I was reading an article in the NY Times about the resignation of Target’s CIO due to the massive data breach that was made public back in December. This is a big hammer to drop at Target and probably one of many others that will not be publically announced. I began to wonder about how human nature and hubris affect decisions regarding data security.
I have no idea what really went down at Target behind closed doors, but I’d bet if you asked the CIO of Target prior to being made aware of the security breach if she thought Target had sufficient and reasonable security protocols in place to protect consumer data she would have given a firm “yes, we are all set.” While that might be fine for a public face, I think we must constantly challenge ourselves (our egos specifically) to drop that pretense behind the scenes and be willing to embrace the possibility that, “no, we are not all set.” Before you roll your eyes, I’m not suggesting that we need to run around in some semi-hysterical state assuming that the sky is falling. However, we shouldn’t allow our own emotional drivers to create barriers to a healthy dose of professional skepticism.
As a c-level executive myself, I’m not ashamed to admit that I have a good sized ego and when I get challenged on one of my decisions or ideas, be it in the boardroom or by one of my team, I have to fight back the all too human defensive reaction. I have to remember that just because someone is challenging my particular line of thinking or belief doesn’t mean it’s personal or that mine is still not the right decision at hand. However, you have to also be emotionally secure enough to accept there may be a better way and it’s not your way. After all, most people don’t remember you for the thousand things you did right, but that one thing you did wrong. It can cost your credibility at your company or worse, your job. Sure, everyone makes mistakes, but if you were honest in your decision making process and open to exploring all options fairly then you could at least take some comfort that your weren’t blinded by pride or arrogance.
Until encryption and other security measures advance beyond the skills of hackers or miscreants, then every CIO, CISO or other security manager should set up a personal firewall to prevent ego intrusion.
There’s enough to worry about when fighting bad guys, we shouldn’t be fighting egos, as well.