Marina Gorbis's Blog, page 1594

Not that long ago, cybersecurity was an issue for the back room. Now, it's made its way to the boardroom and the Situation Room.

In February, President Obama issued an executive order aimed at protecting critical infrastructure, adding the administration's voice to those of Congressional members and corporate leaders in the national conversation on cybersecurity.

Just as government and industry coordinated the telecommunications response after the 9/11 terrorist attacks, the order enlists both public and private entities in assuring that critical infrastructure is continuously monitored and protected from attack.



Cyber threats are growing in intensity and scale. We've seen significant breaches at government agencies and in private businesses, including leading financial institutions and large U.S. media companies. Recent allegations of the theft of top-security information connected to the development of sophisticated weapons and air defense systems have only heightened concerns about the security of the nation's networks.

The public and private sectors need to work together to protect critical assets with confidence and trust — helping manage the risks we know, and getting ahead of those we don't.

There are two primary areas of concern. The first focuses on the concept of enhanced public/private information sharing and developing standards. The second is crafting a cybersecurity framework that addresses risks across government and industry — and to do so quickly. The National Institute of Standards and Technology (NIST) wants a preliminary framework in place by the end of this summer, with a final set of guidelines ready to go in February 2014.

The response to today's cyber threats can't be limited to Washington. Cybersecurity isn't just about compliance with laws and regulation — it's about guarding businesses from the increasing dangers of persistent threats. As importantly, an effective cybersecurity framework has to overcome barriers to continued economic growth — creating an environment that protects and nurtures innovation.

Certainly, the environment is complex. Critical industry sectors from energy and banking to transportation and health care answer to different government agencies or regulators. Therefore, it is imperative that any designated corporate cybersecurity officer sustain strong working relationships with appropriate government stakeholders.

It's encouraging that many business leaders understand the threat. A growing number of corporate boards are demanding regular updates from CISOs or CIOs on their states of readiness. Corporate executives should be asking themselves: how can public and private organizations work together most efficiently; how should a productive relationship develop between the two sides on key cybersecurity issues; and how can threats be addressed while protecting intellectual property and individual rights to privacy?

It is critical that the public and private sectors work together to build a cybersecurity framework that takes into account the very legitimate business concerns of maintaining individual privacy obligations, securing corporate proprietary information, and safeguarding competitive positioning, while promoting an efficient exchange of information.

Not all attacks rise to the level of a Page One headline. In fact, many breaches can damage businesses in significant ways without triggering news attention. Vandalism of websites to full-fledged short-circuiting of networks lead to theft of intellectual property, fraud, and in the most extreme cases, threats to corporate survival.

Take, for example, the energy industry: According to one recent Congressional report, the computer systems that drive the U.S. electric grid are under frequent — even daily — attack. That survey of corporate officials found striking examples of ongoing attempts to steal critical information; one company reported experiencing 10,000 attempted attacks a month.

Every C-level executive has a role in stemming the tide of cyber-attacks. It's not the responsibility of the CIO or even the CEO alone; COOs, CFOs, CROs, CPOs, and the corporate board should be equally invested in sharing active responsibility for the effort. A comprehensive corporate cybersecurity strategy is required.

To that end, all business leaders should adopt the following four steps:

Understand the challenge: An organization's threat profile must be top of mind for all leaders. Creating ongoing monitoring methods and finding resolutions to reporting challenges would allow executives to see well ahead of the curve. Risk intelligence is perhaps more valuable in 21st century business than conventional business intelligence.

Establish accountability: Company management should be requesting quarterly reports on the organization's most pressing cyber threats, to ensure that executives develop, track, and chart metrics which would enable them to quantify the impact of any intrusion. One designated leader, whether the CIO or other senior-level executive, could serve as the nexus for all cyber activities.

Coordinate efforts: A unified approach needs to be exactly that — unified. Assure that cyber security is well-managed not only through company headquarters, but all along the supply and value chain. Developing an effective national system to secure our critical infrastructure requires the coordination of key elements: protocols, sharing of sensitive data, and IT strategies.

Communicate: Government regulation and corporate risk management activity is at a high level. Cyber security officers should maintain regular communication with their industry associations and government contacts to make sure that industry perspectives are heard. Given the pervasive, business-critical role of IT and value of high-tech assets, the case for increased transparency and dialogue among stakeholders has never been stronger.

