Download your copy of our insight paperLaws and regulations governing privacy and the protection of data, particularly sensitive personal data, continue to proliferate across the globe. But why should CISOs care about data privacy and how should they manage regulatory transitions to ensure their information security program stands up to data privacy protection laws? To get ‘real’ insight into this topic, we hosted a virtual roundtable where we invited a small group of top CISOs, operating in highly regulated industry sectors in the US, to share their lived experiences. Our guest speaker Robert Ball, Chief Business Development Officer & General Counsel from Ionic, also shared insight into why the domain of the CISO has expanded in light of emerging data privacy and protection laws. Download our insight paper for the key takeaways from the event and to discover 10 technology tips for CISOs to effectively manage data privacy. Download
29 Oct 2020
Will the office exist in a post Covid-19 world?It’s fair to say that the world of work has changed forever as we enter a new era of remote working. But what is the sentiment to remote working amongst the professional working population now?The cost and time savings of not having to commute every day are hard to dismiss and as lockdown eases, employee expectations are bound to have changed when it comes to the ‘return to the office’.So, how many days in the office do working professionals really want - given their varied individual experiences over the past few months? Over 70% of professionals now want to work in the office less than two days per weekStanton House’s recent poll, taken by over 600 professionals, reveals that a large majority (72%) would prefer to work two days or less per week in the office going forward. Less than a third (29%) would prefer to work three days or more per week in the office and only 4% would like to go back to four days plus per week.One to two days in the office comes out on top, with over half, (54%) voting for this as their preference and 18% say they would prefer to work from home 100% of the time. These findings suggest that while some crave the return to an office environment the vast majority have come to the conclusion that they will never want to work in the office five days per week, ever again. 43% more men than women want to work remotely 100% of the timeInterestingly, when comparing sentiment to remote working between gender, our poll reveals that a higher proportion of men (20%) would prefer to work remotely all of the time - compared to only 14% of women – that’s a 43% increase. The opposite is true for one to two days in the office, where a higher proportion of women (58%) voted for this as their preference - compared to 51% of men.Our poll cements what we already know - that organisations will be required to rethink their approach to remote, agile, and flexible working - putting People and Culture teams, front and centre, to design and drive this change. But have employers really seen clear benefits from this forced change to a homeworking environment and how committed are they to expanding and extending remote working, organisation-wide, for the long term? Will new HR policies align to the consensus revealed by our poll, or indeed go even further and flex to the individual?Employers realise the benefits of remote working Many of the business leaders I speak to tell me, that they have had their eyes opened to the benefits of remote working, not least the tremendous cost savings that can be achieved with reduced real estate needs.Not including utilities, security and maintenance the rent per seat in the UK can range from *£150 to £1500 per month, depending on location and the amenities available. London’s West End tips the scales, where it can cost **£207 annually just to put your laptop down on a desk.If you consider the floor space some large corporates take in the expensive high-rise buildings in Canary Wharf and The City of London for example, these cost savings can amount to millions. There can be no doubt that employers across the country will be modelling different scenarios with reduced office space. Leadership teams within organisations, both large and small, will be debating not if, but how much and to what extent, their workforce will continue working remotely in the long-term.Just a few of the companies that have already announced intent to expand work-from-home in the UK include Morgan Stanley, Barclays, Thomson Reuters, Vodafone, HSBC, Twitter, Facebook and Unilever. “We’ve proven we can operate with no footprint….I see a future where part of every week, certainly part of every month, a lot of our employees will be at home.” James Gorman, Morgan Stanley, CEOHowever, this commitment to expand remote working it is not just to save costs on office space. Most leaders I speak to tell me they have experienced increased productivity, better collaboration and teamwork, increased employee engagement and a significant reduction in absenteeism - dispelling the many concerns and misconceptions to homeworking pre-Covid-19. Having the right, secure technology and communication channels has been critical to achieving this, however, as has having managers, who don’t revert to micromanagement amidst uncertainty, but are able to trust and enable their teams.Training needs have also been highlighted and identified, particularly for middle management, where resilience, adaptability