Leadership Moment: The Crowd Strikes Back
In case you missed it, CrowdStrike had a small incident last month. As part of that incident, they communicated a lot. Incident reports. A $10 gift card for coffee for customer admins. Apologies. Full screen ads at BlackHat. Interviews with media from the Wall Street Journal to the Today show.
Crisis PR is hard. Every audience has a different rubric for measuring your communication, and they are rarely feeling charitable as they receive it. For every communication that CrowdStrike made, somebody didn’t like it, and was quick to point out the flaws in it.
That $10 gift card? I’m pretty sure it wasn’t intended as a “we think you should love us now!” I suspect it was a “we’d love to buy a coffee for everyone who needs one because we made them work late hours.” It didn’t help that apparently the program was suspended by UberEats (ironically, for being so widely adopted that it looked like fraud).
That incident report? As a technical reader (one who has broken the Internet in similar, but smaller scale, ways), I was able to understand exactly what happened. But to many, it was arcane, full of obscure jargon, and didn’t cover the process and business failures, so it looked, to the skeptical reader, like CrowdStrike was trying to hide something – the exact opposite of their intent.
Those apologies? Not always delivered perfectly, and no single apology contained all six elements of an effective apology – but it made it “easy” for listeners to hear those gaps as failures to apologize.
What’s a company in crisis to do? Oddly enough, you have to treat your audience in the same way you might react to a boss giving unclear and sometimes unhelpful feedback: listen between the lines for the elements you need to consider doing better at, but recognizing that you need to maintain a consistent communications persona, and not rapidly swing from approach to approach to dodge the latest rocks thrown your way.
Appearances
Recent
Back in May, I presented on You Can’t Measure Risk at the RSAC Conference. I’m pleases to note it was selected as a Top Rated Session! (slide deck & audio at the link)
Upcoming
Aug 7, BlackHat: Book signing: Code Resilience in the Age of ASPM, Cycode’s Book & Breakfast
Aug 21: Security Leadership Social w/ Grip Security (Treehouse Brewery, Tewksbury, MA)
Sep 12: ASPM Book Roadshow (Boston, MA)
Sep 24: HOU.SEC.CON
One Minute Pro Tip: Stop Playing Fetch a Rock
As a leader, we sometimes send our team out with … vague … instructions, not because we’re trying to make life harder for them, and often not because we’re trying to se their inventiveness – but because we know exactly what we want, and we condensed what we wanted down to a simple phrase (“write a monthly newsletter”), and gave that instruction to our team.
And then we’re surprised when they bring us something else. Sure, it’s technically a monthly newsletter, but we asked for a specific version of a monthly newsletter, and somehow, they didn’t hear all the unspoken context that only existed in our brain.
Start providing success criteria: the ways you will judge their work. Ideally, before they do any work, but, failing that, the first time they bring you something surprising, tell them what you were looking for that you expect in the next version – and all the things they got right, so they don’t throw those out and need to start again.
Leadership Q&A: Fetching a Rock
Leader A asks, I’m having difficulty managing the feedback my team gets on our work. A lot of the feedback from our various stakeholders is contradictory, making it hard for my (very competent) team members to feel confident. We’ll take our work through multiple levels of stakeholders, and even when we’ve made them “happy,” when we take it to our C-level executive, it gets rejected as “not good enough.” Are there tangible steps I can take to protect my team from these endless feedback loops?
I doubt it makes you feel better, A, but this is a really common organizational dysfunction, and I suspect that there are several things going on here, which tend to be (negatively) self-reinforcing.