Nationally, we spend hundreds of millions of dollars on detecting, neutralizing, and recovering from cyber-attacks. There is perhaps no more important financial aspect of running a business these days than data maintenance and security.

While the cost of building an effective cyber defense system could be high, the cost of not doing enough may be even higher. One thing is certain: cyberattacks won't stop while we discuss how to build a protective network, who should run it, and the price tag for implementation.

The solution starts with cooperation across public and private lines, and collectively putting the greater good — America's national security and economic competitiveness — at the top of our priority list.

Data Under Siege
An HBR Insight Center





Why Businesses Should Share Intelligence About Cyber Attacks
Why Your CEO Is a Security Risk
Beware Trading Privacy for Convenience
Four Things the Private Sector Must Demand on Cyber Security

You probably know the famous scene in the movie Glengary Glen Ross where Alec Baldwin's character tells his team to "Always be closing." I wish it were that simple. These days closing the deal, or even getting close, comes with more prerequisites — the biggest of which is understanding. People will not buy what they do not understand. Quality explanations are the key to getting prospects to become customers. I suggest a new motto for today: "Always be explaining."

We rely on explanations so often that we rarely consider how to make them better. Our explanations just... happen. Unfortunately, these organic explanations can fail, especially when we're explaining a complex idea. Often the problem is what Chip and Dan Heath, in their book Made to Stick, call "The Curse of Knowledge." We ourselves know so much about our product or service that we can't imagine what it's like not to know. The curse causes us to make inaccurate assumptions about our audience's level of understanding. The terminology and references that sound right to us come across as confusing jargon to others, and our explanations fail.

Understanding the basics of explanation can serve as a remedy for The Curse of Knowledge and help us think differently about how we explain ideas. This is especially true in the sales process. Whether it's on the convention floor, in the executive suite, or during a product presentation, honing your explanation skills convinces your audience that you understand their needs.

As a professional explainer — I've worked with LEGO, Ford, Intel, and Dropbox to make ideas, products, and services easier to understand — I've spent the last decade digging into why business explanations so often stymie customers and send prospects running. What I've found is that most people have never considered what makes an idea easier to understand or how to approach the process of explaining ideas.

To help, I've provided seven tips to create effective explanations that will work for prospective customers:

1. Make Your Audience Feel Smart, Instead of Making Yourself Look Smart

We want others to think we're smart because in most cases that's rewarded. But when it comes to making an idea easy to understand, simple trumps clever. Fancy vocabulary and extensive background information might impress customers — but, more likely, will just confuse them. Stop trying to look smart and start making your audience feel smart by building their knowledge and confidence. Dazzle them with clarity; it's another kind of brilliance.

2. Explain the Forest, Not Just the Trees

Focus only on features and you'll miss an opportunity to invite your audience to see the big picture. Prioritizing the details of this year's coolest product features isn't an explanation. Customers won't care about the bells and whistles if they don't understand why your product exists and why it matters to them. By zooming out and focusing on context at the beginning of an explanation, you can build a world around your product that enables it to make more sense.

3. Add Details Sparingly

Has this happened to you? You're meeting with prospects about a new product and it's obvious that they just aren't getting it. They stare blankly and stop asking questions. No problem, you think, you can still bring them around with a few more points. It's a tempting move. After all, sometimes one small detail turns that lightbulb on, right? It may seem counterintuitive, but more information won't help someone who's already confused. Imagine being lost and having someone give you directions that include every possible route and landmark to your destination when all you want to know is north or south, left or right. The antidote to confusion is often less information. Don't add detail; come back to one or two big ideas you know they'll understand. Once their heads are nodding again you can proceed, but with caution.

4. Write Less Copy, Use More Visuals

Prospect not getting it? Write more marketing copy, right? No. Jon English said it best: "words are not enough." We're communicating in the YouTube, Pinterest, and Instagram era to audiences who are more visually literate than ever. Though often more difficult and expensive to produce, infographics, videos and diagrams can do the heavy lifting of making explanations work. For example, the popular crowdfunding platform Kickstarter encourages every new project to use a video to explain their idea. The company has established that projects with video have a better rate of success (30% vs. 50%). Videos offer potential funders a simple and compelling way to understand a new idea and why it matters.

5. Remember Your Audience is Human

If you think stories are for campfires, not your state-of-the-art product, then you're forgetting that your audience is human. Stories provide a way to see how a product works in the real world, with real people. And you don't have to be a storyteller to make stories work. In fact, the most effective stories simply illustrate a person in pain who found a solution and now feels relieved. These simple stories offer a way for the audience to empathize and imagine themselves solving similar problems.