and agility are often cited as key competencies which are lacking. Additionally, the spotlight on employee wellbeing has only magnified through this crisis as has the continued importance of diversity and inclusion in the workplace. The challenge for employers right nowAs many employers once again pivot their people, processes and systems from full remote working, to a hybrid (office/home) working environment, maintaining the benefits gained amidst lockdown and addressing the technology and talent issues identified will be critical to lasting innovation and growth. The ramifications of getting the technology, talent or operating model wrong will be catastrophic for the competitiveness of any business as we enter this new era of work. Employers now need to ask themselves - do they have the internal expertise needed to design, implement and sustain the huge culture shift that is required? And if big corporate offices are a thing of the past where and how will people come together to collaborate? How do individuals continue to nurture the ‘social equity’ they’ve built over the years with colleagues and customers - remotely? Can we ever really replicate the benefits of socialising after work, the corridor conversations and meeting someone face-to-face? The critical questions many business leaders and HR professionals are now trying to answer now are:1. How do we once again pivot our people, processes and systems from full remote working, to a hybrid (office/home) working environment?2. Do we have the right / secure technology and communication channels to support a hybrid (office/home) working model?3. How do we maintain the benefits gained from remote working amidst Covid-19? 4. How do we tackle the tech and training needs identified and truly enable our manager population? 5. How will we evolve our employee value proposition (EVP) to attract and retain the best talent, now that flexible and remote working is the ‘new norm’?6. What are the ramifications of getting any of these considerations wrong? *Instant Offices UK Commercial Market Summary 2019 ** Instant Offices Get in touchIf you need help finding talent with the necessary expertise to transform your business for the new era of remote working, please get in touch. About the pollThe poll was posted to Stanton House’s company LinkedIn network of over 25,000 followers. The poll was live for 1 week from the 27th June 2020 to the 4th July 2020. 611 people voted answering the question: “How many days in the office would you prefer to work per week?”
21 Jul 2020
Download our insight paperInclusion is critical to every aspect of any business that is about people and now more than ever, these challenging times call for business leaders to maintain focus on engaging and retaining their workforce. Undoubtedly, increased homeworking adds a new layer of complexity, but employees still need to feel secure in their connectivity to their organisation and be given the opportunity to contribute and participate in a meaningful way - albeit remotely. So how can leaders ensure that they are on the right path to being and becoming more inclusive? Download our insight paper, a culmination of our recent blog series, to discover top tips from diversity and inclusion expert Paul Anderson-Walsh, from the Centre of Inclusive Leadership. Download Share you insightsWe would love to hear from leaders on how you are adapting, implementing and assessing your workforce engagement and inclusion strategies in this new era of work. Please get in touch to share your insights.
18 Jun 2020
In previous instalments of this blog series we brought you expert insight from Paul Anderson-Walsh, Co-Founder of the Centre for Inclusive Leadership, where he explained the I.D.E.A.S © model on being and becoming more inclusive. This framework enables organisations to better understand where they need to focus their efforts if they are to develop and sustain an inclusive environment in which everyone can be their best self and do their best work. Part one explained the difference and importance of integrating new hires into an organisation rather than inducting them, part two explained the importance of developing employees rather than letting their value depreciate, part three looked at enabling managers rather than expecting them to know how to lead and part four discussed how to align talent rather than forcing people to assimilate. This week we take a look at the final element in the model, sustaining the shift to a culture or inclusion, rather than superficially ticking boxes. Paul Anderson-Walsh Sustaining the shift to a culture of inclusion The alchemic power of inclusion has been lost in the (critically important, but critically different) Equal Opportunity and Diversity agenda. Many of the initiatives that have been offered have produced superficial rather than sustained change. They have produced a change that failed to produce change. For instance, well intended or not one might reasonably ask how much lasting change Starbucks gained from shutting 8,000 stores for four hours recently to conduct racial bias training for its employees. Inclusion is aiming at something more sustainable. It is aiming at driving high performance through culture change. Charles Handy defined culture as “the way we do things around here”. Ultimately, it is how we do things that determines whether any change sticks and becomes a new habit. To sustain the