Putting Effective Cybersecurity Measures In Place To Protect Your Business With A-Jay Orr

With opportunity comes risk, and you need to understand what risks your business is undertaking with new technology advancements. That’s why you need to learn how to make effective cybersecurity measures to safeguard your business. Dr. Diane Hamilton welcomes A-Jay Orr, author, veteran, and CEO of Simple Plan IT. A-Jay’s latest book, The Art of War In Business Technology, details how exactly you can implement cybersecurity measures in your business. The key is understanding what your risks are so that you can create a risk management plan. Do you want to protect your business from cyber-attacks? Then this episode’s for you. Enjoy!

TTL 905 | Cybersecurity Measures

I’m so glad you joined us because we have A-Jay Orr here. A-Jay has a new book that’s so timely. He is the author of The Art of War In Business Technology. We are going to talk about cyber security and so much more.

Watch the episode here


Listen to the podcast here

Putting Effective Cybersecurity Measures In Place To Protect Your Business With A-Jay Orr

I am here with A-Jay Orr, who is an award-winning author, a US Army Veteran, cancer survivor, Internationally Certified Project Manager, Founder and CEO of Simple Plan IT, and the author of a book called The Art of War and Business Technology. It’s so nice to have you here, A-Jay.

Thanks, Diane. I appreciate you having me on.

I was looking forward to this, and thank you for your service, by the way. You’ve got quite a fascinating background. I want to get a backstory on you. I know some people aren’t familiar with all my guests, and sometimes it’s nice to hear how you reach this level of success.

The biggest key to my success has been the military. I went into the Army young. It helped to shape me as a person. It gave me the foundation that I needed to be successful. I talk about it briefly in the book that at seventeen, when I enlisted, the Army instilled seven core values in me, which were loyalty, duty, respect, selfless service, honor, integrity and personal courage. It was those seven core principles that helped to shape and mold me into who I became and ultimately led me to start my own business.

Back in 2012, I had been out of the military for about fifteen years then. I was working with an IT company being its front-end project management. I led with integrity. There would be opportunities that have come across that the solution I presented wasn’t the best fit for the client. I would tell them, “We could do this but there’s another organization in this area that specializes in doing what you need. Talk to so-and-so over there, and they will take good care of you.”

What ended up happening a couple of times was the people would come back and say, “A-Jay, we trust your recommendation but we sat with those guys, and we don’t understand anything that they are saying. They are talking over us and the tech talk. We don’t get it. Since you understand what we need, do you mind sitting in on our next meeting to make sure that everybody is on the same page?” I was like, “Yes. It will take 20, 30 maybe 45 minutes. I will sit in and help out. If you have any questions or if you want to help me, think of me as a referral next time somebody says that, “I have tech problems.”

It happened a few times. It happened one time, and the gentleman by the name of John at the end gave me an envelope. He said, “Your time is worth something. Take it.” I got in the car, opened up the envelope, and it was a check for $500. I was like, “I made $500 for literally sitting there and being a translator.” The next time somebody asked, I was like, “Maybe I will ask them that will pay for my time.” Sure enough, they did. They were like, “What’s your rate?” I sheepishly said, “How about $100?” I didn’t think about being a business owner. I wasn’t thinking about starting a business but that’s literally how my business started.

It’s interesting how much we undervalue what we were capable of. I know in my industry in speaking and consulting, it’s challenging to know what to charge, especially during COVID, when people are doing things virtually, the whole industry is upside down. I’m sure you are probably finding a lot more challenges working virtually.

The whole virtual aspect of things, what the pandemic has done is it’s forced everybody to use more technology, which has opened the gates because it’s like, “From a technology perspective, we have been able to do this for years.” We could have done this years ago but the mental constructs around it were like, “We are used to coming into the office. We need people to be in the office to be productive. Once we were forced out of that, they are like, “We can do this, that and the other.”