6. Focus on Why

The best explanations answer one question: why? Why does this idea, product or service make sense? Why should I care about it? Why does this matter to me? By answering the "why" early in a meeting or presentation, you create a foundation for understanding on which to build more complex ideas. Think of an explanation like a recipe. Recipes are usually focused on "how" to create a dish. The list of ingredients and instructions work, but you may not know why. By understanding why yeast and baking powder are used, for instance, you can start to see the process from a new perspective and make the next dish your own.

7. Your Job is to Inform Smart People

No one likes to be talked down to, and if you approach explanation with the wrong attitude, it can be destructive. Science writer Steven Pinker once shared advice he got from an editor concerning condescension. She told him to treat his audience as if they are as smart as him, just not as informed. Use this important point to set the tone of your explanation. Your job is to inform smart people, not help the slowest people catch up. Remembering this will help you achieve an informative, not condescending, tone.

Follow all of these steps and you too can enlighten clients and win prospects. The first real step in creating great explanations is realizing that improvement is possible. You can become a better explainer and use explanation skills to solve problems and motivate others to care about your message. By employing the tips above, you'll be well on your way to making explanations that work.

A recent teacher-incentive program aimed at boosting student performance in New York City had no effect at all, according to a study of 200 public schools by Roland G. Fryer of Harvard. Experiments in Kenya and India have shown positive effects of incentives, but the New York program, under which schools were eligible to distribute up to $3,000 per teacher, may have been so complex (due in part to union influence) that teachers couldn't predict how their efforts would translate into rewards, Fryer says. The U.S. government has established a Teacher Incentive Fund to provide $1.2 billion in rewards to schools in 27 states.

There is a pressing need for more businesspeople who can think quantitatively and make decisions based on data and analysis, and businesspeople who can do so will become increasingly valuable. According to a McKinsey Global Institute report on big data, we'll need over 1.5 million more data-savvy managers to take advantage of all the data we generate.

But to borrow a phrase from Professor Xiao-Li Meng — formerly the Chair of the Statistics Department at Harvard and now Dean of the Graduate School of Arts and Sciences — you don't need to become a winemaker to become a wine connoisseur. Managers do not need to become quant jocks. But to fill the alarming need highlighted in the McKinsey report, most do need to become better consumers of data, with a better appreciation of quantitative analysis and — just as important — an ability to communicate what the numbers mean.

Too many managers are, with the help of their analyst colleagues, simply compiling vast databases of information that never see the light of day, or that only get disseminated in auto-generated business intelligence reports. As a manager, it's not your job to crunch the numbers; but — as Jinho Kim and I discuss in more detail in Keeping Up with the Quants — it is your job to communicate them. Never make the mistake of assuming that the results will "speak for themselves."

Consider the cautionary tale of Gregor Mendel. Although he discovered the concept of genetic inheritance, his ideas were not adopted during his lifetime because he only published his findings in an obscure Moravian scientific journal, a few reprints of which he mailed to leading scientists. It's said that Darwin, to whom Mendel sent a reprint of his findings, never even cut the pages to read the geneticist's work. Although he carried out his groundbreaking experiments between 1856 and 1863 — eight years of painstaking research — their significance was not recognized until the turn of the 20th century, long after his death. The lesson: if you're going to spend the better part of a decade on a research project, also put some time and effort into disseminating your results.

One person who has done this very well is Dr. John Gottman, the well-known marriage scientist at the University of Washington. Gottman, working with a statistical colleague, developed a "marriage equation" predicting how likely a marriage is to last over the long term. The equation is based on a couple's ratio of positive to negative interactions during a fifteen minute conversation on a "difficult" topic such as money or in-laws. Pairs who showed affection, humor, or happiness while talking about contentious topics were given a maximum number of points, while those who displayed belligerence or contempt received the minimum. Observing several hundred couples, Gottman and his team were able to score couples' interactions and identify the patterns that predict divorce or a happy marriage.

This was great work in itself, but Gottman didn't stop there. He and his wife Julie founded a non-profit research institute and a for-profit organization to apply the results through books, DVDs, workshops, and therapist training. They've influenced exponentially more marriages through these outlets than they could possibly ever have done in their own clinic — or if they'd just issued a press release with their findings.