behaviours consistent with an inclusive culture (one in which there is integration rather than induction; development rather than depreciation; managers being enabled rather than expected to know how; and where there is alignment rather than assimilation) leader-managers must be the embodiment of new habitual ways of being. They need to be able to lead in such a way that they inspire those who work for (and indeed with) them so that they are motivated to learn, grow and develop and become more adept at managing inclusion – their own and that of others. There are many barriers to inclusion, bias (in favour of, as well as against) being chief amongst them. Bias, as a result of stereotyping, assumptions and prejudgements is often the major cause of a shift to a more inclusive organisation culture not being sustained. We have developed a model that can enable individuals to embed new ways of “doing things around here” and thus support and sustain the organisation shift to inclusion by deliberately seeking to become bias interrupters. This is achieved when the organisation H.E.A.R.S. ™ An organisation that H.E.A.R.S. can be identified by the way in which all its staff interact with one another, with their clients, customers and other stakeholders. H.E.A.R.S. Top tips for sustaining the shift to inclusion Being our best selves & doing our best work Change entails new ways of thinking, being and doing, consequently, for change of any nature to be sustained it must be anchored in the culture. In order to do that we believe that you need to be intentional about inclusion so as to foster an environment where your people feel comfortable reaching out to all their colleagues to gain greater awareness of each other's experiences and perspectives. You need to have ongoing dialogue but without tolerating any incongruence between behaviours and your inclusion values. You need to build trust encouraging compassion and open-mindedness and reinforcing our commitment to a culture of inclusion. For information about the Centre for Inclusive Leadership’s Inclusive Leadership Programmes, please get in touch. Share your insights We’d love to hear from leaders on how you are adapting, implementing and assessing your workforce engagement and inclusion strategies as a result of the Covid-19 crisis. Please get in touch to share your insights.
20 May 2020
In parts one, two and three of this blog series we brought you expert insight from Paul Anderson-Walsh, Co-Founder of the Centre for Inclusive Leadership, where he explained the I.D.E.A.S © model on being and becoming more inclusive. This framework enables organisations to better understand where they need to focus their efforts if they are to develop and sustain an inclusive environment in which everyone can be their best self and do their best work. Part one explained the difference and importance of integrating new hires into an organisation rather than inducting them, part two explained the importance of developing employees rather than letting their value depreciate and part three looked at enabling managers rather than expecting them to know how to lead. This week he looks at how to align talent rather than forcing people to assimilate. Paul Anderson-Walsh Aligning your talent, rather than forcing them to assimilate One of the primary reasons that organisations, even those who really value diversity, don’t get value from diversity is that their culture is designed to assimilate people rather than align them. When people are assimilated they lose their essential identity. Their difference is homogenised. Over time the uniqueness of the individual (which goes way beyond their ethnic and gender identification differences) is lost as people ruthlessly edit themselves to adapt to the new culture. Where there is a dominant prevailing culture, assimilation, a one-way process, is the order of the day. The newbie adopts the majority culture and when fully adapted he or she becomes virtually indistinguishable from the dominant group. Quite apart from the tragic loss of individuality, assimilation creates the perfect conditions for groupthink to flourish. When that occurs all hope of creativity is lost as individual thought bows the knee to the most powerful person in the room as people set aside their own personal beliefs or adopt the opinion of the rest of the group. Would-be detractors remain silent rather than disrupt the uniformity of the crowd.Aligning the talent to the organisation, and the organisation to the talent is an important building block of an inclusive organisation. Whilst it is vitally important, it isn’t easy. Alignment requires a high level of commitment to generating value from diversity as well as a willingness to flex and be supple in order to get that value. We often talk about aligning our talent to the organisation but we don’t so readily think about how the organisation could benefit from aligning itself to its talent. Consider for a moment how the English language, once a minor Germanic dialect has raised to the position it enjoys today as a, if not the, global language. How was that achieved? Well one reason, among many, is that it is a language that allows it to be infiltrated by other tongues and cultures (popular culture included). It embraces new words and consequently has an ever-expanding, ever-relevant vocabulary. The inclusion-savvy organisation knows only too well the value of “clean-eyes.” The