My 3 Words for 2021 – Room, Render, Rally

I ended 2020 looking back. I am starting 2021 looking up.

I’ve been doing my 3 words since 2011 thanks to Chris Brogan for introducing me to the idea. As Chris describes the concept in his post:

The My Three Words idea is simple. Choose 3 words (not 1, not 4) that will help guide your choices and actions day to day. Think of them as lighthouses. “Should I say yes to this project?” “Well, does this align with my three words?”

Chris Brogan

In 2011, my first 3 words were Create, Move, Matter. I was turning forty that year and it was time to set a plan, make sh&t happen and find my passion. In 2020 my 3 words were Build, Brand, Balance. 2020 was all about seeing things through by staying true to myself and my team and our convictions and finding an actual work life balance, so I can be the best dad, husband and friend I could be. I had a daughter entering her last year of college another leaving home and starting college. We were becoming empty nesters, so balance felt right. The only problem – I never found it. Despite a global pandemic and working from home full time – physically being closer to my family, like many of you, I worked longer hours, nights, weekends. Maybe work was an escape. Maybe a coping mechanism for dealing with uncertainty. The uncertainty of the pandemic. The uncertainty of my daughters’ high school graduation, college experience, career opportunities. Who knows. All I know is that I failed to find balance. I failed to use my third and arguably most important word – balance – as a lighthouse.

Well, no change, no change. That’s one thing I love about starting a new year – it’s not really starting over, but it is an opportunity to reflect and hit reset on things that matter most – to establish new lighthouses and start fresh. That said, after some serious full focus planner reflection on 2020 and looking ahead to 2021 with all the optimism in the world and a ton of momentum – I landed on my 3 words:

  • Room: Room replaces balance and rises to the top of my 3 words. I’ve been doing a ton of reading on productivity and leadership. I recently riffed on a 2021 goal to take my time back and it dawned on me. Balance is not something you find. Who is this day and age can find time? It’s not about finding time to find balance, it’s about consciously, purposefully and deliberately making room. It’s about taking the time to make time matter. It’s about ruthless prioritization and making the room for what’s most important in life and work. Make the room and I’ll create the life work balance I’ve been searching for.

  • Render: Render is my output or outcomes word for 2021. It’s to “provide or give” and to “cause to be or become; aka make.” It spans everything from reading more books to writing more content to finishing home projects my wife and I have put off. Render is helping my girls explore and discover their passions – to render whomever, whatever, wherever they want to be and go. It’s about doing the same for my team and teammates at work and my community. Gone are the days complaining about Zoom meetings and feeling like I got nothing done. If I make the room, every day is filled with output and outcomes. Every day about rendering.

  • Rally: Rally is my action word. Nothing beats a great Nadal-Federer rally in tennis, or a bottom of the ninth, two-out Cubs rally and walk-off win. A rally is exciting, energizing, euphoric. It’s filled with purpose and passion. When done with conviction, a rally sparks confidence and becomes contagious. A rally creates experiences, milestones and memories that live much longer than in the moment. If I make room and always render, then 2021 will be filled with some great rallies that will move more than myself forward.

Insider Threat vs Insider Risk

Source: Code42

Words matter — especially in the buzzword utopia that is information security marketing. Let’s add another term to an ever-growing list — insider risk. While insider risk and insider threat are often considered synonymous, in all actuality, there is a difference. And the difference is in the very problem you are trying to solve. Here’s my take.

Insider Threat is a “User Problem”

Probably the most respected definition was written (and updated in 2017) by Carnegie Mellon’s CERT Insider Threat Center:

“Insider Threat – the potential for an individual who has or had authorized access to an organization’s assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.”

According to CERT, insider threat is all about the individual, the person, the employee, the user. Every possible user action that may cause harm to an organization is covered. That includes fraud, IP theft, sabotage, espionage, workplace violence, social engineering, accidental disclosure and accidental loss or disposal of equipment or documents. 

Given this widely accepted user-centric definition, security buyers often look to user-centric tools — like user behavior analytics (UBA), user and entity behavior analytics (UEBA) or user activity monitoring (UAM). Tools like these collect and analyze mountains of user activity metadata that gets pumped into a SIEM, correlated with other data and automated through a SOAR. Voila — your insider threat problem is solved.  

If only it were that simple. The truth is that user-behavior and monitoring tools are just one piece of the puzzle. Relying solely on UBA, UEBA or UAM tools can keep you guessing at what, I mean who, is a real threat.  

