Conference : CyberSecurity - Croke Park, Dublin, 3rd Oct 2014 - Breaking down the Silos.

I don't attend many conference; mostly I find them pretty boring and just money spinners for some organisations. When I see big name sponsors immediately I think the pre-sales team are out in force; and sure enough at this conference they were in attendance, I can't blame them its their job. I didn’t speak to any of them; I have a far idea what they are selling and not interested in paying to speak with sales people about technology and security (maybe they should be paying me :) ); I attended this conference to listen to former Whitehouse CIO Theresa Payton. Mrs Payton was not there to speak about Snowden, WikiLeaks etc... Instead; Mrs Payton spoke about about creativity and innovation in the context of security. This very idea is interesting; how often to you see articles about security, innovative and creativity. In more recent months and years; I am spending more time on cyber security in particular Application security (so much so I am reading in University of Oxford specialising in Software Security). So, attending a conference on cyber security with a former staff of Whitehouse should be pretty interesting.

Whitehouse and the happy meal blackberry phone story

Mrs Payton has recently taken up position of Whitehouse CIO and shifting through a large document containing the lost hardware, included in this report are all the lost blackberry phones. The report does not explain how these devices are stolen but what jumps out of this report is the length of time staff take to report a stolen blackberry. Probably in most organisations 18 hours to report a stolen phone might not sound significant; but I imagine in the Whitehouse this is a pretty big deal. How does anyone reduce the timeframe for reporting a stolen phone? Some colleages are challenged to resolve this issue, the team go away and discuss with colleagues who have signed the user acceptance document, this is a lengthy detailed legal document, but included in this document for a stolen / lost phone ‘...we reserve the right to apply the full extent of the law….’ pretty much a scary scenario for anyone to be in if they lost the Whitehouse blackberry phone. Basically everyone was afraid of the CIO & the ramifications of losing a blackberry phone. So, the problem has been identified; now, how do you make the Whitehouse staff

  • ‘love’ the CIO and colleagues therein?
  • how do you make them more appreciative to losing a phone?
  • how do you make them understand losing a phone is a significant security risk?

Firstly; try and soften the legal jargon in the document and then execute a training plan. Whitehouse counsel agrees to soften legal jargon, so problem one gone. Now, how about training all staff in security of your phone; rather than try and get staff to go through a 45 minute boring presentation which was the original way; lets think of a novel approach. This novel innovative approach is Happy Meal mets Whitehouse and you have 5 minutes for the security presentation this sounds interesting, so now I am no longer bored at this conference, how do they pull this one off?

Basically they get a happy meal style bag for all new staff and pop in the new blackberry phone, but included in this bag are all nice Whitehouse gifts like smarties, pens, paper weights all the usual office gift items; additionally this happy blackberry bag includes a credit card with no whitehouse emblem; why well that should be pretty obvious this credit card contains a phone number manned 24/7. Basically you get to contact this number anytime & anywhere to ask questions about your blackberry and to also indicate it has been lost or stolen. You can ask questions about your blackberry, maybe staff don’t know how to use a certain feature or maybe this phone is not the correct one to use on a foreign trip or maybe it gets stolen or lost. This credit card and phone number becomes your trusted friend & colleague, they help you out when you are in trouble. This innovative idea is rolled out in small numbers, lets not fail big; instead if you fail lets fail small. This had the unplanned knock on affect. As the idea is rolled out to department one but not department two; obviously staff members between departments mingle and attend meetings, one staff member asks another staff member what the credit card with the phone number and what the happy meal blackberry bag is all about. And they explain the story; this has the knock on affect of other staff member ringing the CIO office requesting a blackberry happy bag. Which results in ‘Staff members wanting to contact CIO etc…..'

Excellent result - thats a great explanation to breaking down the Silos.