Now, we are having more conversations about, “What else can we do with technology?” which is cool and exciting. It also brings the other side of the corn, which is the world that I live in, which is with every advancement that technology brings, some risks are involved with that with cyberattacks and hackers. All the same technology that we have to use for good, criminals have access to do for bad. The other side of the coin is where I live at. Technology has been great. Things are going well. There are a lot of opportunities but with opportunity comes risk. Are you understanding what are the risks that your business undertaking with these new technology advancements?

My husband is a physician and his office got hacked. They’ve got the wrong office because he’s old. He kept everything on paper. They tried to extort him. He didn’t have anything that they could use. If he had been more tech-savvy, he would have had more problems. You don’t recognize how easy it is for them to hack you.

I have spoken at cybersecurity events, even though I don’t deal with that, about my stuff ties into every industry. It’s such a hot topic. I teach for a university here in Arizona, that’s a technology-based company. I always try to pick my students’ brains about this stuff. How big is the job market for cybersecurity experts now?

[bctt tweet=”With opportunity comes risk, and you need to understand what risks your business is undertaking with new technology advancements. ” username=””]

It’s massive. There’s a global shortage of security analysts and cybersecurity professionals that they don’t expect to shrink anytime soon because there is so much demand out there because new attacks are coming up daily. I saw a statistic where they said there’s a new virus created every 4.3 seconds. When you think about it from that perspective, a new virus that we now have to try to defend against is created every 4.3 seconds. It shows you the volume that we are up against when it comes to cybersecurity and general risk.

 How much is blockchain going to help all of that?

There’s going to be an interesting development as it starts to make more penetration into other markets. I see it has a very big impact on the whole real estate process. When you think about the title agencies and all of that chain of custody of information to transfer over that asset, it will help to secure that whole process a lot.

When you look at real estate agents and the whole process of buying a piece of property, you’ve got money that’s being transferred into escrow and the title agency that’s holding all of these things. They are prime targets for criminal activity because if they can compromise any part of that chain and get you to wire funds to their account, they have won. Blockchain will help to eliminate that.

I have a real estate license and I worked as a lender, it’s both. I was thinking the table funded certain things and how things work. I could see that’s a huge industry. DocuSign and those things changed that industry dramatically. Think of the faxing and the things that used to occur that we can do so quickly now. You write a lot about technology being non-negotiable, and you can’t be ignorant because this stuff is here. My husband and I did it on paper. It worked. You can’t keep up with the competition in the market nowadays though that way, can you?

That’s exactly the point that I make in the book, which is technology is a tool that is supposed to be used strategically within your business so that you can be more efficient and effective with what it is that you are doing. It’s supposed to enhance what it is you are doing. The question that I pose in the book is, “If your competition is maximizing the use of technology within their organization, how long do you think that you can keep up before they start eating into your market share and stealing your clients?” They can do more with less than what you can do. They can do it faster because they have optimized a lot of their processes within their organization and workflow.

Companies and organizations that are hesitant to make changes, a lot of it is because of fear. They don’t know which direction they should go. There are so many options out there that it becomes very overwhelming. That’s one of the reasons why I wrote the book. The book is designed for the non-technical business leaders to help give them a framework that says, “This is how you can approach technology. Here’s a process for evaluating technology solutions.”

Over the years, I have seen business leaders make decisions on buying technology, software, and hardware for some of the most insane reasons, in my opinion. I had one guy telling me, “We are with this one because I like the color of their logo.” I was like, “That’s how you based your decision?” He’s like, “I didn’t understand everything else. Everything else looked similar. The numbers were close to being the same. It came down to I liked the color of their logo better. The salesperson was a little bit nicer, so I went this way.” I was like, “Those weren’t good metrics to decide on what’s going to impact your business.”

The book helps to lay those things out. It says, “Here’s a process that you can follow to help have that technology solution. Here’s a process that you can follow to set a technology budget,” because a lot of small businesses see technology as a cost center. “We are dumping a lot of money in here, and it’s not consistent,” it’s because you don’t have a process for how to manage that.

