Is security a barrier to innovation, or would innovation not even be relevant without security? Security is often seen as a tax or barrier to new and creative solutions that could potentially create more value if security didn't slow everything down. But is this still true? In this episode, we have a hallway-style conversation with Curt Carlson, the author of the book entitled "Innovation," who also served as the CEO of SRI International, widely known for the work done to create Apple's Siri interface and many other world-changing innovations. Curt is joined by Karen Worstell, Senior Cybersecurity Strategist at VMware, and they discuss the fundamental flaws to many approaches to security technology, and how IT leaders will need to make dramatic shifts in their operational models in order to solve these problems. Curt and Karen cover topics ranging from real value creation perspectives and frameworks, to security innovation, and redefining company leadership principles for the future.
Is security a barrier to innovation, or would innovation not even be relevant without security? Security is often seen as a tax or barrier to new and creative solutions that could potentially create more value if security didn't slow everything down. But is this still true? In this episode, we have a hallway-style conversation with Curt Carlson, the author of the book entitled Innovation, who also served as the CEO of SRI International, widely known for the work done to create Apple's Siri interface and many other world-changing innovations. Curt is joined by Karen Worstell, Senior Cybersecurity Strategist at VMware, and they discuss the fundamental flaws to many approaches to security technology, and how IT leaders will need to make dramatic shifts in their operational models in order to solve these problems. Curt and Karen cover topics ranging from real value creation perspectives and frameworks, to security innovation, and redefining company leadership principles for the future.
Curt Carlson on LinkedIn: https://www.linkedin.com/in/curtisrcarlson/
Karen Worstell on LinkedIn: https://www.linkedin.com/in/karenworstell/
CIO Exchange on Twitter: https://twitter.com/vmwcioexchange
Yadin Porter de León on Twitter: https://twitter.com/porterdeleon
[Subscribe to the Podcast]
On Apple Podcasts: https://podcasts.apple.com/us/podcast/cio-exchange-podcast/id1498290907
For more podcasts, video and in-depth research go to https://www.vmware.com/cio
Curt Carlson:
Just the point that you made, shows you the problem. If you're a marketing person and you're not talking to customers and trying to figure out the value proposition for them, obviously you're not going to be very successful because that's what marketing people are supposed to do. They're supposed to be the connection between the customer and the company and forming those relationships and figuring out what the customer needs, but also from the technological people what's possible because customers don't know what's possible. They can say what they want, but they can only want what they know about.
Yadin Porter de León:
Welcome to the CIO Exchange podcast, where we talk about what's working, what's not, and what's next. I'm Yadin Porter de León.
Yadin Porter de León:
Is security a barrier to innovation, or would innovation not even be relevant without security? Security's often seen as a tax or barrier to new and creative solutions that could potentially create more value if security didn't slow everything down, but is this still true? In this episode, we have a hallway style conversation with Curt Carlson, the author of the book, entitled Innovation, who also served as the CEO of SRI International. Widely known for the work done to create Apple's Siri interface, and many other world changing innovations. Curt is joined by Karen Worstell, senior cybersecurity strategist at VMware, and they discussed the fundamental flaws to many approaches to security technology and how IT leaders will need to make dramatic shifts in their operational models in order to solve these problems. Curt and Karen cover topics ranging from real value creation perspective and frameworks to security, innovation, and redefining company leadership principles for the future.
Yadin Porter de León:
Karen, Curt a lot of people have sort of some misconceptions about security as a barrier to innovation when in fact I feel like... What really fascinates me, I feel like real innovation, sustained innovation couldn't exist without security. Maybe exists is too strong. Maybe it wouldn't be relevant without security. Within that context, Karen, I want to get our arms around today. What are those myths, what are those misunderstandings about securities as a tax, security as an enabler, security really as an innovative factor, and what's that relationship?
Karen Worstell:
This is the most timely conversation we could be having right now because, given the current circumstance around cyber crime and the growth in cyber crime and the losses that companies and our nation is facing in terms of cyber crime, security is a reality, so we have to deal with it. The question is, do we deal with it as a tax or do we deal with it as a value add?
Karen Worstell:
I'm really excited, Curt, to have here with us today, because I can't think of a better person to have this conversation with. I'd love to start off with getting a level set and setting the stage as we talk about innovation. Just to make sure that we all understand terms and meaning here, could you clarify for us, as we get started, the terms that we'll be using? Invention, innovation and value creation, the differences between those?
