Jack Santos

A member of the Gartner Blog Network

Jack Santos
Research VP
5 years at Gartner
40 years IT industry

Jack Santos is a Research Vice President with Gartner. He is part of the Gartner for Technical Professionals product and focuses on professional effectiveness for IT practitioners. Mr. Santos covers organizational development, leadership and management practices, governance, and innovation and collaboration approaches. Read Full Bio

2014 Healthcare Breaches…Will Anthem blow it away in 2015?

by Jack Santos  |  February 5, 2015  |  Comments Off

Timing is everything, especially with this morning’s announcements of 80M records stolen from Anthem.  I just completed this analysis of HHS healthcare breach reporting data.

By all reports, the Anthem records certainly contain personal information; they MAY contain Protected Health Information – if so they would be covered by HIPAA and HHS regulations. Time will tell. Were that true, it could be the single largest healthcare breach ever, and we’ll be well on our way of achieving my scenario analysis that EVERYONE IN THE U.S. WILL HAVE THEIR HEALTH INFORMATION IN THE WILD BY 2024 (scenario #3 from this blog post).

If you have followed my blog, you know that I annually review the US HHS breach report, just to see what kind of year we had in healthcare security.  Well, enough time has gone by since the end of year reporting to make sure we have captured the stragglers.  Prior year’s observations are here for 2010,   20112012, and 2013.

A few observations:

  • 2014 didn’t quite achieve the all-time breach level of 2011 – a year when 3 companies accounted for nearly 8 million individuals being affected by a healthcare record breach.  But it was close. The 80M reported Anthem breach of 2015 could dwarf all prior breaches.
  • Community Health Systems Professional Services Corporation in Tennessee joined a very exclusive group – “The over 4 Million Records Breached” club. Advocate Health in Illinois and TRICARE in Virginia are the other members.  The next largest breaches are from Xerox State Healthcare, LLC in Texas (2 Million) and by IBM working for Health Net in California (just under 2M).
  • We are close to 40M healthcare records breached to date…and that’s ONLY counting the HHS reporting of those involving over 500 individuals at a time.  I question how accurate that database is, and how long the tail is regarding <500 individuals.  I suspect that as much as 20% of the US population (60M) now have their healthcare records “out in the wild”.  But that is just a guess.

Notes on methodology:

  • Reporting has gotten more creative, and breaches are over longer lengths of time (spanning years) – that is a troubling fact which reflects that either criminals are spending more time in infiltrated systems undetected, or we just don’t know for sure when they got in, and when the breach was mitigated.   That is a troubling turn of events.  Nonetheless, I have adjusted 2013 and 2014 to reflect the number as of the date the breach ended, or was reported on.

There is a positive side to these numbers. The level of recidivism has declined sharply.  Our usual suspects that appeared multiple times in prior years reports didn’t show up this year, and nothing unusual pops out in terms of repeat offenders.  Let me know if you see the data differently. There is hope that one can learn from a careful analysis of past breaches.

One of my colleagues suggested collating the breach occurrences to level of HIPAA fines…a  project for another day…

Here’s what the number of breaches over the past six years, based on government data, looks like:

Breach 2014

Then there is the hall of shame for 2014:

   Provider  State Number of members affected
Community Health Systems Professional Services Corporation TN 4,500,000
Xerox State Healthcare, LLC TX 2,000,000
Sutherland Healthcare Solutions, Inc. NJ 1,062,509


For those of you keeping track, here are the prior years Top 3:

