In November I reviewed the book "Leading Change" by John Kotter. I highly recommend anyone involved in or leading a security awareness program read the book. Mr. Kotter is considered one of the world's leaders in change management and provides a wealth of knowledge on how to ultimately change behaviors. I just finished his follow-on book The Heart of Change. You definitely want to read Leading Change first, but if you find yourself wanting to learn more then I highly recommend his follow-on book. Heart of Change walks through the same 8 step process for organizational change covered in Leading Change, but goes into more detail in each step, with more case studies and examples. Some of the steps also have exercises to help you complete them. For example, one of the steps I feel our community is the weakest in is developing a Vision (Step #3). Mr. Kotter defines a vision as the end state where all the plans and strategies will eventually take you. I feel we need to do a better job explaining to people at an emotional level where we are going and why. Mr. Kotter then provides four case studies of how this was done (my favorite was the "The Plane Will Not Move" study). He then provides an exercise that can help you form that vision. For the exercise you create an 'article' for Fortune magazine about the results of your security awareness program, to include key points such as:
- How your organization is different.
- What do customers say about your organization?
- What do employees say about your organization?
The more I work with organizations around the world on their awareness programs, the more I realize that it is the soft skills that our community are lacking. Experts like Mr. John Kotter can help us fill those gaps.