Curt Carlson:
Yes. Thank you, Karen. Great to be with you.
Curt Carlson:
It's a great question because what we discovered in all of our workshops around the world is enormous confusion about that. For example, if we're part of a meeting with a hundred executive, we might ask them to put Post-it Notes on the board and write down the definition for innovation, value creation, customer value, and a value proposition and put those Post-it Notes on the wall.
Yadin Porter de León:
That's a great exercise. I'm doing that the next time I have a meeting, I think that's fantastic.
Curt Carlson:
Here's what I predict you're going to see, none of the answers are going to be the same. Now let's just take one of those as an example, the word innovations. I've asked this question of tens of thousands of executives and they usually say it's something new, something novel, something better, which is not exactly wrong. The one thing they always forget about is the business model. Obviously, when you're thinking about security, for the reasons you set up, that's fundamental. If there's no business model, it's not going to work and most executives realize this, but if it's the not forefront in their mind, they're probably not paying enough attention to it. That's what we see and everything else we do.
Curt Carlson:
Those terms basically set the predicate for how your team is going to work and the kind of work it's going to do if everybody... Let's just take cybersecurity, it's an interdisciplinary research. There are all kinds of AI technologies, communications technologies. They all come together to solve a serious security problem. They all speak slightly different languages, that's why you want them is because they represent different disciplines. Well, the one value they must share, to work efficiently, is the language of the customer. What does it mean to deliver value to the customer? That's where we see enormous gaps in teams that we've worked with all around the world.
Karen Worstell:
I'd love to follow up on that a little bit. There's a huge disconnect in terms of what innovation really means and what adding value means and you're putting it in the context of the customer. Yet we have thousands, I think thousands, of cybersecurity inventions out there today that may or may not be contributing in a significant way to solving the problem. What's your perspective on that?
Curt Carlson:
Well, it's absolutely true. Only about 1 to 3% of patents ever get commercialized. That means most of them are just waste. They're novel, they're new. People confuse them with innovations, they're not their inventions, inventions, not an innovation. It's not until it solves a problem that has meaning for others and people buy it and use it that it becomes an innovation. That shows you a bit of the problem.
Curt Carlson:
Now as was set up... Security is a very complicated issue. It's a very difficult topic to get your head around. It's what we think of as a complex problem. It's not a complicated problem, it's a complex problem. It's got all these different dimensions to it. It's got unknowns, got unknown unknowns. It's got interactions that can be surprising. All those things make it a really difficult thing and, because of that, and because most people are not really trained in developing solutions that have meaning for others. What we see is there's an enormous amount of waste. An enormous amount of waste in every company we've ever been in.
Karen Worstell:
That waste, that inefficiency, that comes from the lack of empathy of being able to put ourselves in customer shoes?
Curt Carlson:
Well, that's part of it. Let me ask you this, Karen, how many companies have you been in where every employee is trained in value creation? Which is their job, if you're a professional, your job is to solve problems that haven't been solved before. How many companies have you been in with all the employees were trained in understanding that which is fundamental to their job?
Karen Worstell:
One, that was when I worked for you.
Curt Carlson:
We did. At SRI International, when I was CEO and with you, because our job was to create new value. We said, "Is there a university in the world that's teaching that?" And the answer is "No," people know how to solve problems and suddenly in the security realm, you meet lots of brilliant people, because it's so hard, right? That's not at the issue. But how many of them have actually been trained to solve problems that have meaning for others? Almost none.
Curt Carlson:
Nobody came to SRI knowing those skills. We hired PhDs from Harvard, MIT, Caltech, Stanford, Berkeley, there wasn't a single one who knew how to solve problems that had meaning for others. They could solve problems, but making that connection. If we take security as an example, because it is so difficult, I think that becomes even more important that employees really understand the dimensions of that, what they have to do. The ways you go about solving complex problems, not just complicated ones, complicated ones are like building a building, there's basic management things you do and laws of physics and if you behave properly, the building won't fall down and will look pretty good. Security is not like that. It's much more difficult.
Karen Worstell:
If we were going to try to step into the customer's shoes and start there and bring that whole deep understanding with the voice of the customer, which is something I think we talk about a lot at VMware. But I think one of the things we don't have is an opportunity for every single person who's doing engineering and marketing to actually sit with customers. We don't necessarily sit with them all of the time. Some of us do, that's part of my job, but not everybody gets that opportunity.