   Provider  State Number of members affected
AvMed, Inc. FL 1,220,000
BlueCross BlueShield of Tennessee, Inc. TN 1,023,209
Affinity Health Plan, Inc. NY 344,579
New York City Health & Hospitals Corporation’s North Bronx Healthcare Network/GRM Information Management Services NY 1,700,000
South Shore Hospital/ Iron Mountain Data Products, Inc. MA 800,000
Triple-S Salud, Inc./ Triple-C, Inc. PR 398,000
TRICARE Management Activity (TMA)/ Science Applications International Corporation VA 4,900,000
Health Net, Inc./ IBM CA 1,900,000
The Nemours Foundation FL 1,055,489
Utah Department of Health/ Utah Department of Technology Services UT 780,000
Emory Healthcare GA 315,000
South Carolina Department of Health and Human Services SC 228,435
Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group IL 4,029,530
Horizon Blue Cross Blue Shield of New Jersey/  Horizon Healthcare Services, Inc., NJ 839,711
AHMC Healthcare Inc. and affiliated Hospitals CA 729,000


Comments Off

Category: Uncategorized     Tags:

Five things I learned about Digital Business from the World Cup

by Jack Santos  |  July 2, 2014  |  1 Comment

Five things I learned about Digital Business  from the World Cup:

Time is relative and shift-able

Viewing time: one of the odd things is that with the technology of digital recording and/or digital streaming its easy to get out of sync with real-time peer event watchers.  It took me a while to realize that I was 30 secs to 1 minute behind real-time, while discussing the results with others in chat.  It is now more than easy to do that, which will increase the opportunity for miscommunication (is the hotline between Moscow and Washington still analog?)

Comment time:  Even if you are posting “real-time” comments on Facebook, its easy for readers to miss the post time, and view comments based on when they pop (which – as we have found out through Facebook experiments, is easily manipulated). Reconstructing the time sequence of comments can be a chore, depending on how they were delivered.  Which brings up an old saw I would often use: “just because you sent the message doesn’t mean it was actually received”.

Nationality is a flux concept

 As a dual nationality individual, the nation state concept starts looking very antiquated.  My American born children will be eligible for up to 4 nationalities – assuming there are no limits.  Comes in handy in the world cup, though. I root for two teams – unfortunately they have BOTH been knocked out.  And when they play each other? It’s a tough choice – and varies goal by goal.  OK, I am an opportunist – and just looking to celebrate whoever wins.

Digital Borders are permeable

In the US we were limited to two viewing options E$PN (cable subscription) or Spanish language Univision.  I can get by on the Spanish, but there are lots of options to VPN over to a third party country and watch their local TV (in my case Hola).  It was a great viewing experience, and easily (Apple TV, Chromecast) viewable on my 55” screen.  Take that, internet censors and intellectual property nazis!

Infrastructure is THE growth sport

Three years ago in my visit to Sao Paulo and other parts of Brazil, the concern was whether their infrastructure, especially their digital infrastructure, will be ready.  It was.  But not without serious investment.  Watching and communicating with parts of the country that a few years ago were only accessible by boat or plane?  Now that’s amazing.  And what a small world it has become….

Sport is a Digital Business

Concepts around the interconnection of People and Things – and by extension to processes,  locations, and presence –   affect sports, too.   This will probably be one of the last major global sporting events where Internet of Things like capability doesn’t become center stage, for lots of reasons.  Like what Adidas has introduced with the miCoach Elite Team System:

blog pic

 To learn more about these topics – and hear The VP of Innovation at Adidas, Qaizar Hassonjee, talk about what they did — come to  the Gartner Catalyst conference in August.

1 Comment »

Category: Catalyst 14 Digital Business Future Uncategorized     Tags: , ,

It’s the Outcome, not the How Come

by Jack Santos  |  May 20, 2014  |  1 Comment

Have to give Tom Blessing (CIO of Fidelity’s Corporate Technology Group) a nod here for this concept. 

A a recent Boston SIM meeting he pointed out how IT likes to talk about treadmill projects,

when we really should be talking fitness projects – which would get a business partner more engaged. 


I’d take it a step further – and focus on measurable business outcomes. 

What we all should be talking about is weight loss projects.

 ’nuff said.