What the book is designed to do is to take the non-technical business leader and say, “Here’s a framework that you can operate in to, continuously stay on top of technology so you can see how it changes and how it’s going to impact your business so that you never find yourself behind the curve. At the same time, you are always controlling your budget when it comes to technology, so you are not constantly overspending.”

All that you said compliments the research I did for curiosity. I worked for fifteen years in pharmaceutical sales. I remember when they introduced handheld laptop types of things, and when they first came out, we were keeping our notes in notebooks. It was that long ago. When they came out with the new tech, everybody in the company freaked out. It took longer initially to do it the new way because everybody had to learn it. Eventually, it became the most efficient way to do it.

When I researched curiosity for my book, I found that four things keep people from being curious. It’s interesting because you listed all of them in different ways. If fear, assumptions, that voice in our head that tells us whatever we think, technology over and underutilization of it, the environment and everybody we know.

TTL 905 | Cybersecurity Measures
The Art of War In Business Technology

In my situation, people were afraid of technology. It was too hard. They can’t learn it and that stuff. They made these assumptions that it’s not going to be as easy as what they did. They wanted to underutilize what was out there because it was overwhelming. A lot of it was environmental. Their peers are all saying, “This is stupid. Let’s not do this.” You probably see that a lot in work where one thing leads to another thing, and it holds people down. People start to second guess every decision they have made. We are looking for the thing to go wrong in a way. How do we avoid that thinking?

That’s a good point because it leads into one of the chapters in the book, it’s called Basic Training. I believe that the reason why businesses fall behind when it comes to technology is that they fail to continue to constantly train their employees on how to maximize the use of the tools that they have. I tell people all the time to use the analogy in the book. You wouldn’t go out and intentionally hire an unqualified employee or an unqualified person but at the same time, we constantly employ them because we don’t train the ones that we have to continuously evolve and to continue to grow.

In the book, I give a framework for how you can develop an in-house training program because it’s not just necessarily technology. How do you stay on top of the current trends within your organization? You should build that in and cross-train your people so that they are good in all functional areas. It’s easier to promote from within than it is to go out in the open market and find somebody new.

The way that you curve the assumptions and the fear is by creating a culture and an environment, where it’s okay to learn, advance your skills and try new things. If you can build and develop that culture where it’s open learning and communication, then that’s how you combat the fear of assumption and change by embracing change. In life, change is the only constant. I can count the things you are going to change more so than I can count on them staying the same.

You bring up what I discuss a lot with organizations, then I get the question, “What if the leaders don’t buy into this? What if you are in a lower level?” This is not the culture that they embrace. Can you do anything at a lower level?

That’s the reason why the book is targeted at these business leaders because you are correct. Everything starts at the top. If your leadership doesn’t have buy-in and doesn’t buy into that whole thought process, then it’s going to be a struggle. I don’t like the term cybersecurity because it gives a false connotation of what is at stake here. When I say cybersecurity, most people are going to instantly think of IT. Something with computers, IT, technology, either I’ve got an IT guy that handles that or it’s way too confusing and I’m not going to deal with it.

In all reality, what I’m trying to do is change the narrative and perspective of the conversation, and get business leaders to look at it from a digital risk management standpoint. Criminals aren’t after your computers. They could care less about your computers, your network hardware. They are after your digital assets. Your financials, intellectual property, employee data, client data, and all that stuff exist in a digital format. That’s what they are after.

If you don’t understand how to protect that or where that information exists and who has access to it, if you don’t have safeguards in place that will let you know as soon as somebody accesses it that shouldn’t have access to it, then you’ve got gaps and blind spots. If we can change that narrative at the top and get business leaders to start looking at things differently and say, “Here’s where you are at. This is how you need to approach cybersecurity or digital risk management,” then we can start having more of those conversations. The other part of the coin when it comes to digital risk management is it’s all about the culture.

