Snowden scandal teaches critical management lessons
The security breach perpetrated by Edward Snowden when he was an employee at Booz Allen Hamilton has set off a national debate about security and privacy that continues to reverberate.
Most of the headlines and congressional oversight has focused on policy issues around what the NSA does, impact on allies and the whole concept of domestic surveillance.
For Washington Technology’s slice of the world, we looked at how the scandal has impacted contractors, and what lessons learned can be drawn. Sadly, many of those lessons can also be applied to the shootings at the Navy Yard earlier this week that left 13 dead, including the alleged shooter.
Coincidentally, we had a webcast schedule for Tuesday on the Post-Snowden fall out, and one of the management areas we covered dealt with looking for warning signs that an employee may pose a security risk.
The lessons can easily apply to the alleged Navy Yard shooter, Aaron Alexis, as well.
Our two speakers were W. Hord Tipton, executive director of (ISC)², an information security group, and Alan Chvotkin, executive vice president and counsel, of the Professional Services Council.
An entire replay of the webcast is available here.
Among the variety of controls and procedures Tipton and Chvotkin spoke about, the people part was very interesting to me because of how much it relies on what I’ll call soft skills: empathy, understanding people and other human factor skills.
For example, for job candidates, you need to observe how they act and react to questions about previous job experiences. Are they overly stressed by the economy, or the current economic status of their family?
Ask questions such as, “If I call your former employer, what will they say about you?” Don’t just listen for the answer, but observe how they react. Does their anxiety level increase?
In the IT space, ask about their opinion on hacking. Do they think the ends justify the means?
Verify credentials that people claim to have.
Avoid candidates who are noticeably susceptible to life’s pressure, which may demonstrate unpredictable behavior as a result.
For existing employees, observe how they copy with life, and pay attention to complacency among security personnel.
Take notice when an employee appears satisfied with their performance when there is an obvious deficiency.
Notice how people react to change, and whether they are a team player.
A lot of this advice falls into the category of the basics, but just because they are basic doesn’t mean they are easy.
When I look back at some of my own management experiences, I know that these are some of the hardest things a manager has to do. They often are not quantifiable, such as measuring someone’s output, but they deal with the subtleties of someone’s behavior and personality.
I asked Tipton and Chvotkin whether managers get enough training in this area, and both answered no.
As recent events have proved, the stakes are too high to ignore these critical management skills.
Posted by Nick Wakeman on Sep 18, 2013 at 9:51 AM