1 Comment »

Category: career Innovation IT Governance management Managment Strategic Planning Uncategorized     Tags: , , ,

Digital Business, Global Warming, and Too Little, Too Late…

by Jack Santos  |  May 16, 2014  |  2 Comments

 My colleague Jorge Lopez is leading what has become a major focal point for Gartner Research: what to do about becoming a Digital Business – or stated another way, if you don’t start thinking of yourself as a digital business you will soon be out of business….

Click here for a summary of what is happening in our Digital Business research.

With all the news about collapsing ice shelves and global warming Armageddon, I wonder what impact the future of a digital business strategy can have.  In fact, this coupling of people, business, and things may be our only hope – drastic reductions in greenhouse gas emissions through automated routing of autonomous vehicles, closer management of energy utilization, etc. etc.  I am sure there are ways we are just beginning to think about, in terms of how the internet of things can affect the global climate when businesses become fully digitized  – hopefully positively.

From a practitioner’s POV, we’ll be introducing “Digital Business” topics at our upcoming Catalyst Conference 

As strategy becomes tactics, you’ll see more “digital business” how-to for the IT practitioner coming out of our Gartner for Technical Professionals research in 2015.

Before it’s too late.


Category: Catalyst 14 Cloud Digital Business Mobility Nexus Predictions     Tags: , , , , , ,

Revisiting the Hacker Mom in a Target Rich Environment

by Jack Santos  |  May 7, 2014  |  1 Comment

Target CIO, CEO resignations. The credit card hack may have something to do with it (although I suspect for the CEO there were other things in play as well – like earnings).  And my colleague Anton Chuvakin mentions some data from Krebs.   Median price of a black market stolen card around $35, with $54M made by the people that stole the card numbers from Target.  Those numbers are suspect, but what worries me more is the societal impact of such a breach – and society’s view of credit card fraud.

As the social contract breaks down, what could be perceived as criminal breaks down too.  After all, a $35 credit card (less than most annual fees) and money out of the pockets – ostensibly – of banks and insurers (who is more hated?).  In 4000 years of human history, pawn shops for stolen goods have always existed…now they have gone viral.

Which reminded me of this personal connection to credit card fraud (pre Target and pre chip-and-pin).  It’s worth re-reading.  And it puts a face on the crime – at least the retail aspect of it…


Lisbeth Salander - Girlzngames.com

Well,  this post is about the time I met a Hacker Mom.

It was still in the embryonic phase of the internet’s development – and I had just started to use my credit card for online purchases.

One day, paper mail arrived (no ebills available yet) with a credit card charge for a computer to Dell.  While I was a Dell customer,  I hadn’t made any recent purchases.  Calling Dell, I found it was delivered to an address in the suburbs of New York City (I live in New Hampshire).

OK.  Dell, the credit card company, and I got on the phone together to sort this out.  Dell issued a fraud alert, the card company credits my account and cancels the card.   Note to self:  set aside a separate and single card for internet purchases, with a liberal fraud policy.  So far, out of pocket: $0.

With the shipping address information from Dell, I started doing my own snooping.  Even though the matter was now out of my hands, I resolved to dig into this further – how did the thief get my card number? where? and why?  Did I know him/her?

I setup up an appointment with my local police to report the incident; they were happy to help.

Before that meeting, I did an internet search using the address.  Low and behold, I not only get a legit  address, but also a name, and a phone number!

I dial the phone number and a women answers.  I introduce myself, explain I have some questions – and she acknowledges in broken English.  My next question: “have you received a shipment from Dell?”.  Suddenly her English takes a turn for the worse (“no speak no speak”) and the phone is on its way to the cradle.  Recognizing her last name is of Portuguese origin (of which I am a fluent speaker) I yell into the phone (in Portuguese) “Senora <name>, I just want to know what happened. Are you Portuguese?”