If I’m a criminal, it’s much easier for me to trick a human being into doing something and inadvertently give me access that is for me to break in through your hardware and fortifying systems. You develop a culture of security over convenience. For me, everything works together. The building of the framework of open communication, constant learning, embracing change, cybersecurity, and security as a mindset and culture, that’s where we try to focus and change the conversation and narrative.

It’s very challenging. There’s a new virus every day. I was watching a show with my husband. It was The Resident. They were showing they’ve got hacked. Every hospital show has been hacked. I’m like, “Can you come up with a new television line?” It started with Grey’s Anatomy and went through New Amsterdam. They all have been hacked. I’m thinking, is it that common that people get into hospitals and scary level things? If it is, what advice do you have for them? Are you telling them to change their mindset and to get help or do you go even deeper and tell them what they need to do?

We go even deeper and help them to put in solutions that they need. The first is, have you done a true evaluation and assessment to understand what your vulnerability points are? Ninety percent of all cyberattacks are the result of human error, either something wasn’t configured properly or an end-user accidentally did something that they weren’t supposed to do.

There are those malicious insiders where you’ve got a disgruntled employee that has maliciously done something, either way, it all tracks back down to a human error or something that a human has done. Rarely it’s just, “They broke into the system. They’ve got past our firewalls.” There was something that was done or left unchecked that led to the breach taking place. With that perspective and mindset, it’s a matter of you can’t stop every threat.

Once again, this is where I get into risk management because there are some risks in business that you are going to have to accept. There are some risks that it’s like, “We need to do everything we can to mitigate that or figure out a way or a position where we can shift the responsibility of that risk over to somebody else by hiring a third-party company that they are going to assume the risk of that issue.”

The key is understanding what your risks are so that you can create a risk management plan that says, “I’m going to accept this risk. We know it could happen but here are the indicators that are going to tell us it has happened. We are going to accept that risk. This is how we are going to respond if it happens. These risks over here, this is how we are going to mitigate it if it should happen.”

[bctt tweet=”Always control your budget when it comes to technology, so you’re not constantly overspending. ” username=””]

“This is how we are going to try to minimize the damage, and here’s how we are going to respond to it as quickly as we possibly can. These risks over here, we are going to shift those over to this company because they provide security services and they are going to assume that risk. In that way, if something happens, we can go back to them that we can hold them responsible for it.” If you don’t know what your risks are, then you have no way to categorize them. Everything starts with understanding what your risks are as an organization, whether it’s your structural setup or the organizational workflow as a whole.

You bring up so many important things that remind me of people I have had on my show. It was Melissa Agnes who was on my show. We talked about crisis preparedness. There’s not a lot of preparedness for some of the things that we are seeing now. This is a very hot topic, but I also had Eric O’Neill on the show, who’s the guy that made the movie, Breach, which is a military story you are probably familiar with. It was so interesting that the guy was an inside person that was doing all this stuff. That was the biggest spy in US history and then the FBI. How often are you seeing people within the company be the problem?

It happens more often than people realize because we have all been in jobs that, at some level, we didn’t like. The difference is most of us aren’t that malicious to where it’s like, “I’m going to get you. I’m going to do something that’s going to negatively impact you.” Even think about it from a salesperson’s perspective.

We view sales as transient jobs. Salespeople very rarely stick with one company for long amounts of time. While they are in there, your salesperson has access to all of your intellectual property because they have to have it to sell it. If they are out there selling your solution and they become disgruntled or they get approached by another company that says, “We can offer you more,” and they get enticed by that, one of the things that you have to be leery of is they know all of your current prospect lists.

They have access to all of that. They understand your book of business, checklist and operational workflows. That’s intellectual property that should be protected. If you are not watching or you don’t have ways to identify, if one of your salespeople is secretly downloading client data and client files because they have plans of taking that with them, then that’s a vulnerability point. Things happen more often than people realize.

It happens in the recruiting business quite a bit. They move around, the headhunters. They go to these different companies, develop a book of business, and then take it with them. Even though everybody says they won’t do that, it seems to happen. Companies don’t seem to do much about it. Anything to protect against that?