Similarly, at Intuit, George Roumeliotis heads a data science group that analyzes and creates product features based on the vast amount of online data that Intuit collects. For his projects, he recommends a simple framework for communicating about each analysis:

My understanding of the business problem
How I will measure the business impact
What data is available
The initial solution hypothesis
The solution
The business impact of the solution

Note what's not here: details on statistical methods used, regression coefficients, or logarithmic transformations. Most audiences neither understand nor appreciate those details; they care about results and implications. It may be useful to make such information available in an appendix to a report or presentation, but don't let it get in the way of telling a good story with your data — starting with what your audience really needs to know.

At last week's Electronic Entertainment Expo (E3) conference and show, both Microsoft and Sony unveiled their new gaming consoles which will be released this holiday season. While both systems support a wide variety of games, they each have unique differentiating features. Microsoft's Xbox One, for instance, provides strong integration with television, Internet, and Skype. Sony's PlayStation 4 (PS4) is less restrictive in its digital rights management, which makes sharing games easier and renting games possible.

The most striking difference, however, is their prices. Perhaps feeling cocky because its sales consistently trump those of the PlayStation, Microsoft set the Xbox One's price at a 25% premium over the PS4. The Xbox will sell for $499, while the PS4 has a retail price of $399.

Now for the folks at Microsoft, here's a brief pricing history refresher:

King C. Gillette started selling razors and razor blades in the early 1900's. To get razors in the hands of consumers, Gillette set prices low and made his profit from the ensuing sales of high priced blades. This pricing strategy has been successful and emulated by many other products (printers and cartridges, for instance).

Facebook is the indisputable champion of social networking. How did it gain over a billion members to use its site monthly? It made the price of entry cheap — in this case, free.

Why remind Microsoft of these strategies? Like the Pledge of Allegiance, these two stories should have been recited before every meeting that discussed the price of the Xbox One. The foundation for the battle of the next generation of console-based gaming will be set by this holiday season's sales, and lessons from each example above reveal the importance of setting a relatively low price for the system in order to maximize overall profits.

Due to the make-or-break importance of these head-to-head initial sales, there are two key reasons why Microsoft should lower its Xbox price, matching or even beating the price of the PS4:

The Razor/Razor-Blade Pricing Strategy. Game console manufacturers have long followed King Gillette's pricing strategy: They create game customers by selling consoles as cheaply as possible and then profit from game sales. In fact, consoles are often sold at a loss on the faith that manufacturers will reap hefty profits from the licensing fees they charge game manufacturers to run games on their hardware. On a game created by an outside developer that retails for $60, for instance, it is estimated that the console manufacturer receives a $7 platform licensing fee. Since the profit comes from games and ancillary sales, the pricing strategy is straightforward: Set prices low to get consoles in the hands of gamers. The more consoles purchased, the higher the potential profit upside.

Role of Price in Creating a Network. A growingly important decision factor in selecting a console is the breadth of its associated online community. Both Xbox and PlayStation have closed networks — meaning that if you own an Xbox One, you won't be able to play online against others (friends, expert players, etc.) who have a PS4, and vice versa. In these types of closed networks, the more people who join, the more valuable the network becomes. At a 25% price premium, Xbox is not doing itself any favors in terms of growing its gaming network.

Console prices will drop over time. It's standard practice for new technology to start prices high and then discount in the ensuing months and years. But this strategy may not work for the Xbox. Its premium price is receiving so much publicity that the notion of "it's too expensive" is becoming embedded in consumers' minds.

I get that Microsoft believes its new Xbox provides more value, and hence deserves a higher price. But historically, consumers haven't been willing to pay a premium for the "razor," even if it ultimately provides higher value. In 2007, for instance, Kodak bet the company on a new printer pricing strategy. While Kodak charged a premium for its laser printers, the upside for consumers was that ink cartridge refills were priced at $9.99. While a seemingly attractive value proposition, the strategy did not catch on with consumers; in 2012 Kodak filed for Chapter 11 bankruptcy.

The Xbox One is already starting at a disadvantage: A recent poll by Amazon.com found that over 94% of respondents favored the PS4 over Microsoft's gaming console. This sentiment, coupled with the backlash from its premium price, has created a pall of gloom that Microsoft needs to overcome. The good news is there is still plenty of time to gracefully lower price (or offer a discounted version with less functionality) before consoles go on sale.

The web isn't print.