Karen Worstell:
So, how do we change that dynamic? How have you seen other companies deal with that inefficiency and bringing that sense of the voice of the customer to the engineering team?
Curt Carlson:
Just the point that you made, shows you the problem. If you're a marketing person and you're not talking to customers and trying to figure out the value proposition for them, obviously you're not going to be very successful because that's what marketing people are supposed to do. They're supposed to be the connection between the customer and the company and forming those relationships and figuring out what the customer needs, but also from the technological people what's possible because customers don't know what's possible. They can say what they want, but they can only want what they know about. That connection is really fundamental, you're absolutely right.
Curt Carlson:
Here's an interesting factoid. So again, having done workshops with thousands of executives, how many teams have been able to actually articulately and quantitatively describe the customer need they're trying to represent when we first start running the workshops? What percentage do you think can do that?
Karen Worstell:
I'd guess it's pretty low. I'm guess... Yeah.
Karen Worstell:
There's low... [inaudible 00:10:04]
Yadin Porter de León:
Yeah, I think there's a low set up here. There's there's a lower-low set up here.
Curt Carlson:
If we could use negative numbers for this, we probably would use them. it's...
Yadin Porter de León:
I like that framework because sometimes you have to unlearn what you have learned. You have to help people unlearn. That is a negative setback. You have to pull people from all the stuff that's erroneous and you have to at least get them to baseline. Okay, let me at least get you to zero. So you're not going in the wrong direction.
Curt Carlson:
That is brilliant and that is absolutely correct. That is a hundred percent correct because people built up these mental models that, how they view the world, whether it's right or not, they have them and sometimes they're wrong. So you're absolutely right. They have to give up their mental model to get to zero before they can go forward. We see that all the time and it's really hard. It's hard to get rid of mental models you've already got.
Curt Carlson:
This really is the fundamental reason why almost, well most, let's just say most innovations fail. There's no real customer need. It's a really hard thing because, as we just said, it's the interaction of going back and forth between what customers are doing and what the problems are and understanding that and being empathetic, as you said, Karen, about their life and then what's possible and how you put that together. If you don't have a way to bridge that and iterate back and forth, back and forth really rapidly, it's really almost impossible to solve those problems efficiently.
Karen Worstell:
That's something you train in your workshops, right? How to do that iterat... And how to do... Is that a value creation workshop?
Curt Carlson:
Yeah. We call them value creation [firms. 00:11:39]. When we typically do a workshop with a company, we will put them through an eight hour program to run the fundamentals. The real point is to get them together every couple weeks or month, as you know, we did at SRI and people would stand up and give a five minute value proposition focused on the most fundamental questions, nothing terribly complicated, but because the fundamentals are so hard to answer, it doesn't make sense to give two hour presentations until you can actually say, "What's the customer's need?" Let me really describe it to you quantitatively, specifically. I'm not going to give you 20 things, I'm going to give you the fundamental problem that people have and we're going to start there and develop a value proposition around that, then go to the technological folks or whoever to come up with a compelling solution that's two or 10 times better than the competition.
Curt Carlson:
Just need approach benefits per cost competition, those four questions, the fundamentals of value proposition, as you know, that we all use at SRI. We did when I was there and I still do all over the world. It's really hard to answer those four questions because they all interact with each other. If you change the need, the approach changes. If you change the competition comes along or you might have to pivot and do something else. We built this really intense interaction process based on answering the most fundamental questions first. Eventually when you do something like Siri, which we did, or high definition television, obviously there's a big team there and you've got to do all kinds of things, but if you don't get the fundamentals, right, it doesn't matter what else you do.
Karen Worstell:
What I see the time, and my experience is nowhere near as vast as yours, but ever since I learned about doing NABC, the need, the approach, the benefit, cost benefit and the competition that's NABC that's that four questions that you're talking about. Ever since I started looking at that, the thing that I became aware of is we're really enamored as technologists. We're really enamored with the technology itself. And we're really enamored with finding a problem for our solution.