Insider Risk is a “Data Problem”

Insider risk is a different ball game. When it comes to managing or mitigating insider risk, the focus shifts from centering solely on the user, to taking a broader, holistic approach to understanding data risk. No standards body, to my knowledge (unless you consider Microsoft a “standards body”), has defined insider risk. So, we created a (short and sweet) definition:

“Insider risk occurs when data exposure jeopardizes the well-being
of a company and its employees, customers or partners.”

The keywords are “data exposure.” Insider threat is a user problem. Insider risk is a data problem. At Code42, we solve for both, but our approach centers on the risks of data exposure. Heck, our product’s console is called the “Risk Exposure Dashboard” and our annual research report is titled the “Data Exposure Report.” The fundamental difference between user-centric insider threat tools (UBA, UEBA, UAM) and an insider risk solution like ours is that they take a policy-based approach, whereas we take a math-based approach. Our approach takes into account all sides of the equation:  

File + Vector + User = Risk

  • We look at all data (not just classified data) 
  • We factor in vector detail (endpoint, cloud, email, trusted vs. untrusted domains, corporate vs. personal) 
  • We consider every user (not just users with current or past privileged access)

When all three variables of the equation are taken into account, you end up with an insider risk signal that is — dare I say — real. Here is an example:

File +Vector +User =Risk 
Sales Strategy  presentation not labeled or tagged as sensitiveUploaded to Dropbox – an unsanctioned cloud serviceThe user changed the file type, zipped it and encrypted it

The indicators of insider risk resulting from data exposure are stronger when factoring in the data, vector and user file activity (threat context). There are dozens of insider risk use cases like the one above that completely fly under the radar of most security tools, hence the reason to approach insider risk holistically:

  1. The tool by rule watches labeled or tagged data (e.g. DLP)
  2. The tool by rule watches specified vectors (e.g. CASB)
  3. The tool by rule watches on-network employee application usage (e.g. UBA, UAM)

Now, you could take your DLP solutions for endpoint and email, your CASB, add UBA for users, and pull in network logs, identity and access management logs, etc. into your SIEM, run all kinds of policy-based correlations and queries and say you’re covered. This rules-based approach is designed for large, sophisticated and mature security teams — and even the most sophisticated security teams are strapped for time and frustrated with all of the complexity and noise involved in maintaining such systems. And after it’s all said and done, are the systems even working? There are countless examples that they are not.  

Insider threat or insider risk? It comes down to deciding to take a policy-based approach centered on human foresight or a math-based approach centered on data exposure.  When it comes to solving for insider risk, follow a simple formula and do the math. Because at the end of the day, math — as opposed to guesswork — always wins.

Finding focus by taking my time back

As I reflect on 2020 and think about 2021, one thing became abundantly clear – I never created, thus never committed to the foundations of Full Focus – the daily ritual and ideal week. Quarter after quarter, the pages were blank. As a result, the very habits and rituals I set out to establish in 2020 never got off the ground. Sure, I had a morning ritual: shower, listen to a podcast, walk to Caribou Coffee, order a large cold brew, walk home, plan my day. But, after that, my day was in the hands of others and Zoom all the way up to 5:00, or until everyone else’s ideal day came to a close.

Then, our company created Thinking Thursday’s – this block of time on Thursday mornings where there are no Zoom calls, no meetings, ideally no Slack messages or email. Three to four hours to just read, think, write, reflect – whatever and however we chose to use the time. Many used the time to “play catch up” on tasks, actions, emails, projects, but for me, that defeated the purpose of Thinking Thursday. It’s designed to be a time for curiosity, ideation and epiphany. A time to read, write and render. A time to reflect, reimagine and reframe. I took the time to do just that and create daily rituals and my ideal week.

I started with four buckets of time and gave them an identity – a personal purpose.

  • Mind Heart Home – Time to connect with myself, family, friends.
  • Read Write Render – Time to create ideas, plans, content.
  • Teamwork – Time to collaborate with co-workers, peers, partners.
  • Tasks – Time to complete actions, emails, updates.

Then, I thought about how much time should be dedicated to each bucket – a personal promise.

  • 45% Mind Heart Home – Time to connect with myself, family, friends.
  • 20% Read Write Render – Time to create ideas, plans, content.
  • 25% Teamwork – Time to collaborate with co-workers, peers, partners.
  • 10% Tasks – Time to complete actions, emails, updates.

Then I began mapping the my ideal week. I looked an my current calendar, my commitments, my projects, plans and priorities. Since I’ve been known to think in PowerPoint and Google Slides – I call it “slideation” – I began visualizing my ideal week and creating blocks of time for each personal purpose. Where I ended up was crazy close to my personal promise.

