Innovation Nation
Innovation Nation

Episode · 1 year ago

Start Valuing Your Time Like a Corporate Asset w/ David Grady


With today’s remote work culture, we all feel trapped on Zoom for 9 hours a day…  

Well, there’s an easy way to save yourself from bad meetings. Ask why you were invited. 

In this episode, I interview David Grady, CISM & Security Evangelist at Verizon, about innovating our mindset about time. 

What we talked about:  

  • Not everyone on a team needs to go to the meeting! 
  • In security as in life, you need to clarify your goals 
  • Digital transformation actually starts with communication 
  • Being continually available for work erodes your resilience 

Innovation is all around us. In fact, everyone innovates, often unbeknowns to themselves. Many mistakenly assumed the innovation is either a big capital project, a figurative bolt of lightning that brings inspiration, or the province of some exceptionally gifted person. This is the myth of innovation. But you can innovate as well. You are listening to innovation nation, the podcast where top executives and industry experts are sharing their insights on harnessing the power of innovation. We're here to help you stay ahead of the curve by driving your own innovation. Here's your host, Jasmine Martyr Rossen. Hi everybody. I am joined today by David Grady, who is a cybersecurity evangelist at Verizon, one of the largest communications firms in the United States, and he's also a wellknown Internet celebrity whose Ted talk on meeting effectiveness has been translated into thirty seven languages and gone totally viral. David, thanks for joining us. Thanks for having me. It's the two losses I've seen you in the real world as nice to see you on a tele offered screen here. Fantastic. Looking forward to an in person meeting to so, David, you know even my introduction touches upon a diversity across disciplinarity of things you've done that really involves innovation. Tell us a little bit more about how you've gone about it. Well, if you haven't seen the Ted talk, and I will go to and do it, but the Ted talk was free short as seven or eight minutes long, and what I tried to do was call people to Action, to tell them that they have the right to say no to a meeting or to at least ask why they've been invited to a meeting. It sounds really kind of UNDANE, it sounds self evident, but they really resonated with a lot of people. What I was saying was if you get a meeting invitation you don't know why you're being invited, there's no there's no agenda, there's no real role for you or clear outcomes. Just ask the person why. You know increasingly they our time is so valuable. And the rip the response that I got to that that's simple, kind of humorous called action to say, you know, hit the maybe button or hit the no button. That'send a note to say maybe it'll come to you meet, but why did you invite twelve of us from the same team? There was the reaction that I've gotten from that and I continue to get. That was like four or five years ago, but you know, almost every week I see it pop ups on social media. Some was linked to it. Since you know this this thing is change the way that I work and that's that's a great feeling for me. But it's exciting because people change your behaviors and and I've tried to think a lot of how that experience of having a message that was short and sharper, you know, really resonate around the world every seven language still blows my mind. My kids think I'm insufferable because they're trying to get viral on Tick Tock and I was lucky enough to have this happened. But to think about how can I apply we know what's some of the lessons were to the job that I'm in now, which is helping out some customers are rising to cyber security. So that's really amazing that your kids are competing with you and the winning. I have to tell you my daughter, when she was in high school, four years ago, she went on a school trip and as the plane was achieving you know, point where they could turn the TV's on. My Ted talk came out on the airplane, just on the screen, and so he said Julius, at your father and she's like God, I can't get away from this guy. She was embarrassed. But that was really know, my ego is a little, little big. For about a year was pretty sighting time, and so, like both a million views stoodents to them. It's a very strange experience. I've wrote about it on my blog. How no matter how amazing you think you are, there's always people out there trolling you. So ever get a chance to go to David gradied up blog, you can read with that. But no, that the oovation you want to talk about. How translated that? It's kind of a funny leap. How do you use that in your daily