ways
those around you conduct their business
“No one cares what you know until you show them
how much you care”
7. CUSTOMER SERVICE
We often focus on the problem and forget about the customer. They will
forget the problem you solved before they forget how you made them feel.
“The day people stop bringing you their problems is the day you have
stopped leading them” - Colin Powell
Security is a support role…your job is to help others
safely do the things that make your organization
productive
You cannot do this job without help
Your employees are not subjects for you to dictate
rules to…they are your customers
If you treat them well, they will be your “army of human
sensors”, bringing you all kinds of useful intel, and
helping to enforce policies you've developed to protect
them
8. JUST SAY MAYBE
Effective leadership requires collaboration and empathy for the other person.
It’s OK to be uncomfortable with the results
Security has often been the Department of “No”
Taking a hard stance as a “cyber policeman” can
seem to work…until you become perceived as an
obstacle
If you are an obstacle, process will begin to be routed
around you
9. BE PROACTIVE
Change starts from within, so you have to make the decision to focus
on the things you can influence rather than reacting to the things
outside of your control.
Manage Yourself:
Where and how are you spending your time & energy throughout the day?
Make a list of the things that concern you and things you can Influence.
Ask yourself these 3 questions every day:
Did I do my best to spend my time on things I can influence?
Did I do my best to set and communicate clear goals?
Did I do my best to make progress toward goal achievement?
“The 1st metric you need to track is yourself”
10. CONCERN VS. INFLUENCE
Hackers Organized Crime State Sponsored
Higher Difficulty
~10% of incidents
Security Risks
• Advanced Persistent Threat
• Zero Day Attacks
• The Insider Threat
• BYOD
• Mobile Malware
• The “Cloud”
Lower Difficulty
~90% of incidents
• Missing Patches
• Lost & Stolen Devices
• Local Admin Right’s
• Phishing
• Poor Passwords
• MalwareVerizon's 2013 Data Breach Investigations Report (DBIR)
11. BEGIN WITH THE END IN MIND
If your ladder is not leaning against the right wall, every step you take gets
you to the wrong place faster.
“Try Not to Become a Success. Rather Become a Person of Value.”
First, do you know what “good” looks like?
Break down the area you have influence over into functional parts
that you and the stockholders can score and rank.
Now that you have an agreed upon heatmap of your current
state, set short term and long term goals.
12. PROBLEM STATEMENT
The Problem Statement significantly clarifies the current situation by
specifically identifying the problem and its severity, likelihood, and impact. It
also serves as a great communication tool, helping to get buy-in and support
from others.
“A problem well stated is a problem half-solved.” — Charles Kettering
Build & Execute plans to drive for results & share
successes
Invest more time in project planning and due diligence; time spent
defining the problem is NEVER time wasted.
Write a Project Charter, clearly state the scope, objectives,
participants, and success measurements.
Create a Work Breakdown Structure to graphically represent the
project scope, broken down in successive chunks with defined
deliverables.
13. PUT FIRST THINGS FIRST
Focus on the important, not just the urgent. The urgent are not that important,
and the important are never urgent.
“Effectiveness requires the integrity to act on your priorities”
Tips for taking back control of your time:
Stop saying Yes, When you want to say No.
Scheduled your own time with purpose & defend it!
Don’t be afraid to close your email and turn off your phone
14. CHART PERFORMANCE & ADJUST
Gemba (現場) is a Japanese term referring to the place where value is created.
The idea of Gemba is that the problems are visible, and the best improvement
ideas will come from going to the Gemba.
“Good security is not something you have, it’s something you do” - Wendy Nather
15. SUMMARY – TAKE OWNERSHIP
If I just had a better team, I would do better. "Wrong"
If I am a better leader, my team will be better. That is what I had to learn as a
leader and step up to make happen.