A pause, and then the reply in Portuguese: “You are Portuguese?”.  I made a human, cultural  connection – a fast and accurate hook – we now shared a common heritage, and I was not just a nameless, anonymous voice. The hour phone call that ensued  (in Portuguese) was a story of a teenage daughter, in with the wrong crowd.  A mother whose marriage had fallen apart.  A daughter’s boyfriend that was untrustworthy, and an awful influence.  The mom never knows where her 15 year old daughter is, or what she and her boyfriend are up to.  The school is always calling and, in the past few months, dozens of packages begin to arrive at the house.  At first she accepted the packages, but once she realized that these were goods purchased with stolen card numbers, she started to refuse them.  Where did he get the card numbers and names? He  bought a list on the internet.  The boy knows where and how.  It is quite a black market, these lists of valid card numbers.

Of course, I had no way of knowing whether her story was true, and whether the crying and wailing I heard over the phone was sincere.  I suspect it was, but I also suspect she was more than happy with some of the purchases coming from nowhere.  For forty five minutes of the hour long conversation I was in the role of priest, counselor, and therapist.  Then we hung up, both saying we’re sorry.

My meeting with the police was simple.  It was a low priority case, and they were already working on a case in town where someone was out $10,000 for Bears tickets purchased over the internet.  My $1000 computer (and $0 loss) didn’t match that.  But the officer used his contacts, spoke to two departments in other states, and got a commitment to dispatch a squad car to the address;  to shake them up at a minimum.

As banks know, the credit card fraud issue has only ballooned since those early days – whether the numbers came from dumpsters, or from insecure online databases (like TJX) is only half the story; the distribution opportunities online is the other half.  But what really is significant is the human story behind it all: dysfunctional families, broken homes, and teenage hooliganism.  That isn’t going away anytime soon, no matter how secure we try to make our systems.

Poor cyber-security,  internet-smart  thieves, complicit buyers are just a part of the fraud problem.   And although the Internet  is not part of the root cause of these fraud problems, it has a huge  amplifier effect.

Buyer beware;  and companies?  prepare.  It’s not getting better anytime soon.


original post  from Jan 6 2011  at http://blogs.gartner.com/jack-santos/2011/01/06/part-0-hacker-dad-meets-hacker-mom/



1 Comment »

Category: security Uncategorized     Tags:

2013 Healthcare Breach Report

by Jack Santos  |  April 14, 2014  |  Comments Off

If you have followed my blog, you know that I annually review the US HHS breach report, just to see what kind of year we had in healthcare security.  Well, enough time has gone by since the end of year reporting to make sure we have captured the stragglers.  Prior years observations are here for 2010,  here for 2011, and here for 2012.

This year I firmed up our counting rules.  For example, I count all the multi-year breach counts in the year that the last breach report ended.  So there are some slight variations from prior years reporting.

A couple of observations:

  • 2012 now seems to have been an anomaly around breach reporting, we got back on a growth track in 2013 for breaches.  Something to look forward to (uggh).
  • We are at 30 Million individually identifiable healthcare records that were breached to date.  In four years we have exposed protected health information for 10% of the population.  I don’t think this cadence of breaches will change – in fact it may very well accelerate.  Get ready for a world where your health info is readily available – legitimately or not.
  • There is a whole lot of press on the 40 Million credit card numbers that were hacked at Target.  That’s an estimate, probably at the high end, and we don’t know how many of those were (or are) still valid numbers.  Not a word in the media about the 30 Million healthcare records out in the wild.  Healthcare is more than just about “What’s in your wallet” (apologies to Capital One).  That said, stolen credit card numbers are easily monetized, while stolen (or lost) healthcare records are a whole different story (note that some of these breaches included card numbers).  Which one is the more serious breach type, I’ll leave to a discussion for another day.
  • In 2013 Advocate Health in Illinois  joined a very exclusive club –  “The Over 4 Million Records Breached” club.  There is only one other member – TRICARE in Virginia.  The next largest breach of all time is almost 2M Million records – ostensibly by IBM working for Health Net in California.