Yadin Porter de León:
Yes, absolutely. Let me really quickly insert a Steve Jobs moment here, so apologies for those who were groaning with the Steve Jobs reference. I just... Literally yesterday I was just stumbling through YouTube and saw this video that many people have seen a lot of times, where Steve Jobs, many years ago, somebody had this big criticism, he's on stage and he answers it and he answers it with just what you're talking about. You can't start with the technology, then try to figure out where you're going to try and sell it. You can't start with, let's sit down with the engineers and figure out what awesome technology we have and then how we're going to market that. It's "What incredible benefits can we give to the customer? Where can we take the customer?" It's tough because a lot of that is, you get engineers, people who you were talking about, current PhDs from, MIT, Stanford, Berkeley, and you get people who are just awesome at creating phenomenal technology and they're like, "Great, here you go" and they're like... [crosstalk 00:14:45]
Yadin Porter de León:
It's got to be great for something. Taking that back to security. If you go to RSA and you walk around RSA, there's a million people who have so many... Look at my technology, look at my technology.
Yadin Porter de León:
Karen, Curt, how do you get back to where are we taking customer? What great benefits are we providing for the customer are that NABC the framework.
Curt Carlson:
Anything you do to create value, if it's for other people, I believe you have to answer those four questions. What's the actual need, the problem the person has. What's your approach? Obviously, if you don't have an approach for the offering and the business model, you're not going to go anywhere. You've got to be able to be very specific about the benefits for cost, that's perceptual. That's what the customer sees so you've got to be very specific about that, and you always have competition. Security is one of the most intensely competitive businesses in the world today and it's really hard to explain and differentiate what you're doing. You really want to do things that are compelling, where you go to the customer and they go, "Yeah, that really was going to change my life. I'm going to feel so much bitter using that application."
Curt Carlson:
Steve jobs was the master of this. The iPhone is the most classic example of what was wrong with Nokia's phones keys. What's wrong with keys? They're hard to use. "Oh, let's make more keys." So Nokia made these crazy looking stupid phones with two dozen keys on them. This is madness. This is absolute madness. You only have to understand one thing, which is that there's going to be an infinite number of keys. You can't use a keyboard, you've got to use some kind of device where you can reconfigure the keys to be anything you want. Well, he could have done that with a stylist or [inaudible 00:16:32] but he said, "No, a stylist isn't good enough. We can make a better interactive device by creating the touch screen." All you had to know there was, keys aren't going to scale, we need a computer interface and how do we do that better than anybody else and the touch screen was that now. Of course there was a thousand other things that had to be done to make that happen.
Curt Carlson:
At the highest level, at the NABC level of what's the need, what's the approach, what are the benefits for cost and the competition? That's the whole story. Once you get there, the only question was, can he do it? Can he make it work? Right? Can he make it work? Of course, as we know, he did make it work and seven years later Nokia is gone.
Karen Worstell:
Yeah. The whole thing about the iPhone was convenience and functionality. It wasn't about the keyboard at all. It really wasn't. The form factor was secondary to the fact that the customers need was for convenience and functionality.
Curt Carlson:
That's it. Completely focused on the customer. How do you do that? Now it's not perfect. When we did Siri, we said "There're some applications where it'd be nice if you could just talk to the phone as opposed to typing in." It's the same idea, there's a million technologies in Siri. I mean, you know how hard that is, but the point was, again, exactly what Karen said.
Curt Carlson:
By the way, going back to what the biggest mistake we see is this focus on people's technical approach. We said, if you don't identify the need, you're lost. In effect, that's the biggest problem. The default that people go to is they focus on their technology. We call those big A's. They're all about the approach. I swear if we were in a workshop now with any company in the world, any company in the world you can pick and we had... There are six leading teams stand up and present their value propositions. I'll bet that five out of six are big A's. They're not focused on the customer as Karen just said.
Yadin Porter de León:
Hey, can I pitch something out to you, because this is one of the things that CIO already answers. Mainly, those B2B technologists, they're focused on a few different things. One of them, one of them, the company momentum is there sunk cost, the fixed skills. If I have these four tools that I've just spent, collectively a hundred million dollars on, and I have this whole team that has X number of skills, how can I then take that approach of "Well, let's pivot from that approach to the need, because my big A is full of sunk costs." I've got all this money, suck into these teams to secure email. Now I'm like, okay, I have a distributed workforce for example, my tax surface has increased exponentially, but then here's the stuff I have off the shelf.
Yadin Porter de León:
What is that perspective that technology leader should then take and say, "Look, I can't, I have to stop looking at the big A and I have to go back to the first step." What's that need and how can I change the approach despite what sunk costs are, despite what my skillset is. How do I make that pivot and then communicate that pivot?
Curt Carlson:
I'm laughing a little bit because reality is reality, right? It doesn't matter whether you wasted all that money on that stuff that nobody wants. You've got to move on.