management commentator Peter Drucker once remarked that ‘ignorance is the most important component for helping others to solve any problem in any industry.” And so, it is. Yet so keen are we to get people to see the world through the lens of our corporate spectacles that we miss the opportunity to see what they see, with clean eyes.Organisations where the talent is aligned to the organisation and the organisation is aligned to the talent, produce a very coherent signal to their customers. Top tips for aligning your talent 1. Think fitting together and not fitting in 2. Remember that it is about all of them not some of them 3. Value difference 4. Don't allow any disconnect between beliefs (values) and behaviour 5. Foster an environment where people feel comfortable reaching out to their colleagues to gain greater awareness of each other's experiences and perspectives. For information about the Centre for Inclusive Leadership’s Inclusive Leadership Programmes, please get in touch. Look out for my final blog in this series where I explain the last element of the I.D.E.A.S.© model ‘sustaining’.Share your insightsWe’d love to hear from leaders on how you are adapting, implementing and assessing your workforce engagement and inclusion strategies as a result of the Covid-19 crisis. Please get in touch to share your insights.
15 May 2020
Aside from the infamous hot-dogs, deep-dish pizzas, jazz music and gangsters, the Windy City is home to an array of incredible Cyber Security professionals and I’m raring to meet them when I move over in just a few weeks’ time. We’ve been focusing on the US market for the past few months from London, but as of October, I’ll be on the ground in Chicago and expanding the Stanton House US offering with a keen focus on the Cyber Security market. It goes without saying that I’m dead excited from a personal perspective to move to such a wonderful city, but as well as that, Chicago homes a wide range of industries needing protection from the ever-growing threat of cyber attacks. I feel energised by the idea that the team and I have the opportunity to support corporate America through introducing Cyber talent to vulnerable organisations. I started out my career at Stanton House focusing on the Accounting and Finance market but my interest in technology and desire to provide solutions for our clients, led to me setting up a team focused on Finance Transformation. My venture into Cyber Security allows me to not only satisfy my own fascination with the world of technology, but also help executives deal with one of their biggest preoccupations: protection of data. Whilst I have an amazing adventure ahead of me, I wanted to take this opportunity to thank everyone in my network who has supported me in my career to date. Whilst working in America has always been a dream of mine, it has been a thoroughly enjoyable six years with the UK team and it goes without saying you’re in the safest of hands once I hop across the pond. I will continue to remain connected to the UK market and do not intend on losing touch with you all. If you ever need any support, advice or just fancy catching up, don’t hesitate to drop me an email. For anyone else floating around in the states, I’d love to meet for a coffee and maybe trade in some geeky Cyber dialogue for a tour around the city!
27 Sep 2019
Today we were joined by executive-level professionals from a multitude of disciplines who wanted to learn a little more about their Cyber Security. Jay Abbott and Kieron Maughan of Nellcote joined our Head of Cyber Security, Ryan Surry, to host our gamified event titled; How will you respond to a Data Breach? Our audience of CFOs, COOs, Transformation Directors and the like were thrown into a live hacking simulation - faced with a possible data breach - and unsure of how to respond. From the initial breach, the guests had to work together in teams to work out if a hack had even taken place, where the attack has hit and who is affected. They also had to deal with a simulated press conference, concerned customers on social media and stakeholders asking questions, they might not have the answers to. Cyber can be overwhelming and it’s not something easily understood by professionals outside of the industry. Today’s event offered our network a real-life insight into a Cyber Breach as it happened and taught the professionals taking part, how to respond. Not only was the event insightful, thought-provoking and eye opening but it was interactive, fun and exciting and offered a truly unique but surreal experience, giving our executive guests the answers to take back into their own Board. Head of Cyber Security, Ryan Surry said; “I’ve worked in this industry for many years, having intelligent conversations with many fellow Cyber professionals along the way. Today was the first time I was able to take that conversation to an audience of Board members who do not specialise in Cyber, in fact, focusing more on Finance, Change, HR and other industries. “It was truly mind-opening to see how professionals of different disciplines react in situations that we deal with every day and was equally rewarding to work with Jay and Kieron to help these leaders understand a very current issue that could impact their company tomorrow.” We will be producing a white paper to capture the insight shared this morning – to receive a copy of this paper once published, please get in touch with Ryan here.
17 Sep 2019
Alan Jenkins is the Head of Advisory Services at 2|SEC Consulting. He has some 30 years of experience across all aspects of security, particularly Cyber and Enterprise Security Risk Management. Alan started his career in the Royal Air Force and has subsequently held multiple Cyber Security roles, including as the first CISO for Babcock International Group in 2013. He has also worked for organisations including IBM Security, Atos Consulting, CSC and T-Systems. A NATURAL PATH I see my progression into Cyber Security as natural rather than accidental. I’m a security generalist and haven’t done anything but security in my adult life. I joined the Royal Air Force when I was 18 because I liked aircraft and wanted to be a pilot. I hadn’t thought of doing anything else since I was seven until I ended up with a navigation scholarship aged 16. Unfortunately, the RAF decided that my eyesight wasn’t up to scratch for me to fly. This forced a deviation from my dream and I then went to university as study electronic systems engineering but my heart wasn’t in it. What it did do however was give me the time to find something that I really wanted to do and that led me to join the RAF Police as a Provost Officer. I subsequently spent much of my service on security duties until 2001 when I made a deliberate decision to get into computer network defence and information assurance – of course, we didn’t call it Cyber in those days. So, in 2002, I joined the Ministry of Defence’s stand-up CERT team as the Intelligence lead, working with Other Government Departments and Allies in the then new world of response to computer incidents. Having started in physical security, looking after nuclear weapons and so on, I worked my way up through Security on Operations at home and overseas into Information Security. That’s what drew me towards Cyber– old principles applied to a new domain. REACHING THE BOARD FOR THE FIRST TIME My role at Babcock was as CISO; in fact, I was the first Group CISO at Babcock. I was initially only responsible for Cyber-related matters but subsequently picked up the broader security coordination task across the Group as we made progress with our Cyber improvement. I relished it. It was a significant career step as it was the first time that I was at the pinnacle of security capability; I wasn’t reporting to a higher level in another company - this was my first UK-based outfit and part of the attraction to me was that it put me into direct contact with the Board for the first time. I had to up my game – I’m not saying that I got it right straight away but after some years in the game, you know how to hone your craft and apply good practice. It was genuinely a new role, it wasn’t head of IT Security, it was a CISO role and that’s something Babcock did right. A PROTECTIVE MINDSETWhile I progressed through the different facets of security, for me, the mindset remained on protection. However my nature and environment fashioned me, protecting an enterprise, it’s people and assets. That’s what has always appealed to me. I would say over the three decades I have been working within the space, the industry hasn’t progressed enough. People still don’t have all the answers to Cyber; many think it’s only a technology problem. That’s not to say it isn’t but it isn’t the only problem. The technology space is perhaps where we have made the most progress but just thinking Cyber is about technology or defending IT infrastructure actually misses most of the problem. It brings us back to the HR debate: how do we develop the people? That’s where the greater problem lies. PEOPLE, PROCESSES AND TECHNOLOGYThese are three things to keep in mind always. You can’t attack one pillar in isolation to the other two; simplistically, you have to tackle all three in concert - if you don’t, the weakest or lowest hanging fruit will be the thing to trip you up. If you don’t bring the people along for the ride, if you don’t optimise the process flows to minimise human interactions and integrate the technology effectively, your technology investment will not deliver full value to the enterprise. THE VIRTUAL CISOSmall and Medium Enterprises (SMEs) need someone to offer a vision, to map out where the business is at with their Cyber Security and figure out what is right for that organisation at that time - this has to be aligned with the business strategy. This is what they should look for from a CISO but, I do not believe SMEs need a CISO permanently. Firstly, SMEs can’t afford them – fully capable CISOs are rare, expensive and demand exceeds supply. Secondly, having developed and delivered that vision piece – they no longer need a full-time CISO. What they need is for someone to drop in occasionally, increasingly referred to as a Virtual CISO (vCISO). I and others have been developing this concept for some time now: I liken it to that of the