The way we publish on the web — our process and workflow — is mostly derived from what we know about putting ink on paper. Which makes sense, because for most of human history, print was all we had. In a world of connected devices, we need to publish digital content onto all kinds of different devices, screen sizes, and form factors. Right now, our challenge is dealing with PCs, smartphones, and tablets. Tomorrow, who knows where our content will need to go? As we adapt to a world of connected devices, the way we think about our content publishing process and workflow must adapt too.

Watches and glasses and fridges, oh my

A majority of Americans now own a smartphone. While mobile phones are currently the most common new device type — and the most limiting form factor — it doesn't take a futurist (or a fortune-teller) to know that smartphones are just the start of our problems. Tablets are poised to overtake PCs in sales. Handheld devices span a range of screen sizes and resolutions, forcing us to figure out how to take web pages and adapt them for different form factors.

Beyond smartphones and tablets, we know we'll continue to invent new devices. Smart TVs may be the next major wave of new devices in the home (and you can't talk about the future without mentioning the long-rumored yet never-quite-primetime internet refrigerator.) Wearable devices, like internet watches or Google Glass, offer wildly different interfaces for interacting with digital content. At some point, speech-based interfaces, like Siri or in-car audio systems, will offer up content without a visual presentation layer. Who knows? The next innovation in web content might be something we haven't even dreamed up yet.

Whether you think any one of these new devices is the future, a fad, or a flop doesn't get around the reality of the challenge we face in publishing content to these new form factors. We don't even need to predict which one of these new technologies will capture the public's imagination. Some will fail, but certainly some will succeed. Whichever new devices become mainstream, we will need to get our content onto them.

Publishing content to a variety of devices and platforms is fundamentally different from print. This wave of new connected devices means it's time we accept that the web isn't just a glorified print document. The way we think about content needs to change.

The page is dead, long live the chunk

"The page" as a container is so fundamental to how we think about reading, it's hard to break away from thinking about our content that way. On the web, we've repurposed that model, treating all of our content (text, but also graphics, videos, and other interactive elements) as through they "live" on a particular page. Our editorial processes and content management tools encourage us to treat web pages just like the familiar model of a print document.

You don't have to spend too much time thinking about all these new form factors and device types to realize that the very notion of a page doesn't hold up. Content will "live" on many different screens and presentations. The amount and type of content that's appropriate for a PC screen isn't the same as what would work best on a smartphone or a smart TV. The way content gets laid out, styled, and presented must be different for different platforms.

The future of connected devices is content in "chunks," not pages. Smaller, discrete content objects can be dynamically targeted to specific platforms and assembled into new containers on the fly. Which content and how much content appears on a given screen or interface will be defined by a set of rules, informed by metadata. Content will break free of the page and "live" in lots of different places.

Separating content from presentation

When all we had was a print document (or a web page) it was easy to get away with mixing presentation and styling with content. Problem is, decisions made for one platform about what something should look like don't necessarily translate when the content needs to live on multiple platforms. Anyone who's managed a print-to-web workflow knows that styling decisions made for print need to be stripped out and then re-applied to be appropriate for the web. We might have gotten away with that when it was just print and web, but that just won't work in the future.

A world of connected devices means we must start enforcing better separation of content from form. Our content can't have embedded presentation markup that was intended for only one platform. Instead, we need to ensure that styling decisions are made with platform-agnostic semantic metadata.

It's a people problem

We need to change the way we think about our process and workflow. Specific development approaches — whether it's responsive design or another technique — are useful technical solutions, but they don't solve the underlying problem.

As with all major technology innovations, the heart of this challenge is the people side of the problem. People who create and publish content need new tools and new approaches to help them understand how digital publishing is different from print. Our content management technology and workflow need to adapt and evolve too, so that users can envision how their content will be consumed on different devices. We need new ways of thinking about content publishing that make it clear to content creators what it means that the web isn't print.

Innovations in Digital and Mobile Marketing
An HBR Insight Center





How Advertisers Can Maximize Mobile Conversions
The Mobile Shopping Life Cycle
Quality vs. Frequency: What's Your Mobile Strategy?
When Digital Marketing Gets Too Creepy

In both C suites and boardrooms, discussions about business performance usually center on topics like market momentum, M&A opportunities, capital management, and productivity enhancements. While these factors are important, in my experience they are best leveraged when employees are engaged, aligned, and motivated to win.

In the course of leading six successful turnarounds and transformations at Schering-Plough, Pharmacia, Pharmacia and Upjohn, Wyeth, and two operating units within Novartis, I've learned that culture can be powerfully leveraged to enhance long-term success. Yet many executives don't make culture a priority. It was this disconnect that prompted me to write my recent book, Reinvent: A Leader's Playbook for Serial Success.

