ESORMA Mastermind: Nigel Risner On Being A Zoo Keeper
Hello, It's David White here. Thanks for joining me on this Mastermind call. The Mastermind we have with us today is none other than the ebullient Nigel Risner who refers to himself as a Chief Zoo Keeper. And I'm pretty certain he can shine a light, a positive light, on to the life of Chief Information Security Officers. We've known each other for a few years now, and I've been delighted for him to speak at my events in the past. We can't do that today. So we're doing it by phone. But I remember at my events. How well he was received and how many people would be buzzed, so buzzed they would be prepared to queue up at the end and buy his books. We always had brilliant events. I'm sure we're gonna have a brilliant event by phone right now. So Nigel, I'll just pull the lever. Nigel, can you hear me?
Nigel Risner: I can hear you perfectly clear, your dulcet tones, even with a frog in your throat. Thank you.
David White: Tell us Nigel, even in these current and, well other circumstances, how can you help chief Information Security officers?
Your Style Of Communication Could Be An Issue...
1:12. Nigel Risner: Well, it's a really good question, because even in these times and before these times the role of the Chief Information Security Officer, was vital and never more so now with remote workers and furloughed workers, we didn't really understand the role they played and how serious the role was until all of a sudden everyone is now on a remote call using Zoom with passwords and Zoom bombings, and then some of them Goto meetings and at Facebook lives. We've got to really appreciate the job they do is phenomenal, but they have an issue and the issue is their style of communication because they're used to military command style of telling you what you can't do, even though it's for the benefit of the organisation. And if we actually understood that they are there for our benefit, and if they understood that we would like to help them in their quest to securing the company. But since they don't know how to communicate with us, we just get angry and belligerent. What we do is to understand, what are you really trying to say to us about the security? And why Zoom may not be the most secure line I want giving out your passwords and when they're doing a call and they can see into your house, that may not be the most secure thing. So we need to understand it's a two way thing. They need to understand us. We need to understand them.
David White: Very good point. Some, of course, are who I would called enlightened CISO so increasingly the CISO sees themselves rightly so as an enabler, but still needs that communication piece. And I was having a conversation with someone just the other day (Mike Osman) who basically said that by far the biggest step change that mostly CISOs can achieve comes to them when they can increase awareness of security within an organisation. So you're absolutely right, Nigel. There's this big communications piece.
Announcing Your New Role: Chief Zoo Keeper!
3.11. Nigel Risner: If we change their title. Okay. To a chief zookeeper, and we'll plug my book in a minute. But this is a real serious element. If we change the title to a chief zookeeper, the job of the zookeeper is to feed the animals, the food, the food they need, not the food, the CISO member needs. So if I was on the phone with one of your CISO members and he said to me, Look, you need to understand the difficulty is the communication. Need to understand the complexities of the security nature and the trouble you're causing the organisation. I'm now gonna go into panic mode of what I would take to do, being the monkey that I am and I'll explain that in a second. I just won't use my computer because he's now told me that I could literally tear down the whole organisation by pressing a button. If you said that to some of the Lions, they're gonna disagree automatically because they think they're more important than the CISO. So the Lions think they run the organisation. They could do the job without all these people, and they are dynamic people who are straightforward, they don't need any support. Then you have the Elephants who know more about the intricacies of the workings of our organisation, the most CISOs because Elephants are one of these people who just are articulate in the way they do things. They are logistically brilliant that been on the Internet they understand the security systems and then you go at Dolphins who just want to make sure everyone feels safe. The tragedy is that the CISO, giving all the four different animals the same food and not appreciating. We need instructions in the way that I can accept it. So if one of your guys said to me or girls said to me, let me tell you every time you open up your computer, in theory, the world could see inside your PC. Most people like me will be praying that no porn on my computer making sure there's no family pictures. If everyone could see my computer, I would understand that that's a security problem. Does that make sense? David?
David White: Yeah, yeah.
It's Feeding Time At The Zoo - Every Day!