life day that you know, do you practice what you preach? I do. I try to practice what I preach and I think one of the things I learned too from that is that not everybody has luxury to,... know, push back and even if it's gently or respectfully, I respectfully excuse me, and sometimes, you know, that gets with me and I think we're so manic. When we were sitting the frenzy of the day, I call the tyranny of the day to day, that we rarely get a chance to step back. And right now I'm seeing people who are on June calls or whatever platform they're using literally all day and and you know they're pleading like can they run to the bathroom and I get a sandwich. I think that you know this shit in the in the working from home and everyone's is worried about their jobs. They're taking a shorter term view, which is like the present, be present, be present and always be available, because you know they're afraid if they're going to miss that one meeting we're going to get the acts or something, because it's very scary times right now. But I think that, you know, the message of that, the Ted Talk, was to value your time like an asset, of corporate asset, and if you do that strategically and respectfully, people will respect your time, you'll lie will improve. So I try to invest it, to it here, to it, but it is hard, it's hard to practice what you preaching that respect. But when I do want to tell you about was so sort of one thing about that, if I may, was surprising, was how emotional people got when when they wrote to me, after they've read the later, they saw that the Ted talk, they say, they write to me these things that, like you made me cry. You may be laughing, you made to cry. Our show this to my spouse because this is by my day, all day that I allays going to meetings, beings means, and it was so the relief for them to be empathized with, to be recognized, to be heard right, that's not just them. And again, you know, going global is interesting because it's not just an American problem. So I think about that. When you know what, I talked to companies about cybersecurity and we can sort of have to transition of these conversations to that, but it's the same sort of an emotional feel. It's recognition, it's not manipulation. But when I talk to customers about security, I try to again empathize with the challenges that they have and sort of recognized that that starts you is very licensed, you operationally challenging and expensive and everything, and to, you know, let them know that that when and if they solve their security problems or address, as you pretty probms are going to have the same sense of relief and they're actually going to. They can have an emotional who but moment when they when they've achieve the objectives, release clar high what their objectives are. Service scurity can be very overwhelming if you don't take a step back, and I think that philosophy of taking a step back and saying you might spend my time right about focusing on the things that really matter, it can help you with prove the the security in your in your organization. So two separate things will come up as a following one. You talked about time being a corporate asset. It is, in fact, when you think about it, the most valuable asset we have as individuals and that corporations have to so how much time is then in use in effectively meetings as a huge bearing an outcomes? You know, there's a lot of been a lot of study, a lot of research around that, and you should do with some partnership with an organization that I really liked about the west coast called stop meeting like this. Highly recommend checking them out, because they do this forty hours a week or more. But I think again, it's not so much to qualify its quality aspect. Right, we spend so much time in these meetings that the quality of our life does gender. You know, you started meeting in the car, you continue to meeting while you walk into the building. You never really you know, feel like you're like I said in the Ted Talk, you live to meet another day, and that's really not sustainable. I guess what I'm trying to say, though, is one of the biggest things I've seen in the last year two, really looking at this critically, is folks who feel compelled to go and you go to a meeting or virtual meeting and there's literally eight or nine people from the same team on that meeting and that's a Onehour call. So let's say everybody makes, I don't know, fifty an hour of just rounding up right, you get nine people on that team, same team, in various roles for an hour. So that's what forty five, forty five hundred dollars. Yeah, so that's yeah, that's it, the five thousand dollar hour, you know, for the all those people.