Here’s what the number of breaches over the past four years, based on government data , looks like:


2013 Healthcare breaches


Then there is the hall of shame.  Let’s recap the top 3 largest breaches by year:


   Provider  State  Business Partner Number of members affected
AvMed, Inc. FL 1,220,000
BlueCross BlueShield of Tennessee, Inc. TN 1,023,209
Affinity Health Plan, Inc. NY 344,579


New York City Health & Hospitals Corporation’s North Bronx Healthcare Network NY GRM Information Management Services 1,700,000
South Shore Hospital MA Iron Mountain Data Products, Inc. (now known as 800,000
Triple-S Salud, Inc. PR Triple-C, Inc. 398,000


TRICARE Management Activity (TMA) VA Science Applications International Corporation (SA 4,900,000
Health Net, Inc. CA IBM 1,900,000
The Nemours Foundation FL 1,055,489


Utah Department of Health UT Utah Department of Technology Services 780,000
Emory Healthcare GA 315,000
South Carolina Department of Health and Human Services SC 228,435


Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group IL 4,029,530
Horizon Blue Cross Blue Shield of New Jersey NJ Horizon Healthcare Services, Inc., 839,711
AHMC Healthcare Inc. and affiliated Hospitals CA 729,000


And from the “will they ever learn?” department, these cases jump out:

Utah Department of Health UT 2010







Indiana Family & Social Services Administration IN 2013





Health Net, Inc. CA  2013





Cook County Health & Hospitals System IL 2010









Can’t wait to see what happens in 2014….



Comments Off

Category: Fun Healthcare security Uncategorized     Tags: , ,

The Importance of Being Work Flow

by Jack Santos  |  March 20, 2014  |  Comments Off

In this era of Big Data we often forget that data without process is like a day without…well you get it.  It being tax season in the US, I came across a prime example which I initially thought was a stretch, until it happened to me!

In the good old days of (say) ten years ago, the tax process was simple: you either did it yourself, or you had a third party do it – but in either case you sent the paperwork (forms etc.) with the check (if you owed money).

Well, electronic submission has changed all that.  Now the common practice (especially if you don’t trust turning over access to your bank account to the IRS) is to send a check separately from the form.  And the repercussions of that could be huge.  What was a single communication stream like this:



 becomes this:


No -This is not a rant about taxes – which would be entirely inappropriate for this blog – but it is an observation about what could  happen when we decouple data from process.  Miscommunication between preparer and citizen (wrong amount, missed email, etc. etc.), the inability of the bureaucracy to match receipts with forms, any number of things can go wrong – that wouldn’t have happened before  (or would have happened fewer times).  Then we need to think about how we remedy that ( if we allow the new process to exist)  – more process on top of process, more disruption, more cost.

Analytics is part of the puzzle.  The new scenario could complicate analytics (do we now need a data warehouse to match money to form and method? or to analyze the decoupled data and more complicated process?).  And let’s not even get into what’s the “meta data” – ala NSA concerns – especially now that they are two disjoint streams.

And this week, while writing this blog post, just when I thought this couldn’t possibly happen to me, I received an unexpected check from – guess who – the IRS.  I  am more in the habit of giving money to the IRS – not receiving it.  So imagine my surprise when I found out that an estimated payment, sent in correctly and appropriately, was somehow not able to be matched to me.  So they sent it back. with interest.  I am spending the $1.24 all in one place.

Of course the simple solution to this workflow conundrum on the citizen end  is to give the money to the preparer so it emulates the initial process – the preparer sends in the money with the form.  But most preparers don’t do that, now that electronic filing has come of age. 

Or give the IRS access your bank account.  Yeah. That’s a good idea.

Comments Off

Category: Externalization Information Management Innovation IT Governance management Managment Outsourcing practitioner Uncategorized     Tags: , , ,

Work for Free!

by Jack Santos  |  March 6, 2014  |  Comments Off

This month’s Strategy and Business had this article:

Would Your Employees Work for Free?  Leaders who manage volunteer work forces have much to teach leaders who manage employees.

I suppose they are suggesting that a measure of employee engagement is whether I as an employee would still do the job for free…

So I am reflecting on experiences where that were born out:

1)      The hospital:  hospitals (up until recently) paid much less than other sectors for IT help – to the point where they would just train low paid clinicians to do IT.  The typical CIO salary was 1/2  to 1/3rd what he/she could earn at a comparable for profit.  The up side was “the mission” – helping save  lives vs. creating a system that optimizes sales is a compelling legacy and (sometimes) makes up for a lot of comp

2)      The college radio station: EVERYONE in a typical college radio station works for free.  I ran one as station manager for two years and technical director for one.  Through administration budget meetings, student strikes, sit-ins, and precarious race relation negotiations.  And always wondered why I (or any of the other 100+ volunteers) would put up with it for nothing.  Music and drugs helped ;)   It also provided a good work experience to be used later.

3)      The start-up:  this was more a case of delayed gratification – if I work for free or near free now, maybe I’ll be filthy rich in the future and not have to work at all.  It’s a Las Vegas crap shoot, but still something many employees (and ITers) buy into.

So  “delayed gratification”  could be the underlying motivator in all these “ideal engagement” scenarios…whether its feeling good about what you did with your life, recognizing skills that could come in handy later, or just hoping for the big payout at the end of the time you put in.  If  it’s no $, then it may be that employees have to see other visible results…or risk the perception that their time is wasted.

The fallacy with equating positive employee engagement with “working for free” is that humans often put up with a lot of hassle for a period of time for a variety of motives – and it may not reflect true “engagement”; also finding someone with charismatic qualities  to follow may also be a factor – playing on that need for security and  shared purpose.  That works for cult leaders, at least for a while.

There’s also a fallacy with equating employee satisfaction with engagement, or the fact that people will work under duress for free… for a while… until they find something else; or the need to achieve an organizational goal for a higher cause – sometimes you have to put up with a lot to accomplish a noble goal — like in a just war (e.g. the Greatest Generation).

Even more importantly – it’s not about top down leadership, but what Tom Friedman recently wrote about in an interview with Laszlo Bock at Google.  He called it “emergent leadership” — the ingrained motivation within all of us, components of which are humility, responsibility, ownership.  That’s what I’m talking about when I mean “engagement”.

During our changing IT career research we found the CIO who was not competing for employees on pay, but competing on career development. He found out what each one wanted to pursue and helped them do it. He gave them assignments knowing that eventually they would leave out of necessity to find more pay, but while they were there they got the opportunities to improve their career. Now THAT’S engagement!

For those of us in IT, these are not academic topics — and that’s why Mike Rollings and I are focused on them in our professional effectiveness research at Gartner.

Comments Off

Category: career management Managment Social Media Strategic Planning Work Place     Tags: , , , ,

US Government Shutdown Lessons for IT and Businesses

by Jack Santos  |  October 11, 2013  |  5 Comments

Just read an interesting analysis by George Friedman over at Stratfor: The Roots of the Government Shutdown.  He ascribes the shutdown as an unintended consequence of the change of the US political landscape from a political boss system to a money-lobby driven system.  And the confusion of principles with ideology.  We have transformed from a principled people, to ideologues.

Everyone disparages Washington DC for this kind of behavior, but my observation from Facebook and other venues is that the behavior of no-holds barred stand your ground on principles and ideology is rampant in our society, fueled by online media (Facebook, blogs), as well as traditional media (Fox News).

Now this is not normal territory for a Gartner Blog topic, but I bring it up because my Research Agenda in Gartner is “Professional Effectiveness”.  Sure, we talk about influence, persuasion, the power of the individual because of the internet, career topics, and the failure of the hiring process.  Anything that can make the IT Professional more effective. For a quick look of our Professional Effectiveness research, go to “GTPCareer.com” – that provides an overview; any further exploration and you’ll need a Gartner ID.

Professional Effectiveness is not just about your career, or your ability to get the job done.  It’s also about understanding what’s happening in society, and business, that affects how you do your job – like my upcoming research on best practices for online/anytime/anywhere work (which – HP and Yahoo aside – is an inevitable growing trend).  We need to think about our  impact in a world where what you say can be read by millions within minutes of posting, but what that also means to how you do your job, and your business peers do theirs .

As I watch Facebook discussions around US politics (Obamacare, mayoral elections) degenerate into the kind of standoff we see in DC, it occurs to me that our ability to connect is central to how we develop real, impactful business systems – whether it’s how you interrelate with your business partner, or convey requirements to your subcontractor or outsourcer.  How you integrate that latest SaaS  app, whose roots were in a business area “shadow IT” skunk works.  And how you connect with your boss and peers.  What’s happening is DC is just a mirror to ourselves and how we interrelate – at home or business.

And for my international friends, don’t think this kind of behavior is a uniquely American phenomenon (which, if you agree, refutes Friedman’s analysis).  The level of discourse internationally – whether it be about Arab springs, Roma settlements, unemployment, or Olympic spending inequalities, is worldwide.  That’s not to say that human disagreements  has always been relatively civil  up until now — just that it is starting to take a particularly significant  unpleasant turn; my hypothesis is that is a consequence of Internet side effects.

So the  roots of the US government shutdown help me realize that what we do with our professional effectiveness research is, in some ways, understanding how we avoid the kind of  behavior in our daily lives in business that leads to dysfunctional organizations.

That’s what me and my colleagues – Mike Rollings, Jamie Popkin, and others at Gartner that contribute to our research, do.  We are the Corporate Dysfunction trouble shooters, AKA the Enterprise Collaboration Shutdown avoidance team…


Category: career Innovation IT Governance management Managment practitioner Social Media Strategic Planning Work Place     Tags: , , , , , , ,

Management 500: Leadership

by Jack Santos  |  October 7, 2013  |  Comments Off

A few weeks back I gave some advice to new managers under the title “Management 101“.  This post is for  the more advanced crowd, and just like graduate level courses, it can be controversial, and not “settled law”. But worth repeating, especially for managers that are still unsure of themselves.

This note recently came across my desk:

In a previous job I had a boss who called me into his office to tell me he didn’t approve of the job performance of one of the employees that reported to me. He told me to have a talk with him. I called the employee and told him, “Bob wants me to tell you how much he appreciates the job you’re doing.” Several weeks later my boss called me back into his office and told me, ” I can see you’ve spoken to <the employee>, what a difference!” Choose encouragement over criticism, always!

Now for you hardliners out there, there are many things wrong with this approach:

She explicitly went against her supervisor’s direction
She didn’t challenge her boss on a basic assumption, didn’t have an open, honest dialogue
She fundamentally wasn’t honest with her employee

And what about the performance evaluation process? What went wrong there? What happened to frequent, periodic reviews?  Or the process to ensure a fair and equitable rating and feedback process?

Now that all said, it was a gamble, and it worked… for now.

Nonetheless, it’s a great example.  Management is about human beings, and there is nothing black and white about humans.  Every employee is frequently put in this position – whether it is with subordinates, in dealing with an issue with peers, or even working with superiors and navigating political waters.

In fact, there is a lot here that is counterintuitive.  This manager made the right call, knowing the perceptions and preconceived notions involved.  At least the right call for now.  What happens next, when her “little white lie” comes out?  It may, it may not.

But I love how in this case the manager took the initiative to do what they thought was right.  Soon, her manager may report to her.

Some call it manipulation.  My touch stone has been this famous Eisenhower quote:

“Leadership is the art of getting someone else to do something you want done because he wants to do it.” 

Maybe the corollary is:

“Leadership is getting the results you want by getting others to think they did it”.


“Leadership is getting the right results in a way that encourages everyone to a higher level of performance, whether they realize it or not”.

What is clear to me is that the same skill and judgment that went into this little case study is something that is not  peculiar to supervisors and managers – the traditional definition of “leaders.”  Everyone is a leader.

What do YOU think?  What would YOU do?

Comments Off

Category: career management Managment practitioner     Tags: ,