05:19 Nigel Risner: Explain it to me in simple English. Why making sure that I'm secure in my network. I'm secure in what pictures are being shared that I'm not giving out passwords, but they don't do that. They just do a blanket statement in what I call Rhino style. So Elephants that go wild in my book it's a zoo around here. When they go wild, they get very belligerent and they start lecturing if they're go into what I call lecture mode. And they start just telling you how awful everything is and after a while, I just zone out because it can't be all that bad because we didn't use to have CISOs in organisations as apparent as they are now, and we all managed. But in today's world, where everyone is on a computer, where everyone could be hacked, where everyone is handing out passwords and you can see all into people's computers I just learned this week how to share my screen. What I didn't realise what I was literally sharing all my passwords so that you're off the CISO member today is to literally think of himself as a zookeeper and how do you keep your members safe? How do you feed them the food they need to make the operation work, not to shut down the zoo? Because that's how we feel that CISO people are, but they don't want to do anything. They want to make it so hard for us to do business. We just can't be bothered.
David White: Yeah, I can see that perspective. Of course, that's not what CISO's do want to do.
Nigel Risner: No, they definitely don't want to do that. I'm saying that's how sometimes they appear that they appear that way, so I get defensive. They then tell me how important their job is and I didn't say 'do you not understand and what my job is'. Have you ever played squash, David? Yeah. If you wanna win in squash, what's the position you need to play? Where on the court do you need to be.
David White: Wow. Okay. I don't know the answer to that one.
Nigel Risner: You need to meet the middle of the court. We need to control the court. That's exactly the same with communication. Whoever holds the central position and understands the needs of their players, that understands the needs of their team, understands the need of their delegates. They will then win the game of security. But if you tell me that by opening up my Facebook browser, I'm gonna shut down the whole company. That can't be right, because I've been opened up my Facebook for the last three years, four years. So there's a balance between heavy security which we understand why they need it on an understanding of what we need to do to make it simple that we don't give away trade secrets.
David White: Well, it's interesting. You say that because it all sounds very complicated. We do want to make it simple. But first of all I think there's probably quite a few CISO's' that will see for people around them as animals anyway.
Nigel Risner: And that's a given
David White: I think I think that's a very, very good basis to start for lots of people. I don't know that they would have thought of themselves as zookeepers.
Nigel Risner: No they don't, but we need to make them zookeepers that's the point.
David White: Yeah, yeah, yeah, I know, but it's a good one well made as well. Um, and then we need to see them feed the animals, the food that they like.
Nigel Risner: Not the food that they want. That's the key point. The CISO's got to give me food in simple bites that I can understand. I'd be told why security is so important not to scare munger me that I then don't wanna open up my computer.
David White: Okay, So how does the CISO know what animals he's got?
Nigel Risner: By really listening, so if you if I said to you: David, are you going on a holiday when the lock down finishes? Are you gonna go on holiday? David?
David White: Yes.
Nigel Risner: Where you gonna go, David? Roughly. Where you gonna go?
David White: Almost certainly Finland.
Nigel Risner: Okay, so the very nature of the way you answered the question tells me you're probably a LION with Elephant tendencies. Ask me the question.
David White: Where you going on holiday?
Some People Are Listening. And Some People Are Waiting To Respond
Nigel Risner: I've got no idea. It's gonna be somewhere hot, somewhere fun. So easy to get to, probably Florida. Okay, and the very nature of what I just said tells you I am a monkey, because I'm not giving you an exact answer that quite know where I'm going. I haven't booked it yet. I haven't even gone online, but Lions and Elephants will be very exact with their information and the more you listen, the more you will be able to communicate the right language with your CISO staff. All right, so there's a lovely line. That says some people are listening. And some people are waiting to respond. Ah, and the more you listen to your staff, and your going to like this, the same letters in listen are in silent.
David White: Yes, that's true, yes.
Nigel Risner: So if you listen to your staff and you don't prejudge them, I promise you your communication could be much easier. But the problem is when we're under stress and normally security, it's what I call a stretched conversation. And rightly so. By the way, the very nature of what you've got to share means that you're anxious. You're short. You're demanding your belligerent. You're telling people the way it's got to be and often, there's only one way it could be. You shut down the computer at five o'clock, you back up all your stuff to the cloud on, you must turn it off. You don't have a camera here. I want to check the way it's being recorded. I have no idea was what's being said here. We have been doing this for years. I think, are you recording this meeting, David?
David White: I am. Indeed.
