Cybersecurity is a dynamic industry where big problems are being solved every day and where innovation is not only the norm, it is a means of survival. As CSO of the world’s leading cybersecurity organization, I can tell you that my peers and I are under constant pressure to grow, adapt, and innovate to find new ways to protect our companies from a rapidly evolving threat landscape. And in order to deliver on that charge, we undertake our own brand of scrappy innovation that we believe typifies the industry.
What is innovation?
From my perspective, innovation is a mindset. It’s founded upon creative problem solving, trial and error, and the willingness to look at opportunities in new and different ways. But those factors alone are not enough to drive innovation. Innovation needs to be fueled by fast iteration, sweat equity, and a high degree of persistence.
As part of our acknowledgement of Innovation Day, I’d like to share my thoughts on what drives innovation, ways to encourage innovation, and how our customers are relying on us to drive innovation every day.
What’s our approach to innovation?
Innovation can be a funny thing. As a leader, you can’t assign innovation as a task or demand innovation as an outcome. Nor is it an activity to be undertaken (as in “Let’s be innovative today at 1pm”). But as a leader, you can (and should) help establish the expectations and conditions that will encourage innovation as part of your everyday way of working.
Innovation needs to be organic, part of the mindset. With each opportunity, my team asks themselves:
- What’s the problem we’re dealing with (or better yet, what’s the opportunity)?
- Has someone else tried to solve this before? If yes, why didn’t that work?
- Can we approach the problem in a different way?
- What makes our approach different?
I’ve also challenged my team to think beyond their own experience. We have a tendency to frame problems within our own experiences when really the problems we are dealing with often have natural parallels to another industry or discipline. Let me give you an example.
One of the biggest challenges we face in security is how our employees behave when they’re at work. In fact, more than 60% of the security incidents we experience at Symantec are caused by human error or action. So there’s a significant opportunity for us to improve our security just through changing employee behavior. But traditional practices of annual security awareness training and email messaging have not proven to be effective. We needed another angle.
In flexing our innovation discipline, my team approached this problem with a totally different mindset. What are we really trying to do here? At its core, we’re trying to change someone’s behavior. Who’s good at changing behavior? Well… it turns out marketers are really good at changing behaviors. They convince us to buy all kinds of stuff, whether it be gum at the checkout or a fancy car. And who’s really good at marketing? Well, there are a lot of good examples to draw from, but the one that made a lot of sense to us was Starbucks.
Starbucks uses an incredible amount of data to understand their customers and their behaviors in order to drive you to buy a cookie with your coffee. We too have a tremendous amount of data. By leveraging some of the things we learned when we explored this parallel with Starbucks, we are now creating a data-driven employee engagement program that attempts to influence behavior at or near the time of action—just like Starbucks tries to get you to buy that cookie. This is still a work in progress, but I believe this is a terrific example of reframing the problem and drawing from other disciplines to drive an innovative solution.
How to encourage others to innovate
In my experience, there are several best practices that help position an organization (no matter the industry) for successful innovation:
- Reframe the problem: Approach the problem with a different mindset. Look to other industries and see if you can apply the same approach. Think of a certain outcome in mind. How are we going to solve this problem?
- Trust: Instilling trust among your team and peers promotes agility and confidence. If there isn’t a penalty for being wrong, you are much more likely to try something new.
- Iterate and measure, over and over: You’re going to make mistakes but continue to iterate. What works? What can we change? How do we adjust for next time?
- Persist: Innovation is a result of persistence. Celebrate the progress no matter how small, but keep going. Remember—you have that certain outcome in mind (i.e. solving the problem).
Our customers need Symantec to innovate…. And we’re delivering!
Symantec has been getting leaner and is now solely focused on solving the big security challenges our customers face every day. From new offerings, to major advances in existing solutions, to the dramatic shift in how we will deliver our solutions to our customers, we are driving innovation at a pace that I haven’t seen at this company in my 6 years here.
And none of this happened by accident. It was the result of focused intent, a lot of hard work, and a mindset to solve big problems in new and different ways. In a word …innovation. As a security practitioner and a customer, who needs Symantec right by my side in order to win, I’m so thankful for it. Keep going and persist!