Every individual on every team in a company can strive, together, to deliver beyond what is deemed possible. For employees to do that, they need to feel a powerful sense of purpose, reinforced by a culture of ownership, accountability, and continuous learning.

In 1997, when I first took over as the new CEO of Pharmacia & Upjohn, the company had just undergone a merger that had gone very bad. One reason was a disjointed leadership structure — comprised of three "business centers" in Stockholm, Milan, and Kalamazoo, Michigan, and one new "management center" in Windsor, near London — that had been negotiated as part of the 1995 merger. Internal tribalism was hurting the company.

To align and motivate employees to work together, we eliminated all four centers and created one new streamlined operation in New Jersey. We also shrank the corporate management team by half. This also helped us get rid of a few "culture resisters," senior people who opposed constructive change. Pharmacia & Upjohn made a startling turnaround and then merged with Monsanto in 2000 to triple its size to a $52 billion market cap.

These are some of the steps that helped me reinvent through culture:

Set clear expectations

Show the path of the journey, set an ambitious strategy, and get a mandate for change from the people, so they become ready to make the necessary sacrifices.

Role model positive attitudes and behaviors

Leaders, starting with the CEO, must consistently act with the same business authenticity that they want to see in their teams.

At all the companies I led, we published five or six behaviors we all expected of each other so that we could share, learn, innovate, and grow as individuals and as members of a team. I remember visiting our Schering-Plough team in Seoul, South Korea, in 2009 and was impressed with how well our local team had built ownership and resonance with this list of behaviors. They told me they wanted to do this because they sensed authenticity within the top ranks.

Build trust

Trust in the senior leadership team is an important indicator of organizational health. To build trust, CEOs must actively show employees that they make fair decisions, value people, and value good work.

This also means valuing integrity. When I joined Schering-Plough as CEO in 2003, the company was in trouble with authorities over alleged marketing practices. We subsequently cut the commission structure, and I had to face 3,000 employees, most of them unhappy, at the national sales meeting.

I knew my methods were controversial, but I wanted these employees to consider themselves medical information providers, not just commission-driven sales representatives. I told them, as their new CEO, to walk away from any sale that would undermine their integrity and encouraged them to choose long-term trust building over short-term financial gain. Many were surprised at the resulting standing ovation.

The meeting was a game changer. We went on to deliver 17 consecutive quarters of double-digit sales growth.

Execute via a high-performance culture

A culture of ownership, accountability, and continuous learning leads to powerful execution. Leaders should keep encouraging employees to take ownership of both the problems and the solutions.

In 2004, when Schering-Plough had to go into a clean-up mode after severe compliance challenges in manufacturing and marketing, our compliance team, led by Brent Saunders (now CEO of Bausch+Lomb), put mirrors throughout the global network of sites with a phone number to call if they witnessed any wrongdoing. The mirrors signaled our new culture in which employees looked at themselves in fixing compliance and turning the company around.

In today's era of accelerating — and even lurching — change, culture can still lead to unexpectedly strong performance. The good news is that while it requires time, commitment, and a strong CEO leader, a high performance culture can be built into almost any business. And serial success can follow.

In business and in life, the most critical choices we make relate to people. Yet being a good judge of people is difficult. How do we get better at sizing up first impressions, at avoiding hiring mistakes, at correctly picking (and not missing) rising stars?

The easy thing to do is focus on extrinsic markers — academic scores, net worth, social status, job titles. Social media has allowed us to add new layers of extrinsic scoring: How many friends do they have on Facebook? Who do we know in common through LinkedIn? How many Twitter followers do they have?

But such extrinsic credentials and markers only tell one part of a person's story. They are necessary, but not sufficient. What they miss are the "softer" and more nuanced intrinsic that are far more defining of a person's character. You can teach skills; character and attitude, not so much.

Judging on extrinsic and skill-based factors is a relatively objective and straightforward exercise. Gauging softer traits such as will or attitude is much, much harder, and takes one-on-one contact, attentive listening, and careful observation. That's why it's important to approach a job interview more as an attitudinal audition than a question-and-answer period around skills.



