Cybersecurity and self-deception

By John McClurg, Chief Security Officer for Global Security Organization, Dell

New ideas can come from anywhere, and one of the ways we push past outdated thinking at Dell is by reading. It is part of our company culture of life-long learning. And in that spirit, I would like to begin sharing with you some books from my own reading list. I thought I’d start with a book that was decades in the making by a man with whom I initially studied as an undergraduate and is now an international best seller, translated in more than 26 languages.   

Leadership and Self-Deception, written by the Arbinger Institute, outlines the concept of self-deception–how it can come to define the way organizations are structured and run—and the impediment it can be. It forces the kind of self-examination, on both a personal and organizational level, that can lead to behavioral changes and dramatic increases in productivity. 

The basic idea of Leadership and Self-Deception is powerfully straightforward: within organizations, we spend too much time prepositioning ourselves to escape blame or take credit. These unfruitful exercises divert resources, time, energy and focus away from solving real problems and generating revenue. They pit us against each other, and discourage us from working together to build future-ready enterprises that can quickly adapt to change and seize new opportunities. 

Consider how self-deception plays out in the world of cybersecurity. When a breach occurs, the predominate corporate culture inclines one to want to determine what, and who, is at fault. While this response has been historically justified as “human”, it’s not particularly productive (except on those occasions when it reflects on the competency or harmful intent of an employee). 

In an environment in which security challenges are now accepted as virtually inevitable, establishing fault can prove elusive if not outright impossible. So rather than wasting precious time and energy on assigning blame, we more fruitfully turn our focus to battling the problem at hand.  

At Dell, we’ve implemented some of the book’s lessons in an effort to spur creative problem solving, and use it to attract the kind of self-directed employees we need. Here are two examples: 

  • Re-engineer the reward system – While management in most organizations encourages employees to work together to achieve company goals, their compensation programs often send a different message. In many rewards systems, someone wins only when someone else loses. At Dell, we rewrote these incentive systems to encourage people to collaborate rather than compete, and to focus on high-priority challenges and opportunities rather than being inordinately preoccupied with avoiding blame.
  • Reinforce new thinking – Our security group has woven new approaches into the way we work in an effort to root out the tendency towards self-deception. At Dell, I’m one of the first certified facilitators of standard practices that were inspired by the Arbinger Institute. We champion and advance practice in harmony with the ideas outlined in Leadership and Self-Deception through regular references to them in our meetings and training sessions. 

Leadership and Self-Deception is powerful because its lessons apply to the entire organization. Self-deception is firmly embedded in everything from operational structure to employee motivation, and can be found in every department, whether it’s IT, Finance, Security or HR. Which is why I think this book is more relevant than many of the technical books we could spend our time reading. It’s not exactly a beach book, but a page-turner nonetheless.  

What books are on your recommended reading list this summer?

About the Author: Power More