Tuesday, September 11, 2012

How to Manage the Best in Tech Talent

Yesterday I was affected for several hours by the Go Daddy crash. As I felt my blood pressure spike, I calmed myself by knowing that I had just talked to some pretty smart folks who reassure me that the bad guys who caused it will be found -- and stopped in the future. Here's a recent story I did for Gannett/USAToday.com....
Hackers often are portrayed as basement-dwelling, junk-food eating computer geniuses who enjoy wreaking havoc on unsuspecting people by sneaking into their computers.
Their activities can be criminal and in worst-case scenarios can shut down infrastructures or drain bank accounts.
But some "white hat" hackers are not only chasing these cybercriminals but also thwarting the attacks before they can be launched. With sleuthing abilities that would makeSherlock Holmes proud, the good guys predict what cybercriminals will do next and put measures in place for companies or government agencies to stop them.

CORE Security, a Boston-based operation that employs people around the world, researches what cybercriminals are up to and develops software to plug security holes before the bad guys find them.
"It's sort of like an MRI that helps you see inside a body. We are looking inside systems for potential problems and where an attack could happen," says Mark Hatton, CORE chief executive. "It's a controlled way of looking at what a hacker would do."
Still, the skills needed to track the bad guys across cyberspace require unique talents, and managing these white-hat hackers requires some finesse, he says.
"What I've learned is that you've got to hire people that are really good at what they do — and then you've got to let them do it," Hatton says. "I have to trust that they are choosing the right path."
At CORE, the researchers are extremely savvy computer sleuths who are tenacious in pursuing potential leads on where cybercriminals might strike next. He says employees must be given the independence to decide which trails to follow and be given the flexibility to stay on a case even if they sometimes encounter blind alleys or dead ends.
"You're talking about people who work exhausting hours," he says. "They may come in at 10 a.m. and not leave until 2 a.m.."
Adding to Hatton's management challenges: His research team operates out of Buenos Aires, Argentina, and some employees aren't comfortable speaking English. That has prompted Hatton to change his management style during his quarterly visits there.
The workers didn't ask questions during group meetings, but Hatton learned the reason was because some were very conscious that English wasn't their first language and were embarrassed.
Meeting with them in small groups encouraged them to use co-workers as interpreters, and now Hatton believes communication is flowing better.
Good communication is key not only to making sure information flows smoothly, but it also is critical in retaining workers that competitors such as Google are targeting. Hatton says he makes sure CORE employees understand, starting with the interview process, that they'll be continually learning on the job and developing their career skills.
"One thing I learned early on in my management career is that everyone wants to do something for the first time every day," he says. "We definitely have that here."
Hatton even uses that philosophy to recruit.
"I tell them how it's important that they're always learning," he says. "I tell them, 'You've got to make sure the job is interesting.' "
The average age of a CORE worker is 27, usually male, and someone who may come to work in flip-flops and shorts. When the cyberdetectives need to blow off steam, they can have fun playing on the company ping-pong table.
Still, when it comes to identifying global threats, these hackers are a serious group, Hatton says.
"Our people are highly driven to find the answer. They understand hackers. And even though it sounds like a Hallmark card, they really want to help customers get ahead of these bad guys," he says. "They put a lot of pressure on themselves to try and predict where attacks are happening and how they're happening."
Has Hatton ever considered flipping a bad guy into a white-hat hacker for CORE?
"No," he says. "As soon as someone has emotionally agreed to apply their skills in an unlawful way then that is not someone we would trust being on the good-guy side."

No comments: