John Pescatore

There’s a lot of squishy management crap that we all laugh at. For several years, Gartner has paid some firm to survey employees to find out if we are “engaged,” and if we have friends at work. I worked at GTE for many years and had to go to team-building exercises and management training classes where we would do goofy role-playing exercises and other “illustrative” games.

It all seemed silly to me until I thought about growing up in Long Island, NY and playing lacrosse across junior high school, high school and for the first year of college in Connecticut. If you are not familiar with “The Fastest Game on Two Feet,” lacrosse is like a cross between ice hockey (without the ice and with the sticks held up in the air) and soccer (without the big bouncy ball and with the ability to hit the other team with a stick) in that there are well defined offensive and defensive roles, but there is also a need at times for every player to play every role and the winning teams are usually the ones that actually work best as a team.  

That was a really long sentence. One of the great things about blogging at Gartner is being able to evade all the annoying Gartner editors who would whack that sentence into several smaller, more effective sentences. In fact, based on studies such as this, I would normally edit that sentence myself if this was a Gartner research note that clients would have to pay to read – but hey, its just a blog.

Anyway, if you’ve ever played team sports, or watched your kids’ teams progress over the years, you know how big the difference is between a team that works as a team and a team that is just a bunch of skilled individuals.  It always comes down to everyone not just understanding their own roles, but understanding teammate’s roles and “having their back” – everyone having the trust that if they need help, someone will jump in and help out. 

Part of this is the old “there’s no I in team” management slogan, but more than just the team spirit is needed – the understanding of each other’s roles and the person to person commitment to “have each other’s back” is what really differentiates the winning and losing teams. That’s why I thought this piece in today’s Wall Street Journal was pretty cool – Google and Procter & Gamble Co. have been doing job swapping where P&G folks learn some of the innovative ways Google reaches its customers and Google learns many of the same innovative brand-building strategies P&G has used for decades.  Gartner recently published a case study on P&G’s proactive and innovative effort to find PCs that were compromised with bot net clients – that effort actually started by P&G’s lead security architect working with P&G’s Innovation Group.

Too often, these days we tend to focus on “repeatable, documented processes” and automation as the answer to all problems, and we tend to sneer at security processes that are like “Tom tells Sally who enters in the log, while Raul fixes the problem”. But if Tom, Sally and Raul work together as a team and rapidly adapt to changing threats and security problems, the security at their company is probably better (much better) than at some company where the rigid, documented processes are seen as the end goal.

For large security programs, job swapping across different aspects of the policy, architecture and operations side is a powerful way to go. But for large and small, gains come from doing this also across business app development and security, or help desk and security – or even product management and security.  

Of course, this does take a commitment from the coach and general management of the team, and in today’s loyalty-free business environment such commitment is increasingly rare. But, if you have the chance across your security team to emulate what Google and P&G are doing, jump at it.

Submit a Comment »

Category: Uncategorized     Tags:

Share