honest.security

Coaching The Culture Change

The Elites and the Underclass

When some of our early customers deployed Kolide for the first time, something happened that we didn’t expect: a few of the end-users were disgruntled. We realized that some organizations’ existing approach actually created a dichotomy between people who had fully monitored and managed devices, and a few groups of elite individuals that were exempt from this process.

In organizations where people could choose their OS we saw a trend where end-users who chose Linux did so not just because they loved using it, but also because it allowed them to avoid the IT team installing their standard toolset (much of it being incompatible). Kolide however works great on Linux and now, for the first time, these people were asked to lose their special status they worked hard to obtain.

Do Not Underestimate Fear of Change, Even Good Change

Deploying Honest Security is a process designed to create positive change in your organization, but like any big change, it must be managed and tailored to your organization’s specific needs. If you only rely on the automated parts of Honest Security you are not providing an avenue for end-users to express their concerns and for them to feel heard. This is where coaching comes into play.

Coaches are people with important responsibilities. They set the tone for the Honest Security program and serve as the point of contact to hear and respond to end-users with concerns.

How To Coach

In our experience, a successful coach is capable of transforming their organization into a place that practices Honest Security. A coach will be successful if they do the following:

  • Treat employee productivity and happiness as first-class objectives along with the security team’s goals.
  • Create opportunities for end-users to express feedback about the Honest Security program and respond to that feedback with empathy and understanding.
  • Recruit knowledge experts in the organization to help define empathetic intelligence use-cases to further increase the value of Honest Security.
  • Lead by example by ensuring that their security recommendations are always resolved in a timely manner.
  • Recognize that certain people benefit from the existing dishonest structure (individuals who have been given special exceptions to the existing security tools) and work with them to make sure they are included as equals in the Honest Security program.
  • Create a sunset plan for security software that does not adhere to the principles of Honest Security.
  • Publicly celebrate significant achievements early in the Honest Security program roll-out.

The techniques in this document are not meant to be a rigid recipe, and having the right people to carefully adjust the program to the needs of their organization is essential for it to be successful.

Author & Acknowledgements →