Curt Carlson:
How do you cut through this? There's a dozen biases that get people to behave in these non constructive ways, right? Confirmation bias is one, sunk cost is one, there's a whole list of these things. What we discovered is the most powerful thing is transparency. Karen knows that the way we do value creation in the companies I work with in the universities is, again, people learn the fundamentals, they learn the language of value creation because otherwise you can't collaborate efficiently. Then we basically have people try and start by first answering those four questions, the NABC questions, but they do it in a team of five or six other folks where they present and they get feedback.
Curt Carlson:
Reframing is one of the most powerful ways to improve your value proposition really fast. When we do this, Karen gives her a great pitch, which she always gives, then the team would go around and say, "Karen, I really like this part, that was brilliant, never forget that was brilliant. This part, you might improve this because I got lost, so here's an idea for that."
Curt Carlson:
Eyes of the end user, so now again, going back to Karen's, first question is "How do you involve that?" Well, you have somebody in the room, maybe you even have customers in the room, who are taking that perspective for you. Then someone is on the eyes of the funder. Would you invest in this? You can add other points of view, this is fundamental. Complexity analysis is you... If you want to understand a hard, complex problem, you need to reframe it and look at it from different perspectives.
Curt Carlson:
Here's the amazing thing if you do this. Somebody can get up there and defend something that doesn't make sense once, twice, three times, maybe even five times, but eventually everybody knows it doesn't make sense. At some point the person who's giving the presentation knows it does doesn't make sense. They just can't stand it. They have a choice at that point. Do they keep on trying to pretend that they can defend this indefensible value proposition and stay at the company or leave? Normally what we find is the team converges on it, they eventually begin to say "No." Oftentimes it's not as bad as they think, they actually have the capabilities to pivot into a better place. That's the sad part.
Curt Carlson:
You see this in companies all the time. They get stuck on something. They have brilliant people. They have all the money in the world. It's the best time in the history of their industry. You're in these workshops and you discover that nothing they're working on has any value for anybody. That actually happened at a top 20 company once, zero. We don't decide that we just give them a framework for them to decide. The workshop normally takes a full two days, 10 hours a day, for two days. After the first break at lunch, the team came up to me and said, "Curt, the traffic is really here in Silicon Valley. We need to leave at five today and you want us to start at seven tomorrow? I think we ought to start at 10." They knew, they had discovered because, by just reframing it and looking at each other from different points of view. That simple idea is... I can't tell you how powerful that is.
Karen Worstell:
As you sit in a meeting, I've often found myself in meetings and strategy meetings at prior companies where we're listening to it and going, "Oh my God, the Emperor has no clothes."
Karen Worstell:
What I love about your value proposition and the four questions, in the value creation approach, is that it does make it very clear, very quickly, where there is a hole and whether or not we're so enamored with our technology that we are forgetting to walk in the customer's shoes and how it would feel for them to actually have to use this. That's just such...
Karen Worstell:
From a security standpoint, in the time that we've got, I'd love to throw something out there for you, because I think trying to look at outcomes. What's an outcome for a customer. It would be compelling for a customer and in the security world right now, there's some very sobering statistics that are coming out and I don't like to be the FUD factor all the time, but it feels like it sometimes.
Karen Worstell:
We know that for the very sophisticated kinds of cyber attacks that we're all facing right now, that the damage is done. From the time they first get entry into a network, the damage is done within 24 to 72 hours. The advanced persistent threat is set up, the command and control is set up the sleepers command and control is set up. All of that is in place very quickly. The average time to detect the event is 56 days, which means that if we could help companies get the 56 days, average, it's much worse in many cases, get from 56 days to 24 hours, we've done a 50x improvement. Is that a value? Would you call that a value position?
Curt Carlson:
I think I could probably sell that idea.
Yadin Porter de León:
That's very sobering. That's very sobering.
Karen Worstell:
The next thing becomes, that's a great idea. It's a very, very, as you say, a very complex solution set. This is not a single product. This is a set of processes and techniques and technology, right?
Karen Worstell:
How do you bring all that together? If you said, "This is my dream, I'm going for this, we have to solve this problem." How do we go there? How do you go there for value creation and innovation?
Curt Carlson:
So you expect me to answer that question right now?
Karen Worstell:
No, we'd have to pay you.
Karen Worstell:
That's the right track, right? Is that you would come back say, "Okay, that's a goal. Now the teams and the workshops can go to work on this problem."