Over the years, I have been collecting and reflecting upon questions that have helped me improve my people judgment, especially around personality and attitude. Here are ten key questions to help you better understand the intrinsic "why" and "how" behind a person:

1. What is the talk-to-listen ratio? You want people who are self-confident and not afraid to express their views, but if the talk-to-listen ratio is anything north of 60%, you want to ask why. Is it because this person is self-important and not interested in learning from others — or just because he is nervous and rambling?

2. Is this an energy-giver or -taker? There is a certain breed of people who just carry with them and unfortunately spread a negative energy. You know who they are. Alternatively, there are those who consistently carry and share a positivity and optimism towards life. There is a Chinese proverb that says that the best way to get energy is to give it. Energy-givers are compassionate, generous and the type of people with whom you immediately want to spend time.

3. Is this person likely to "act" or "react" to a task? Some people immediately go into defensive, critical mode when given a new task. Others jump right into action and problem-solving mode. For most jobs, it's the second kind you want.

4. Does this person feel authentic or obsequious? There is nothing flattering about false praise, or people trying too hard to impress. Really good people don't feel the need to "suck up." Those who can just be themselves are more pleasant to work with.

5. What's the spouse like? One of my business partners gave me a great tip for interviewing a super important hire — go out with their spouse, partner, or closest friend. We are known by the company we keep.

6. How does this person treat someone she doesn't know? At the other end of the spectrum, observe how a person treats someone she barely knows. This is what I call a "taxi driver or server test." Does the person have the openness and yes, kindness, to have a real conversation with a waiter at a restaurant or the driver of a taxi? Does she ignore them or treat them rudely?

7 Is there an element of struggle in the person's history? History matters. In our research for the book, Heart, Smarts, Guts, and Luck (Harvard Business Review Press, 2012), my co-authors and I found that around two-thirds of people who were "Guts-dominant" — those who had the desire to initiate and the ability to persevere so crucial in entrepreneurial ventures — had some financial hardship or other challenges in their formative years. Early failures and hardships shape one's character as much or more than early successes.

8. What has this person been reading? Reading gives depth, helps one understand one's history, frames ideas, sparks new thoughts and nuances to existing perspectives, and keeps you apprised of current events. It's a generalization, but the more interesting people I have met tend to read a lot — it's a mark of intellectual curiosity.

9. Would you ever want to go on a long car ride with this person? This is a variant of the "airport test." Years ago at my first job, I was told about the thought-experiment of asking if you were stuck at an airport with a candidate, how would you really feel? In a similar fashion, is this the type of person with whom you could imagine going on a cross-country drive?

10. Do you believe that this person is self-aware? My colleagues and I believe the most important pre-requisite to great leadership is self-awareness. Does this person have an intellectual honesty about who he is and his strengths and weaknesses? Does she have a desire to learn and take appropriate actions based on that awareness? It is usually a more difficult question to answer than the rest — but look for humility, and congruence between what the person thinks, says, and does.



Ask these ten questions about someone, or even a subset of them, and you'll be on a path to being a better judge of people.

Because of the high cost of mounting a proxy fight, the average hedge fund makes less money on its activist investments than on its nonactivist portfolio, Nickolay Gantchev of the University of North Carolina discovered in a study of 1,164 campaigns by 171 hedge funds. A few do score big: A small minority of firms earns twice as much through activism as from nonactivist investments. But on average, the mean $10.71 million cost of a campaign ending in a proxy fight (think of all that printing and mailing) wipes out abnormal gains.

Traditionally, cyber security research has focused on technical solutions to specific threats: for example, how to filter spam or protect PCs and mobile devices against the latest malware. This approach has greatly enhanced our ability to defend information systems against attack. Widespread use of antivirus, intrusion detection technologies, improved cryptography algorithms, and methods for blacklisting infected web sites are just a few examples of how technical advances have improved cyber defense.

Such technical improvements will not be sufficient, however. Today's cyber-issues involve systemic social, economic, organizational, and political components. Ordinary people have little incentive to secure their home computers using available technology; Internet censorship and surveillance is intertwined with questions of free speech and privacy; and concern over Chinese cyber-espionage is now a high-priority diplomatic issue. The mismatch between speed-of-light electronic communications and the time required for human institutions to respond to data privacy concerns is large and growing. These types of cyber-issues must be addressed not only with technological solutions, but also on the social, political, and policy levels.

This task is more challenging than it sounds. Most computation today occurs on the Internet, one of the most complex human artifacts ever devised. Developing appropriate solutions requires understanding networks comprised of multitudes of heterogeneous layered subnetworks managed by organizations around the world, each with their own policies and incentives.