Flying Doctors – the vCISO drops in from time to time to review the agreed road map with the business check on progress, check the implementation plan is still right for that business and adjust as necessary while also being on call for remote consultation as the need arises. SMEs really need to look carefully at the cost/benefits and determine what they get for their money. It could be a virtual CISO, a temporary or an Interim CISO for a fixed term: an SME simply doesn’t always need a full-time incumbent. The SME needs expertise and guidance on call but once embarked on their capability improvement journey, they don’t need a CISO for 240+ days a year because they won’t provide that ROI. The CISO will be tracking progress, reporting and simply, I don’t believe you need that person every day of the week. The business is inevitably focused on whatever line of business they are in; the CISO has to talk to the business but, the business doesn’t always have time to talk to the CISO. The Board doesn’t meet every day of the week nor even weekly but the CISO should bein attendance on a routine basis, not reporting by exception - with bad news! THE IDEAL CISOTo be that all-important leader - and that in itself is different to a manager – the CISO needs to be able to come in and sell a vision. That vision has to be linked to; and supported by, the business and the CISO needs to be able to communicate that message to the Board in their business language, not in technical jargon. The CISO should have expertise around programme management rather than project as it’s often a series of activities, many in parallel. The CISOs role is to articulate and sell that vision and make sure there are success criteria in there, the measures of success of that criteria, with a link to fiscal targets; whether that’s spend targets or return targets, and what are you getting for your money. This is still a huge weakness for us. The ROI for Cyber investment is not good: there is stuff happening in this space but it’s still not mature and not yet universal in use as a result. Enterprises need to think carefully when looking to hire that ‘Ideal CISO’. It’s not just a label and then letting them get on with it. If you’re looking to appoint a CISO, whether to work as an Interim or on a full-time basis, then they need to be connected with the business, not just IT. Perhaps controversially but I don’t think the CISO should report to the CIO. It’s not all about IT, they’re often rebadged Heads of IT Security and that’s not all that the business needs from the role. After all, the CISO often calls out the CIO for taking on too much risk as they prioritise availability.If the CIO’s main function is to keep the lights on, availability will also govern the CISOs priorities. Security often needs to look much harder than IT to know what was the root cause of an Incident. It’s all about understanding and prevention. Most often, the security function is there to do the thinking that the business doesn’t do, it’s almost a mindset piece, looking out for the things that can go wrong. I have found that there’s too much optimistic thinking and not enough pragmatic thought about untoward things happening whether by accident or design, i.e someone overstretched cutting a corner to get the job done rather than some more malicious motivation. Security is there as a check and balance, not there to slow the business down but to give more thought about what is happening and how to prevent it or reduce the impact and that’s often not the priority of the CIO. Hierarchies and divisions of responsibility need to be right between the roles but an SME or smaller company doesn’t always have the luxury to afford this. This is where a virtual CISO becomes helpful and offers a perspective that they wouldn’t usually get, providing this is positive and aligned with their business needs. It’s also hard to learn from others if you spend 30 years in the same company.A CISOs role is to make sure all of the day-to-day roles come together to secure their business in a cohesive manner. Security is a horizontal activity, not merely a vertical one in the IT space: it’s also everyone’s responsibility! In an ideal world, we wouldn’t need a Cyber department as the workforce would all protecting the business. Then there is Security’s Achilles heel – the good are most often playing catch up with the bad. We have to get more pro-active rather than the more usual reaction to events after they have occurred. Security is neither an art nor a science, it has to be a hybrid function. For full access to our white paper - The Evolving Role of the CISO - please follow the download link and join the conversation, should we segregate IT and Cyber Security? Do we need 'flying doctors' rather than in-house security and is Cyber Security - everyone else's responsibility? Download our CISO white paper
16 Sep 2019