Can you can you put into place sort of a structure, what either gentleman's agreement or or something more formal, where you're going to cover that meeting and you're going to show up and you're going to be engaged and you're not going to be look at your phone and you're really going to think through the perspectives of your teammates as well. What do they need to hear? Right, maybe even do a little bit prep work to go into that meeting and be able to represent the other people on the team where to come out with, you know, action nights for them and let those other eight people go do something that's more productive. That's more that's more beneficial as an asset to the company. That than to sit there and having all those people nodding and then they leave and say that was interesting, but it really wasn't interesting. So that for me, that's I think one of the biggest things is not so much as an individual anymore. It's about how how you look at a team as an asset. Yes, there's a huge corporates cost, of course, and not everybody necessarily thinks of it that way. Right and driving the wardness will help. Now you said earlier you know conversation that it can be daunting and overwhelming for people to address cyber security. How do you allow people to get over that barrier, because it can be scarier right. People throw around big phrases like digital transformation. Nobody really knows what it exactly means for yeah, I understand that and and I know this is a it's a funny it's might hope. My career is kind of in strange to the transition from, you know, for being a communications out of a cyber security guy. Not quite sure how that happens. So this conversation, this is jarring as the change in my career. But I'll tell you when, when you think about the overwhelming nature cyber security, it doesn't have to be that way. I was out on the road last year before we all go to sort of ground, and I was speaking at cyberscurity conferences. It was right around the time of the anniversary of the moon lighting, the fifty anniversary of Apollo Eleven, and I started my talks like this. I would say, you know, it's about to today, tomorrow, this week is the fifty anniversary of the moon landing, and you guys all remember that famous speech that John Kennedy made. I believe the nation should do itself to gain the goal, before this decade is out, of creating a three hundredzero employee bureaucracy to develop a one hundred and eighty foot tall projectile capable of two hundred pounds of until, a million pounds of rest the gods, all the technical details right, and everybody look Amil like, go it's crazy. Said No, you don't remember that speech because that's not what Kennedy said. Kennedy didn't get into the nuts and bolts of the rockets. Kennedy said I believe we should commit ourselves to achieving the goal the landing man in the moone to bring them back. And I said that's a speech you remember because the call to action was playing and the outcome was playing right. So when you look at security, you can look at the rocket science and you can look at every piece of the rocket get completely overwhelmed by all the systems and all the buttons, right, but you can take a step back and say what are we trying to achieve here? So cyber security, just to stretch this metaphor further, law, it's not about the shiny boxes and this firewall and that and that, that firewall and that web connection. It's about what do we want to do to cybersecurity connect to the business objectives. The cyberscurity enable the business objectives. To cyberscurity get in the way of business objectives. And if you say the security program has just a few objectives, like making sure we're focusing on the things that matter most, the have the data to prove that you're focusing on the things that matter most, because in cyberscurity you can quickly played whackable and then you know you have limited resources. But if you do, if you try to protect against any possible thing that happens right, you're not going to be able to really focus on the things that matter. I was like to say, you know, when you do disaster planning right for business, you don't do disaster connuity planning for, you know, a stampede of wild animals coming through the front door. I mean that's a very unlikely to happen. Less you know work across street the zoo right see plan for what the data tells you more likely. So when you do the researcher prises a lot of research around this, you can focus on the threats that are really real to you, and that's maybe four or five threats as opposed to all of them. So if you don't try to bite off everything the security and you particularly if you're...

