Leadership in Crisis: Building Trust with Continuous Training...

How often have you ever heard the leadership management philosophy that you must "Train Like You Fight"?  Here is another way to look at it:

"The more you sweat in peace, the less you bleed in war." Norman Schwarzkopf

The theme is all too familiar with Operational Risk Management (ORM) teams that operate on the front lines of asymmetric threats, internal corruption, natural disasters and continuous adversaries in achieving a "Defensible Standard of Care."

As the senior leader in your unit, department or subsidiary the responsibility remains high for preparedness, readiness and contingency planning.  Your personnel and company assets are at stake and so what have you done this month or quarter to train, sweat and prepare?  How much of your annual budget do you devote to the improvement of key skills for your people in a moment of crisis or chaos?

What will the crisis environment look like?  Will it develop with clouds, water and wind or the significant shift in tectonic plates?  Will it begin with the insider employee copying the most sensitive merger and acquisition strategy to sell to the highest bidder?  Will it start with a single IT server displaying a warning to pay a ransom or lose all possibility of retrieving it's data and operational capacity to serve your business?  Will it end up being another example of domestic terrorism or workplace violence like San Bernadino, Paris or Ft. Hood?

Leaders across our globe understand the waves of risk and the possible issues that they may encounter each year.  Many travel to Davos to the World Economic Forum where the world tackles these disruptive events, with the best minds and exchange of information.  Why? They understand that vulnerability is what they fear the most.

Yet what can you do in your own community, at your own branch office to address the Operational Risks you face?  How can you wake up each day with the confidence as a leader, that you have trained and prepared for the future events that will surprise you?  It begins with leadership and a will to lead your team into the places no one really likes to talk about.  The scenarios that people fear to train for, because they think they will never happen.

Achieving any level of trust with your employees, your customers and your supply chain revolves around your leadership.  The discipline of "Operational Risk Management" is focused on looking at all of the interdependent pieces of your business mosaic.  The environment you operate in, even the building that houses your most precious assets.  All of these factors are considered in developing and executing your specific plan for training and readiness.

So what?  The question is

"Why Don't Employees Trust Their Bosses"?

Why this lack of trust?

As a leader your roles are multi-faceted and there is never enough time or money in the budget.  The leaders who excel in the next decade, will find a way.  They will invest in their teams training and the systems to increase trust, by addressing Operational Risk Management (ORM) as a key component of the interdependent enterprise.

The "TrustDecisions" you require and the understanding developed to insure effective "Trust Decisions" by all of your stakeholders will remain your most lofty goal as a leader.

How you train to fight and how you sweat now will make all the difference in your next war.  From the boardroom to the battlefield your leadership is all that is needed.  Your leadership will make a difference...

Intelligence Sharing: Responsibility to Provide...

Back in the summer of 2008, the "Need to Know" was now finally becoming extinct. Intelligence Communities around the globe began ever so slightly changing their behavior.

The Office of the Director of National Intelligence (ODNI) had released it's Information Sharing Strategy:

The Office of the Director of National Intelligence was announcing the first-ever strategy to improve the ability of intelligence professionals to share information, ultimately strengthening national security.

The "Responsibility to Provide" attitude combined with a "Rule-set" reset could get the entities moving the right direction. Risk Managers in institutions in the private sector have been grappling with this business issue for multiple decades.

The reality that the FBI, NSA, CIA and DHS are sharing more effectively will only be evident in actual behaviors, not technology.

The new mantra "Responsibility to Provide" would be repeated over and over but where is the evidence?  

The culture shift was predicated on the ability to manage risks associated with mission effectiveness and disclosure of sensitive information. A Trusted Environment.

This new information sharing model is not revolutionary and requires the same care with privacy, information security and civil liberties that we all expect when it comes to personal identifiable information.

Adding new incentives to share information or rewards for doing so will soon be the norm and the behavior changes will be evident. Great care will be given to the ability to protect sources and methods of collection.

Creating a "Single Information Environment" (SIE) will improve the ability for analysts and investigators to get access earlier and to discover what exists. Enhancing collaboration across the IC community would be a strategic goal and has been a dream for over twenty years.

So let's go back to the "Trust Model" for a minute:

• Governance: The environment influencing sharing.
• Policy: The "rules" for sharing.
• Technology: The "capability" to enable sharing.
• Culture: The "will" to share.
• Economics: The "value" of sharing.

A 500 day plan was then in place. The integration has now been reemphasized even today. Let's make sure that our vigilance continues and on this Martin Luther King Jr. weekend, our spirits are reenergized...

Risk Visualization: Enterprise Prevention...

When "Corporate Executives" start talking about how to reduce fraud and other critical Operational Risks across the institution, there is going to be plenty of debate.

Where do you focus your resources and investments in order to get the best ROI and economic value?

If you thought the pornographers were the leading ledge of innovation on the AI Internet, there is a new breed of international criminals and corporate attackers that have emerged at the top of the pyramid.

Financial services organizations are taking an enterprise view of global risk prevention to try and keep ahead of these increasingly clever and technology oriented crooks.

Having an enterprise view of holistic risk is the "Holy Grail" and some would say that focusing on the account and not more on the customer is the wrong approach.

What is clear about the online evolution of fraud activity is that social engineering is working in the exploitation game. Hardening all of the systems with two-factor authentication or even IP Geolocation is just part of a layered risk strategy.

Working from within the walls of your institution trying to figure out how to protect your assets and your customers is merely a myopic strategy.

The attackers are moving too fast and have access to the same tools in their labs where they utilize their own methods and processes for exploiting the vulnerabilities in your latest applications.

Now that you have spent millions on implementing that new AML or fraud detection system, are you sleeping any better at night?

"True strategic analysis of risk and the convergence of relevant data makes scenario development, proactive planning and open source intelligence an area that requires consistent attention."

Simulations and evaluation of possible physical and digital exploits that haven't even been detected yet could provide the proactive and preventive advantage you have been seeking.

What is your latest hypothesis?  Have you tested it effectively to determine the likelihood and impact of success? Training and practicing for the unknown and unthinkable puts you and your team in a more resilient mode to survive the next attack. Whether it's through the front door, the suppliers back door or through the copper wire into your customers home or business office, detection is critical.  

Anticipation and deterrence is imperative...