Curt Carlson:
Yeah. The way I would approach solving it, which is what we did at SRI, when you were there, we had a great security group, obviously. People have written books about how amazing they are and what they've done. So again, it's a very complex problem. The first thing we do is assemble a team, a small team of great people with a diverse set of backgrounds, no overlaps, each one would have a complimentary point of view to add some other perspective to solving that problem. We'd start by asking them to answer those four questions and we would iterate that. They'd show up every two weeks and have to present again and get feedback. We start trying to peel the onion on that and find the key thing, the thing that really does matter. Somewhere in that mess of things that causes that problem is there's some place we can focus to really find the golden nugget that would really make a difference to that.
Curt Carlson:
Now what makes security so interesting is, not only is it... It's got all the FUD stuff on one side, but it's also got a lot of positive value on the other side. Your security, your wellbeing, how you feel about yourself, it's like health in a way, you have to go to the doctor and you're a little fearful every time you go. But also you feel really good when you walk out and the doctor says, you're doing fine.
Yadin Porter de León:
Is that the feeling the board has when the security, the CSO, and the CIO come in, they're like, "Oh man, this is the dentist. The dentist is coming. They're going to tell me I have a cavity."
Curt Carlson:
You can see the look on their face. Yeah, that's true.
Karen Worstell:
Yeah. I have to say... I have to say, every time, when I was at Microsoft, every time I would walk down the hallway to Jim Allchin's office, he was the head of Windows. He'd go, "Oh, no, not you."
Yadin Porter de León:
It's Karen, she's coming, what's...
Karen Worstell:
Yeah. I was the dentist with no Novocaine.
Curt Carlson:
Let's turn it around a little bit and just say on the other side of that though, is the feeling you get, if you do feel like your systems are secure in various ways, and we know how difficult that is, because again, there's so many dimensions, but every time somebody comes in and gives you a good solution to a piece of that problem, it's actually a big deal. It's not only a big business deal, it's a big emotional deal. I wanted to emphasize that. The emotional deal for security is a huge plus. I don't think, as I look at the industry, I don't think it understands that like Steve Jobs understood that. You made the point, Karen made the point that it was about the convenience and the identity of the user and that kind of thing. It wasn't at the technology level. It was at the upper levels of value in humanity.
Curt Carlson:
I think the security world plays in that space profoundly, really profoundly. My sense is it doesn't look appreciate the kinds of value we can provide that way. That's not just the big A technology solution. "We're going to give you this widget. Here, we have another white box for you to plug into." That's not what it's all about to me.
Karen Worstell:
I love that so much because I think, when you have a great solution and you come up with the compelling story about how it makes a contribution to the greater good, it's not always this. I think more and more we're looking at resonating with those kind of stories from a value standpoint, that there's value in that, right? The whole ESG perspective is about doing the right things.
Curt Carlson:
Yeah. It's not just a nice thing either. It's real value. When you make someone feel that the service is more convenient, more functional, more secure, all those things. Even though they're not tangible business, number things, that's real value. Again, that's why Steve Jobs was so successful. He never got stuck in the big A numerical business stuff. He was up at a different level trying to find out "How do I really solve what my customers is really upset about? What, what would really make a difference to them?"
Yadin Porter de León:
There's a lot of teams that get mired in that. "Well, what is my PowerPoint presentation going to look like at my next QBR? I need to make that green and that has to be green and that, and this is red and I got to get at least to yellow and how am I going to do that?" If a point solution fixes it, then that's their value proposition and instead of thinking, what's the customer value, the customer benefit. They're like, what's going to be the benefit to my PowerPoint presentation at my QBR?
Curt Carlson:
You just stepped into a really big issue, which is the difference between complex and complicated problems. Complicated problems, you do these little point solutions and you think, gee, I'm wonderful. The bigger problem, and we can go back to the iPhone example, but the bigger problem is not being really identified. The thing that would actually make the biggest difference to the customer. That's what we, when we were working on these kinds of things and I still work on these kinds of things. That's what we try and get people to focus on. What's the thing that really matters here that would make the biggest difference and then can we pull the resources together to address it? That probably sounds a little abstract to your audience, but I don't think there's another good solution to that.
Karen Worstell:
One of the things we talk about a lot here is the human side of being in cybersecurity because it's, as you pointed out, it's a terrifically, complicated, complex area to work. It's got a lot of stressors and a lot at stake and it's increased. It's just getting bigger all the time. It's really easy for cybersecurity professionals to lose sight of the fact that they are working on something and working in a discipline that makes a difference for the planet.