...not in the security role. You you rely on it. You know, it's not such science fiction stuff and it's not that rocket science as much. I mean sure we get those people are really smart, but it's about the mission getting to the moon. It's not about building each little mutual piece of the equipment. That makes sense. I hope it does. It's actually a brilliant example of how simplification and the clarity of mission can drive it home. Where is it? When you break it down to the nuts and bolts? It can be really overwhelming and which unfortunately probably happens in realize very often, which is why a lot of progress is not made at the pace that it could be. And there's an emotional appeal to I mean, okay, it's not manipulative, but you know, Kennedy, and still some pride and some aspirational you know, hope. What you talked about going to the moon, and you know cyberscurity is not nearly as glorious, you know, for the nation, but it is if you present, if your assigned security professional and an organization and you need to get the culture behind you and you need to get people to the understand that they have a role and server security beyond just changing their passwords every now and then and not writing down in the sticky note and not just doing their training once a year. Right, if you have to appeal to their emotions, and the worst thing you can do is appeal to their negative emotions and the sort of prey on a fear and uncertain a doubt that comes to Serb security. You don't want to show them the latest headline and say this could be us because, oh my gosh, this terrible hack could be us. It's true, but if you feel to them and from the their perspective, right, I need my applications to be up running at a very high availability level. I need to really smooth customer service. I need my customers to know that their data secure, that they feel at the experience has been secure. If you can tell them what's in it for me, right, what's in it for me? Security, but you know, the easier audits, you know will be even more demonstrable compliance with regulations. Right, the more innovation. You know, a lot of innovation we're seeing right now, driven by the business lines in all enterprises and all the organs they stood all industries, is because the technologies that are coming up. The thigh GS and the iots meet, the SE learning and AI, all the blockchain, all these new things the business line people are embracing because they see the business possibilities, they see financial possibility, if they are not thinking about the security locations that can innovate themselves right into, you know, a data reaching and it's a serious things, so that the security team can show that that security can add to their innovative efforts for not get in the way of it, then the stackhold is going to sign up even more beas more supportive of creating a cybersecurity culture. Again. Hope that makes sense. It makes perfect sense actually. And how do you deal with like this softer side of cybersecurity? Why? They human component. It's like two sides of a coin. You can have the best technology, but really there's a lot of vulnerability through human action. Yeah, I tell you. Part of that is, you know, we see a lot of organizations do that fishing exercises of the Phish, the fishing which is when you get the email set are they're not what they claim to be and you put on it. And particularly since Covid we've seen a big increase in Cup smishing, which is fishing via short message. And you know on the text messages, right, we're all so relying on our cell phones. It is true that the weakest link is often a person. That's not because they're bad person, but because the bad guys are clever. I think if you do the training in a way, or you do that awareness right, in a way that at again appeals to they're contributing. or You make them the hero of the story, not the potential villain, right, if you help them understand that they shouldn't be in such a rush to click on that link, but they should actually look at it critically because they are protecting the company. You make them the hero, right, and you sort of congratulate and an award or reward or recognized. You know that the numbers have got doubt. So so you take a security metric...