  • 47% Mind Heart Home
  • 19% Read Write Render
  • 25% Teamwork
  • 9% Tasks

I’m not calling this a new year’s resolution. It’s more of an end of the year commitment to take my time back. Once I commit, I just might create the very habits and rituals I need to have full focus and reach my goals in 2021. I guess only my time will tell.

My last five years summed up in four words: no change, no change.

Early in my career, I heard Andy Grove speak and he said something that stuck with me to this day – “no change, no change.”  I took this to heart early in my career jumping from one marketing discipline to the next trying to find my passion – and I take it to heart today having found my passion in product marketing. There’s one thing about product marketing –  just when we think we have it figured out – things change. 

Change is what fuels me. I’m not averse to change. I am one of those marketing leaders that is not afraid to tweak positioning and messaging – and tweak it early and often, admittedly driving my peers crazy, but change is inevitable and when you know something is not working – you change it. 

“Know the buyer more than anyone else.” That was the mantra, vision, purpose, rally-cry of my Product Marketing team when I joined Code42 in 2016. It was perfect at the time. We were entering new markets with new products. We need to first and foremost know our buyers. The more we learned about our buyers, the more we understood the market.  The more we learned about our market, the better we could segment it.  The more success we had targeting specific segments, the more we learned about our customers in those segments. Wash, rinse, repeat. 

If Product Marketing was to succeed selling new products in a new market, we had to change. We changed from Product Marketing to Portfolio Marketing. We rallied around a bigger purpose to “know our buyers, markets, segments and customers more than anyone else, so we could be the best product evangelists we can be.”  We hired, developed and grew into a talented team of trusted advisors for the company. We built sales and marketing playbooks, message maps, web pages, content and training. And to this day we are constantly redefining (i.e. changing) product launch. 

Most of the time change is quick, tactical, a tweak here or there. Then there are those times when change is disruptive. When it’s not a tweak, it’s transformational. I call them market waves and they come once every ten years –  if you’re lucky. If you don’t catch them at the right time, you’re out. 

That’s what I love about Portfolio Strategy and Product Marketing (yes – my team’s latest positioning).  When you know the buyers, markets, segments and customers more than anyone else – you see the waves. You see them way out in the ocean when they are forming long before they begin to crest and crash into shore.  You pick one and start plotting your strategy, your plan, your timing. Then you commit to disrupt, transform, change the very thinking of the buyers, markets, segments and customers you spent years figuring out.  You just defined a new market and it’s energizing as a product marketer because we know it’s probably going to change. 

My read write render epiphany – it’s always personal [growth]

In my last post, which feels like forever ago, I made the personal commitment to start a new routine: read, write, render.  Admittedly, that has been easier said than done, or so I thought.

One thing that is routine for me is the read part. I read everyday.  Just an hour of reading or listening (Podcast) in the morning starts my day.  From random articles coming across my social feeds, to subscribed research pushed to my inbox, to the recommended content from family, friends, peers and coworkers, I’m never short of reading material (probably why I love the Pocket app so much).

Making time for reading is not the issue. It’s the making time to write then render (visually) that I thought was my achilles heel. Take for instance how I started this post, “In my last post, which feels like forever ago…”  – those words alone imply I’m holding myself to some standard on the volume of writing and rendering I push out via this blog or other channels.  That’s not the point of the routine. Read write render is not about unselfish acts of sharing some insight or thoughts with the masses x number of times a week, month or quarter.  My read write render – at its core – is personal.

It’s Always Personal [Growth]

I read everyday to be a better father, husband, friend, coach, mentor, marketer. I write every morning to remind myself of what’s important. I render everyday to challenge myself to think outside the box and always approach things with creative thinking.

Writing is not about turning some new found knowledge into a blog post.  Rendering is not about turning every idea into pictures and pushing it out via social media.  For me, writing and rendering is not supposed to be work. It’s supposed to be routine and in hindsight, I’ve been sticking to a routine fairly well.

From my Focus Planner to my Field Notes to my Idea Reel in PowerPoint, I’ve been reading, writing and rendering constantly. It’s become routine for me. I haven’t felt the need to throw everything that I read, write and render at you.  Instead, focus on the times when what I read, write and render is worth sharing, perhaps worth your time.

Compelled to share

Take for instance this morning.  Combing through Pocket, I read five articles. Two were related to remote work routines. Two centered on strategic focus and one was about scheduling time for creative thinking.  What felt like random topics when I started began to blend and gel into an epiphany, so naturally, following my routine, read turned into write and write turned into render.   This is what I wrote in my Focus Planner for today 08.08.20 under Myndfuel:

  1. Write everything down (Ironic, I know)
  2. Focus on the 30 percent (Steve Jobs rule)
  3. Schedule the work  (Full Focus Planner)