Curt Carlson:
Big time.
Karen Worstell:
I remember you said that because I think that it's so easy for that to be minimized when... The thing I used to hear all the time as a child is that when you're up to your neck... Up to your eyeballs and alligators, it's hard to remember your primary objective was to drain the swamp.
Karen Worstell:
It's when you're fighting the fight constantly and it doesn't feel like you're winning. People, we have a 51% burnout rate in this industry. 65% of those people who are burned out are looking to find another job. We really need to find a way, with innovation and value creation to help people understand that the tools that they're using are really helping them make a difference and they're making progress with that. There's a human aspect to this that's really big.
Curt Carlson:
It's the reason why I now teach it to universities like Northeastern and WPI. Karen, I saw what this did for people with SRI and instead of spinning their wheels, doing stuff that really doesn't matter big A's. We can keep on using that, because it's pretty universal. First focusing on things that matter that actually make a real contribution and that's what motivates the best people, that's what keeps the best people. But again, if people don't know how to do that, you can't expect them to.
Yadin Porter de León:
Karen, Curt I think this has just been a phenomenal conversation. I think the greatest framework takeaway from this is really just that value creation focus and focusing on the benefit of the customer, because that is universal and it's not just something that applies to Uber or applies to great web apps on your phone. It applies to anything that you're doing and I think especially just mentioning and [venting 00:33:42] on that point, Karen, about burnout and about people really being, wanting to be someplace where they feel like they're really making a difference and not just fighting fires, while someone else is lighting a fire right next to them, they know they're going to have to put out. It's coming back to that framework.
Yadin Porter de León:
I think it's been a really good focus on this, security is not immune to the need to have leaders really take a great vision approach to this rather than just being an afterthought or being a bandaid or being a patch or a Bolton, which a lot of our point solution, which, which you can be looked at.
Yadin Porter de León:
I really like that. I really like that framework.
Curt Carlson:
By the way, I just reinforced that's a perfect summary. I think the only advice I give people about what they ought to focus on with their careers is, I said, are you going to be a professional? They go, I'm going to be a professional. What's going to be your job? Well, I'm going to do things. Well, aren't you going to do things that you hope matters to other people, isn't that your only job, every professional should. Well, do you know how to do that? If you don't know how to learn that, my only advice is to learn how to do that because that's the one life skill you'll have that will only get better over your career and distinguish you and help address the great problem that Karen just brought up to be able to do things that have meaning for the people involved.
Yadin Porter de León:
Absolutely. That's tough in a system that really just teaches compliance and conformity and to then go outside of that system that many believe will teach them how to do those skills. Like you said, Curt, it doesn't, they don't, you don't come out of a lot of institutions, even some of the great ones with those skills.
Curt Carlson:
I'm trying to create [inaudible 00:35:22] of universities will be the first ones in the world that actually create graduates that have these skills. That's my life's work at this point.
Karen Worstell:
Can we just quickly mention that the book that I brought up at the very beginning, Curt's book on innovation is a fantastic primer on this topic. If you don't have the opportunity to go to one of his classes or to take that from him at the university, read the book. Curt, can you just give the quick title
Curt Carlson:
It's called Innovation. It has a really shocking name, it's called Innovation.
Yadin Porter de León:
I'll try to remember that one.
Karen Worstell:
It'll change the way you do your job.
Curt Carlson:
I would also say I'm on LinkedIn. I post there regularly and I'd love to have a conversation with the audience, about what you see and the problems you see, how you're addressing them. That's how we're going to improve. So LinkedIn, Curt Carlson.
Yadin Porter de León:
Excellent. Excellent. Karen, where can people find you out in the universe of the interwebs?
Karen Worstell:
I'm on LinkedIn, you can find me there. I comment sometimes on Curt's stuff because [inaudible 00:36:26]. I'm on Twitter too, so you can see me @karenworstell on Twitter.
Yadin Porter de León:
Excellent. Well, Karen, Curt, thank you so much for joining this episode of the CIO Exchange podcast.
Curt Carlson:
Great to be with you. Thanks.
Karen Worstell:
Thank you.
Yadin Porter de León:
Thank you for listening to this latest episode, please consider subscribing to the show on Apple Podcast, Spotify, or wherever you get your podcasts and for more insights from technology leaders, as well as global research on key topics, visit vmware.com/cio.