Nigel Risner: Where is it? On the cloud. Where is it going? Who's going to see it? Who's going to hear it? Those questioned. I've never, ever thought about ever in my life until just this second, because we're talking about security, and you're gonna be thinking you think about that all the time? Yeah. So before we even start the conversation, you know, my laptop is open. I'm on my video. You In theory, if you chose to go into video, you'd see my whole office. You could see my wall. You could see my certificates, you could see my date of birth and probably my bank statement I don't even think of that as a problem. No, but you'd be saying where you need to make sure what can the other person see and I forget that because there's a little box on my computer. That's all you can see. You've got a full screen of my whole office. Well, well, So take a screen shot. Save it. Then open and enlarge it. You could probably find my name, my address where I live. Date of birth. All of a sudden I'm a security hazard.
David White: Well, actually, there's two sides of this particular coin, so yes, there are security hazard as one side. But the other side of that same coin is what is it that you can do if I was the CISO of your firm? What are the things that you can do and how would I best tell you the things that you could do that could actually protect you and your environment so I could actually increase the strength or security of our organisation if we were within the same organisation? By increasing your awareness of security and helping you to understand what to do about managing your own security?
How To Get People To Listen
12:52 Nigel Risner: You know what I just heard David? When you spoke, you know, I just heard blah, blah, blah, blah, blah, blah, blah, blah, blah, blah, blah, Security, blah, blah, blah, blah, blah, blah, blah, blah, blah. That's what I just heard. I turned off about three seconds into that conversation. Well, because I never saw the benefit of what you were just saying. If you want to make it sexy and communication has to be sexy. Otherwise people turn off. That's why The Sun newspaper has a headline the way it does. That's why the Daily Mail has a headline the way it does. The beginning of the news at six has a big headline because it draws me in and I want to know more information. Can you imagine if you were just a newscast reader and you just said that, you'd have about 70% of people turn off. It's not that you don't communicate well, it's' you're not communicating in my language. Mmm. You can tell this interview is live. And we never rehearsed it because no one else will be that rude back. But that's what you want about communication. Most people don't tell you what they're thinking whilst you're sharing. You see, what I'm saying is you share your information and you just assume that I understood what you said. All right. You think they would have done the security briefing with all the senior members of staff and everything should be better now, I promise you, 50% get listened to the statistics. 50% of all communication that CISO members do, people don't understand. 50%!
David White: So I should be saying something like Hey Nigel.
Nigel Risner: There you go, now I know you are talking to me. I'm interested because you used my name. You go for it.
David White: Hey Nigel. You could save a fortune. Let me tell you how.
Nigel Risner: Right now it's the second trigger. I'm gonna save some money. Yeah.
David White: All you have to do is to be careful about the way you do things.
Nigel Risner: Right? So you made it simple because I'm a monkey. That's the third thing. And one more thing, I think that's the point, David. I've been doing a tutorial for you if you make it personal and you tell me it's gonna be simple and its gonna save money and it's going to save the future of the business and what this is going to do to make your job even easier is: I'm up for that. Okay, now that's me is a Monkey. If it was me as a Lion, and you said to keep you number one in your industry and to make you the most secure so we never have an investigation of our business. This is what you need to do to keep you on top of your game. The Lions would love that. Mmm. The Elephants are gonna want a PDF document of 17 pages from Wikipedia to understand the nuances of security under the 92761 A law by line 4 2 6 that tells you why security is important. Where as the Dolphins are going to say if you and your family want to continue having zoom meetings and you wanna have party conversations t here's just two things you need to do so that all of this will be secure. Ah, and all of a sudden. Now you have 85 to 90% buy in when really changing your communication. All of a sudden, you would engage with more people. So we then wrote a follow up, but called Zookeeper Rules For The Office and when we wrote that we went into even more detail about why communication is just so important in the workplace.
Special ESORMA Only Offer
David White: I read some of your earlier books. I'm not sure that I read that one.
16:40 Nigel Risner: It's brand new, 12 years of research the Elephants are gonna love this there's loads of research in this. And these graphs and his exercises the monkeys get bored.
David White: The monkey's can flick through.
Nigel Risner: Yeah. There's lots of great pictures with tonnes of graphics, great colour pictures. They're gonna love it.
David White: Do you have a special offer on your book?
Nigel Risner: They all CISO members this week. If they buy one, we sent them the other one free of charge.
David White: All right. Okay. But you've got more than two books.
Nigel Risner: Just five books, but they're not going to read the others. There's to complicated. Yeah, the IMpact code is my original work. And then we got Zookeeper Rules For The Office, and It's Zoo Around Here. They're the three best book for your members.