We can tackle this problem using tools from the growing field of Complexity Science.

Complexity science seeks to find the universal principles and mathematics underlying and unifying a wide variety of complex systems, including the Internet, biological systems, ecologies, markets, and economic systems, political systems, and societies. Such systems consist of many independent and self-interested agents (biological cells, firms, nations, computers, and people), each adapting their behaviors in response to their environments and other actors in the system. Global patterns and trends emerge from these low-level interactions that cannot be predicted by a study of the individual components in isolation.

Malicious elements are ubiquitous in complex systems. Just as there are cyber security threats in the Internet, there are viruses, parasites, and bacteria in biology; bullies in social networks; and rogue nations in the international community. Studying the general principles that complex systems use to manage such threats can suggest techniques for tackling the problem of cyber security.

In particular, biological systems have evolved to cope with a multitude of threats such as proliferating pathogens, autoimmunity, arms races, deception, and mimicry. One design strategy that helps biological systems achieve robustness to these threats is diversity — genetic diversity in a species, species diversity in an ecosystem, and molecular diversity in an immune system. Its opposite, uniformity in design, allows us to achieve economies of scale but also leaves us vulnerable to widespread and targeted attacks that exploit homogenous infrastructures.

Cyber infrastructure today resembles biological monocultures, and recent market trends towards vertical integration (Apple), cloud storage (Google), and computing (Amazon's Compute Cloud) will worsen the situation.

Diversity is just one of many strategies that biological systems have adopted to protect themselves and continue functioning in the face of attack. Complexity Science can help us understand how malicious agents affect the growth and functioning of complex systems and suggest how to influence them to mitigate damage.

Complex systems are often regarded as a group of abstract nodes linked together to form a network. The study of these networks, called network science, has successfully identified tipping points in disease epidemics and cascading failures in power grids. In the case of the Internet, network science can provide important guidelines for policymakers — for example, by determining that security interventions by the 20 largest Internet Service Providers (ISPs) in the world will be considerably more effective than relying on interventions by thousands of ISPs chosen at random.

Although network science enables us to understand important common properties of complex systems, it is too abstract to capture the unique factors influencing the dynamics of specific systems. For that we rely on other approaches, such as agent-based modeling (ABM), which allows us to incorporate domain-specific knowledge into a computer model. With ABM we can explore the consequences of allowing each abstract node in the network to adapt or learn, reacting to local conditions. ABM differs from the traditional modeling used in science, such as the mathematical models in climate science, which are based on physics where the primitive elements are not adaptive. ABM is well-suited for modeling systems where economic self-interest and politics intersect with technology, such as in the Internet. In fact, we have shown that when self-interested agents are included in a model of the Internet, policies that seem to be effective in the short-term actually exacerbate the cyber security problem in the long-term. This effect is similar to the overuse of antibiotics promoting antibiotic resistance in bacteria.

Agent-based modeling is particularly useful for studying complex systems that exhibit "long-tail" behavior, where there is huge variability in outcomes. In such systems, real-world experiments with limited sample sizes are often misleading and can misdirect policymakers. Using ABM we can study a large number of simulated scenarios, giving a clearer picture of which cyber security policies will work best in the long run, even with highly variable outcomes.

Game Theory is useful for understanding strategic interactions when parties have competing interests. It is relevant to the Internet, where we see an ongoing arms race between attackers and defenders, between those trying to spread information and those trying to censor it, and so forth. Game Theory can help us understand how better to defend the system, or conversely, how better to evade it. Important concepts such as the "Price of Anarchy" measure how the efficiency of a system degrades through selfish behavior (cyber attacks) and how much cooperation might help. Game Theory is also useful for studying how cooperation can evolve among independent parties, which can guide the choice of policies to encourage desirable behavior. Complex systems rarely eliminate malicious threats permanently. Rather, they develop strategies for managing and coexisting with them in a way that minimizes damage to the overall system.

The best approach to cyber security will emphasize defenses that are robust to unforeseen perturbations, evolvable in response to changing conditions, and self-repairing in the face of damage. By embracing the complexity of today's technological networks and their linkages to human behavior, social norms, and economic incentives, we can make our online world safer and freer.

Data Under Siege
An HBR Insight Center





Why Businesses Should Share Intelligence About Cyber Attacks
Why Your CEO Is a Security Risk
Beware Trading Privacy for Convenience
Four Things the Private Sector Must Demand on Cyber Security