Be Proactive – Focus on what you can influence
Begin with the end in mind – Define practical outcomes
Create a Problem Statement – A goal without a plan is just a wish
Put first thing first – Plan weekly, act daily
Chart Performance & Adjust – Shine a light on the problem
“There are no bad teams, only bad leaders.” - Jocko Willink
16. BOOK REFERENCES
Work Smarter and More Easily by "Sharpening Your Axe"”
The Five Dysfunction of a Team – Patrick Lencioni
Leading Change – John Kotter
The 7 Habits of Highly Effective People – Dr. Covey
The 1 Minute Manager – Ken Blanchard
Extreme Ownership – Jocko Willink
The Phoenix Project – Gene Kim
What got you Here won’t get you There – Gooldsmith
Leaders Eat Last – Simon Sinek
The Ideal Team Player – Patrick Lencioni
Death by Meeting – Patrick Lencioni
17. THANK YOU
Jack D. Nichelson
Director of Infrastructure & Security
Chart Industries
April 26, 2017
@Jack0LopeJack@Nichelson.net
22. HOW TO BUILD A SQDC BOARD
Key Performance Indicators – Good data can tell a story
Predictive Analysis – Your board should help prevent future issues
Keep the data fresh and useful, address items as quick as possible
using LEAN tools and once addressed remove them from the board.
23. GEMBA BOARD: SECURITY
“We measure things that matter”
Example Metrics:
# of systems not monitored & tracked in inventory by
Location or LoB
# Top Vulnerabilities by Location or LoB
# of Legacy Systems by Location or LoB
# of Users with Local Admin & Accounts with Domain
Admin
# of Total Security Incidences by Location or LoB
# of Past Due Security Awareness Training by Location or
LoB
Security - The current security posture at a glance
24. GEMBA BOARD: QUALITY
Example Metrics:
# of Servers & Workstation missing OS & App patches
(30 day SLA)
# of infections/Re-Images tickets (3 day SLA)
# of Security Event tickets (5 day SLA)
# of Security Request tickets (15 days SAL)
Cause Mapping Analysis to find root cause of problems
Quality – Results for SLA goals
of events & requests
25. GEMBA BOARD: DELIVERY
Delivery – Active Projects & Audits at a glance
Example Metrics:
Active Projects Status
Active Audit Status
Remediation Progress by Location or LoB
On-Site Awareness Training by Location
26. GEMBA BOARD: COST
Cost – P&L at a glance
Example Metrics:
Operating budget spending plan (OPEX & CAPEX)
ROIC Qualitatively Rating of Perceived Value
Support Agreements Costs & Renew dates
Consultant Support Agreements Costs & Renew dates
Running total of cost savings
27. GEMBA BOARD: PEOPLE
People – Skills matrix at a glance
Example Metrics:
Skills Matrix of everyone in Security
Training and development plans
On-Call & Vacation Schedules
Awards
28. VISUALIZATION TECHNIQUES: THE HEATMAP
Impact
Low No threat to core business function impact
Medium
Threat to core business function impact, but
has not occurred yet. i.e. ERP system is down
but have not yet missed orders
High
Immediate impact to core business functions.
i.e. products cannot be shipped, or core IP is
lost.
Likelihood
Low Happens once every 10 years, or less
Medium Happens once every 1 to 10 years
High Happens once or more a year
• Develop “Likelihood” to fit your org
• Develop “Impact” to fit your org”
• Score potential risks “high”,
“medium”, or “low” for each
• Map results to the heatmap
31. VISUALIZATION TECHNIQUES: THE SCORECARD
Captures day-to-day operations in security
One-page roll-up that can be presented to CIO, or used internally
“Operations” section captures work being done: creating firewall rules,
patching systems, conducting awareness events
The “Risk” section captures visibility into risk at the organization.
Number of scans, open vulnerabilities
To the far right is the legend explaining the thresholds for each item
Editor's Notes
A problem well stated is a problem half-solved. —Charles Kettering
A problem well stated is a problem half-solved. —Charles Kettering
A problem well stated is a problem half-solved. —Charles Kettering
A problem well stated is a problem half-solved. —Charles Kettering
A problem well stated is a problem half-solved. —Charles Kettering
A problem well stated is a problem half-solved. —Charles Kettering
A problem well stated is a problem half-solved. —Charles Kettering
A problem well stated is a problem half-solved. —Charles Kettering
A problem well stated is a problem half-solved. —Charles Kettering
A problem well stated is a problem half-solved. —Charles Kettering
A problem well stated is a problem half-solved. —Charles Kettering
A problem well stated is a problem half-solved. —Charles Kettering
A problem well stated is a problem half-solved. —Charles Kettering
A problem well stated is a problem half-solved. —Charles Kettering
A problem well stated is a problem half-solved. —Charles Kettering
A problem well stated is a problem half-solved. —Charles Kettering
A good goal should scare you a little, and excite you a lot.