David White: Oh, cool. Okay.
Nigel Risner: I got a book on networking. They hate networking, CISO members, and they're not into goal setting. So that's why I'm not gonna promote it to them.
David White: OK, I think I've seen the Impact.
Nigel Risner: Yeah, that's my big work that was published by Willey's. It is still a top 10 book and it's published in 10 different languages all around the world.
David White: So what would you be doing right now? Sorry, say the question again. I left the room there. Where would you be right now?
Nigel Risner: I was coming in from Florida today and I was going, you're gonna love this. I was speaking at Edinburgh Zoo tomorrow. Ah, Originally, we were speaking in the monkey house. So Barbara Smith, who is the CEO of Edinburgh Zoo who wrote the forward to my book, invited me to do a presentation for her senior leadership team. I should be flying to Edinburgh literally as we speak.
David White: And where you based? Are you based near London?
Nigel Risner: I'm based in North London, near the South Mimms service station. Do you see I don't pay enough attention to security, I have now told you where I live and everything else
David White: I can see right into your room right now.
Nigel Risner: You probably can, now you know where I live. You've seen into my room.
Start By Understanding Self
David White: Okay? So going forward beyond this lock down situation, what should CISOs be thinking about? What in the long term about managing their Zoo?
18:55 Nigel Risner: The first thing they've got to do is to recognise who they are, so they're probably gonna be Elephants, stroke Lions. They've got to realise the people they're talking to are different animals and if they want to get their message across and here's something else that CISO members need to understand. If you want to share a message that's vital to the organisation, you've got to share it six times and in different ways. So it might be on an internal intranet site. It might be as a pdf it might be as a picture. It might be as an SMS text message. It might be by email. It might be by phone call. It might be a poster. Sharing an important message once just isn't gonna work. David has your wife ever asked you to go shopping and she's just given you and she's told you over the phone four things she wants ever?
David White: It happened today, okay?
And I bet you didn't bring it all back. I bet you got one of them wrong!
David White: She made up her mind as I walked through the door that I'd missed something!
Nigel Risner: You see, that was just basic shopping. You got wrong. Imagine it was the four things of security to keep your house secure and your family secure. You got one of them wrong. That's 25%. It's because she shared it once and she thought because you kind of went yeah I know, I know. Yeah, I know. You want six eggs. You got two pints of milk, a loaf of bread, and she wants demera sugar.
David White: Were you in my house?
Nigel Risner: I've got security systems in your house too, you see! But the chances of you remembering exactly what she said He's quite small okay, people that me I forgot eight seconds after leaving the house. So then I ring her up and then I can't get through to her. So I buy brown eggs, white eggs, free range eggs, large eggs. Because I can't be bothered to go back? So I come back with 37 items. And she said, but I only wanted four eggs. And what does that suggest? But imagine this was security that she asked me about. Yes, it's as just important in her eyes as it is in CISOs eyes. As making a cake is vital to her. Security is vital to them. So that big a deal to me. So a few people coming to my computer. Is it a big deal? Not really, but it is to the security of my business. Yeah. Yeah. Well, we have a sign in our office, that says do you trust your team? Or do you like your team? Okay, so I like lots and lots of people, but I wouldn't trust them to go. I wouldn't trust him to give them my password to my bank account. My accountant, I trust implicitly, but I wouldn't want to sit on a plane for 25 hours for Australia with because I don't like him that much. CISO members have got to understand is a massive difference between trust. And like, if they don't trust their team, they shouldn't be sharing information with the team.
Who Do You Trust With What?
David White: Well, yeah, well, that's an area of very careful concern all the time. We have to be careful about what we say to members of the team, because we don't want to inadvertently enlightened them as to where our weak spots are. We just really wanted to tell them things to do to make things stronger.
Nigel Risner: If you trusted your teams, you see David, I trust that wherever you're gonna put this interview, wherever it's gonna go has got my best interests at heart. Does that make sense? Yes, of course. I trust you. I don't have a written confirmation confidentiality document from you. I just trust you on. We've worked together three or four times and I quite like you as well. It all helps. Yeah, but you see, I don't have to like you to do the interview. But I promise you, David, if I didn't trust you, I wouldn't be doing the interview Got it, Okay. And there's a major difference in organisations. You don't have to like everyone, so I don't know, David, when I next have my family barbecue, whether I'm going to invite you to my family barbecue. So I don't know if I like you enough for that. But I trust you to share my bank details. Wow. We need to have a major difference there if you work with me. You worked with my team. You need my credit card you need to buy some stuff. Here's my credit card. I don't know if I want you to my family barbecue because I don't like you enough for that. I don't need to like you've to work with me, but I need to trust you to work with you, That's what CISO members need to really think about with their teams.