...that's tall and boring, that says we had a fifteen percent reduction in, you know, malware via fishing extras, you know, fishing. Celebrate that, right, and and attributed back to people being smarter. Right, and and maybe you know, I don't if you call us individual or not, but to celebrate that, you guys did started. Now it's out of boring security metric. It is a corporate success story that everybody here helped move that needle a let's move that needle even more than then. You called the actions is the next time you get an email with a link in it that you don't know who it's front. Take a minute. It's like the meeting thing. Ask Why am I going to this meeting? Why am I about to click on this? The bad as your smart. You know you get you're going to we test our people all the time. I don't get a quick antidote to rise. Probably killed me for telling you this. We had to reorder here so them and we said some naming convention has changed. And I get an email that day or day later about my new business cards being ready and click here at design your business cards and it was a test. I didn't know that and it looked like it came from verizon that. But the name wasn't exactly the new name, but they were capitalizing on, you know, the newness of the of the naming convension and that in the reorgan everything. And I was in the hospel and the kid was sick. I wasn't stick my kidastick. I was worried sick a trying to work in the hallway with my phone and I clicked in the damn thing and the security guy and I flunk to the test, because that's what the bad guys do. So it's the same thing as goings full circle back to the talk about valuing your time right, the speed with which you want to click on something that might be a little odd. Clicking on that in one second is going to give you a second, but it's going to lose you two days of downtime, if potentially your reputational organization for having fallen for it. Right now, you're the guy who brought in the malware. So you know, make people to hear of the story. Now. Very good points. And what's interesting you just demonstrated with this amazing example of you yourself folding prey to the test, is how we're in the rush, rush, rush culture and sometimes we do not pause to reflect and think. No, we don't. And I mean you know a lot of a lot of the companies whose culture is changing right now because everyone suddenly were you know, the ones that are really being recognized for doing it right. They're going beyond the technology enablement and they're thinking about the people ballots and there they're urging that wellness and they're urging that get up and stand up every now and then. They're urging people to do exactly you say, which take a step back and at home mindset. Right. That's not just schedule five minutes to go make a sandwich, for schedule finds to use the restroom. It's it really does have to be a mindset that we're in this for the long haul, right, and you know it's not just to survive for five o'clock, for six o'clock or hour late you work. It's to be here for the long haul and you as an asset to the company, not just your kid, but you're intellect, your energy, your effort in your experience, institutional knowledge. You don't don't get yourself burned out in the frenzy. You know. They're very important points. Now you're mentioning earlier that sometimes you puzzle yourself how you have made the leap between communications and cybersecurities, straddling to seemingly different worlds. To me, that screens innovation right. How what factors do you think contributed to your success? I remember when I transition from internal communications, they have a technology company to security. People were looking at me like I was crazy and I really had a hard sell to get the role. But what I what I realized and I think ten years later now people say that was a real sweet spot. In retrospect, it was so weird, is that communication, collaboration is so critical to really any any effort. Right. I mean my life was doing her master's degree a few years ago and she's her degree was she was writing at her thesis and medical records, electronic record adoption, and that's helping me to some research because it was helping me to work as well, and we kept coming across some papers that showed some research. That the core reason why most it projects..., and I think the cyber security as an ongoing IP project. Most it projects are initials Fale, not because of funding or the machine broke, but because of course, stickholder engagement. Right, that's a court roup. And the same thing in security. If you've got a security team in and building as just doing all the stuff at the company and all the employees across three building be and they're just they look at that's the security team as a pain and they're always in the way. They say no or I can I clip on that thing, or the just always shaking their finger at me. That's not a good dynamic. But what I found is if you could proach cybersecurity as a communications problem and then, because they call it, play of people process technology, it's it's a Cliche, but the people are so important that the technology stuff can come later. But you have to be able to bridge the gap between the business language that they speak in the business line right and the way that employees speak and think, and then the way the security ipee people. So to be in a role where you could possess sort of understanding that. I started my career as a newspaper Guy. So I think having that experience of going out doing new story learning on the fly and the trying as fast as I can to ask the right questions that really help me in that career. So now you know. All of a sudden you see for job descriptions for se Soos or for other security roles, is always that emphasis on being able to collaborate, emphasis something of the facilitate collaboration really beyond just governance meeting. Governance is not collaboration. Governance is a monthly meeting. You show up to but having lunch and listening and learning from your stakeholders and talking about their perspective and security. If they only understand security from shows like Mr robot or movies from the S or s, that's, you know, an opportunity for you to develop a relationship with them and that's about communications. So that somehow I found the right on the right mix and, knock on wood, it's it's been a good role so far. That makes a difference. So, in essence, what you were saying earlier, the research showed that it initiatives failed because their sideloads, they're not properly communicated and engagement is not built and there's no adoption before, during and after. Yeah, that's huge. I've seen a lot of research that says the number one soft skill for it professionals is actually communication skills. I think that's true. I just want a white paper actually riding the publish this. We goes pretty excited about it and the premise of the white paper is about it. As a little bit roundabout to following me is if the white paper urges non it business leaders, right executive sea levels, people, even business line managers, to become more what I called demanding and discerning consumers of information security cofermission particular, and what I mean by that is open up. Is My thread here is that, while there's there is a true emphasis on the need for ACSO and their team to be able to communicate really clearly and well to their internal customers. Right. Increasingly the internal customers, those business line leaders, they're getting spirted about technology and they are asking better questions. So and they're asking how security is affecting their business. Right. So, to answer your question, yes, communication skills obviously a very important you don't go into a meeting and only think and talk from the technology perspective of security, right. But it's not just communication of skill, it's the the willingness and making the time and the energy to learn about the business right and to learn about the dynamic in the industry right. And it's hard to do it because that's the like you look at that as a luxury. Right. I don't know, two hours a week to really step back and read the Wall Street Journal about what's happening in this industry. I have all these events that I have to deal with, an I have all these firewalls. I need to reconfigure it. I have all these viruses and you've chased out. But if you if you can make the time to understand the perspective of your internal customers, you're going to have much for productive conversations. It's lease to relationships. And then what I always say is that when the you know what hits the fan and there is a data breach or bad thing happens or assistant goes down or ransomware comes in,...

...if you've got that relationship with people, because you use your communication skills, you use your collaboration skills and you walk into shoes a little bit, that's some Mepady, because you understand, you know their perspective on things. Right, if it's three o'clock in the morning and there's a side or fire burning, it's been a major data breach all the credit cards of the store. You want them to have your back, right, and if you don't have a relationship, you can stab you in the back. They're going to throw you under the bus. So so it's in everybody's interest to sort of meet halfway and walking each other's shoes a little bit. So, in a since your white paper is promoting like corporate curiosity on the grand scale. Yeah, the white people really talks about how data has to tell stories and you have to be able to extract meaning and make that easy and actionable and protectual for the business. And at that the business needs to ask their questions like if then, if we do this, then will we see this right? The white papers, I think there's a subtle message. They're about the collaboration that's required and actually cite the miss framework, which is the that national steer standards and technology. They have a cyberscurity framework document and there's a big chunk in there about collaboration and communication and reporting. Maybe not enough people that is in there, but one of the best practices and one of the requirements of this is is that you pay attention and stuff like that and you don't just keep your head down and do your security job. You actually, you know, collaborate. So there's a cultural thing trying to get people to think about about the simples. In essence what you're saying again, like we'd responding to messages past, step back, look around, engage. That that makes the difference. Any other reasons? That really does. Sorry, has thank you. Any other in insights you'd like to share? HMM, no, I just I think that we've we've got to sort of just for me, what I'm seeing is people are talking to me more about plan a and plan be. So we know we're recording this right now, you know, and the middle of this pandemic, and it's really hard, I think, for organizations to figure out what do we do with the plan that we had and what's the plan going to be next year? It's like the poor parents to church for figuring out that they're going to go to kids going to go to school or not? Right for businesses, for business leaders, is, you know, do I have to fundamentally transform my business in a short term way to keep the lights on? Right and see all these restaurants figure out the curbsites pick up? You'd see all these retail organizations trying to figure out how to do, you know, online shopping and bring out the car whatever, and the short term transformation might slow down the longer term transformation that you were thinking about. So I think it's very challenging for US personally and very challenging for us in business context to think, you know, so bifurcated ran, plan a is going to be this, plan BEA's going to be that he can cook, lose you lose your mind. They there in lies madness, trying to beat place in the once, and that's a new skill I think that we're all going to have to have, which is resiliency. Right, personal and business resiliency, trying to figure out what the future is going to hold. The mean, no one ever knows that the futures going to hold, and these are particularly of certain times, and I think that's a skill, that that is a it's a paradox, because I'm uraging you to be more present, Mergini, to take a step back and think about what you're doing right then and the now and the wide but at the same time you know your heads, their spending, about what's what's coming down the pike. So I think all of us have to, you know, unplug every now and then, get up and take a deep breath, hug the dog or pike the kid for a walk or something. But well, we all are all this together. I guess we're all in this together and anyway, this is the gwindest exercise also in agility and dealing would and Beity. So yeah, we're seeing a lot of companies who had very grand plans for the digital transformation and now and that we talked about digital transformation enough to be a vague term, but really what it meant is is they were going to maximize their use of technology to have a better customer sperience, cut costs and and to the like...

...the customer. That kind of the fundamentals of what we do. But you have true, my technologies right and they were scelery that because I think they more forward taking companies recognized that they were going to have to do that anyway. And right now we're in a crossroads right. So it's just a challenging time myself. Well, you're always amazingly insightful with great perspectives, and I really really appreciate you joining our podcast, innovation nation. Well, thank you for having me again. I can't wait to see you at a conference some day with the real world. Will be nice and likewise shake hands again. But likewise, thank you so much, David. You've been listening to innovation nation. For more subscribe to the podcast in your favorite podcast player or connect with us on Linkedin. Thanks for listening.

In-Stream Audio Search


Search across all episodes within this podcast

Episodes (32)