David White: Yeah. Okay, well, that's really interesting. I've heard it said that by you, I believe, I am probably going to get this wrong about you. A lot of what you end up doing is you specialise in motivation. But sometimes you just wind people up.
Nigel Risner: Well, so I'm much more of an iritational speaker rather than a motivational speaker. That's the one! And the reason for that is if you like me, David and nobody does anything from this interview, I failed my job. If people don't really like what I've shared because I'm being blunt and to the point, but the security of their organization's goes up by 5, 10, 20%. I've done my job. Does that make sense? That makes a lot of sense. So your job is to get the information across in a style they could do something with it and hopefully they'll like you too. If you share the message that they really like you and you have them over to a barbecue and they don't do what you say they've done. You failed your job. So I'm a results orientated speaker. Not an applause orientated speaker.
David White: Okay, But we do like applause.
Nigel Risner: Let me just share. I love applause. And I'm waiting for the chocolate to be sent to me that you promised me that I thrive on applause and recognition. But if you don't do anything different with this interview that we've done, then I failed of my job.
David White: Gotcha gotcha Yeah, well, I think you know, there's a couple of really good points that you have come up with, which is, first of all, you know, to accept the fact that we work with animals, that were a Zookeeper, that we need to talk, sorry, we need to give, we need to feed the food that's right for each individual animal. There's this four types of animal the Lion, the Rhino, or that's the Elephant.
Nigel Risner: The Lion, the Elephant, the Monkey, the Dolphin. There our basic four animals. Yeah, when they go rogue, the Lions were turned into Tigers and they'll eat you. The Monkey's turning to Hyenas and they'll destroy you. The Elephants turn into Rhinos and they will crush you. The Dolphins turn into Sharks and they will just kill you.
David White: Right. Yes. Okay. Everything is becoming clear, now.
Nigel Risner: If people want to read more information or they want to do the quiz on my website, which is at Nigelrisner.com. They will find out exactly what animal they are and if they want to buy one of the books and they mention David White and CISO we will sent the additional book free of charge. Just because they're members of your team.
David White: Good man Nigel, thank you very much. All right. Have we said everything that you'd like to say because I'm a little bit overwhelmed?
Nigel Risner: Well, I'm a monkey so I'm now bored, okay? And I need to go and play and eat some chocolate. If I wasn't out, this will be five hours long.
David White: All right. Okay. Well, Nigel, thank you very much. That was, as usual, interesting, enlightening and motivating. I really glad I had this chat with you, thank you very much. Thanks for the opportunity. I'm sure those listening will visit your site. Nigel Risner dot com R I S N E R. Very well, with the help of your books. Is there all great? But the two in particular was the newest one, called? Zookeeper Rules For The Office. Zookeeper Rules For The Office. Yeah, that one sounds very appropriate. I look forward to receiving your order, David. Yes. Yes. Been good to hear your perspective. I'll be the first. I think you would prefer that order to chocolate, wouldn't you? Exactly Right. And I look forward to receiving your order in the next 15 minutes, and we both benefit. All right. Going back to the right. Been good to hear your perspective and points of view.
Nigel Risner: I look forward to being at one of your live events when this lock down finishes.
David White: Well, yes, and I really understand the comment that you made there, which was to communicate multiple times and the way I like to put it is to communicate the same message using multiple media. Basically, it's the same thing you're talking about using different language to talk to the animals aren't you.
Nigel Risner: Exactly right.
David White: So I really happy to hear that as well. Inside information on what we can do to raise awareness. Thanks very much for joining us today. And good luck with the future. Thank you, everybody, for joining this mastermind session and, please join me in thanking Nigel. Thank you, Nigel. Thank you. All right. If you'd like to know more about where you could download a transcript or to listen into more of our mastermind sessions, visit esorma.com. That's E S O R M A dot com And look for the mastermind recordings page, there's a link across the top of the website. Thank you. And I'll speak to you all again. Bye. For now.