It’s not so much being able to protect against it as it is how we minimize that damage. If I can say that this is uncharacteristic of John’s behavior, he’s now downloading a lot of files or he’s attempted to download it, we can put security measures in place that prevent that from happening. It triggers an alert that says, “He tried to do this. This is uncharacteristic. Why is he doing this?”

We can kick that over to the business leader or the management team to do further investigation, “We saw this took place. We want to see if you are having trouble. What can we do to help you get the information that you need?” It opens the door to have a more serious conversation as to, “Why were you doing this? Why did you need this data? What were you trying to accomplish?” You were operating outside of the controls or how we normally operate. Since you were doing something different, we are trying to understand why because if we need to change our workflow, you could approach it that way without being attacked and say we need to change our workflow because it’s impeding you.”

You can have that conversation and curtail the possibility of him stealing your information or uncover the fact that he is disgruntled or maybe there’s a chance you can keep him and turn things. Most conflict happens because of two things, a lack of communication and mutual understanding. They had expectations of A and you’ve got expectations of B. Those expectations weren’t aligned and that becomes a point of friction.

My goal within my business as I look at how we do organizational management, HR, and all that stuff are to have these as clean and clear lines of communication as we possibly can. If you’ve got an issue, let’s talk it out. I would much rather address it in the very beginning before it becomes something bigger because 9 times out of 10, it was a misunderstanding, “I didn’t understand that you were expecting this. You didn’t understand I was expecting that.” As soon as we can clear that up, then we can move forward. That’s the way that I try to operate with things.

Having worked for many different universities, I see a lot of them. You have to get into certain things through VPNs and different things. Now, everybody is trying to work within the COVID situations, doing a lot of discussions over Zoom. People are getting Zoom-bombed and things. How much is that a problem?

That continues to be a problem. We are in the weird space of not being able to control the environments that people are operating in. Unless the organization is going to provide the machine that people are using at their homes or from their remote locations, then there’s only so much that you can expect to be able to control. If it’s my own device, I have to authorize the use of your monitoring software on my personal device. There becomes an infringement.

TTL 905 | Cybersecurity Measures
Cybersecurity Measures: Technology is a tool that’s supposed to be used strategically within your business to be more efficient.


If I give it to you as the company, then I have complete rights. I can enforce different things. It’s that line of how much money do you want to invest in providing people hardware versus them using their own and understand that if they use their own, then our amount of control becomes less. It’s subject to what they are allowing us to do versus what we are going to impose upon them.

There’s so much to discuss in this area, and this is a hot topic. I can see why your book is successful. A lot of people are going to want to know more about how they could find the book, to find you, how can they reach you? Is there a link or something you would like to share?

The easiest way to get ahold of me is to go to AJayOrr.com. On my website, you will be able to find information about the book and any speaking engagement and this hot topic that we are discussing and trying to put good information around this area of discussion out on.

This was interesting, A-Jay. Thank you so much for being on the show. I enjoyed our conversation.

Thanks, Diane. I appreciate it.

This show is going to be a little bit different and I’m excited about it because I’m going to be talking about curiosity. I talk on a lot of other people’s shows about what I work o, but I want to talk to you about the value of building curiosity within your organization. I’m my guest. In addition to hosting this show, I am also the Creator of the Curiosity Code Index. I wrote the book Cracking the Curiosity Code. I give a lot of presentations where I talk about the importance of improving curiosity and getting out of status quo thinking. It sometimes helps if I share a story that you might find fascinating.

A lot of organizations are held back by a culture that doesn’t embrace curiosity, they just go along with the way things have always been. I like to talk about an experiment that I share on stage about hidden camera experiments, where they looked at how quickly people go along with the group. This woman went into a doctor’s office thinking she’s getting an eye exam but not known to her, everybody in the waiting room weren’t patients, they were actors.

Every so often, an experiment was going on where they would have a bell ring. Every time that bell would ring, all the actors around her, which she thought were patients, would stand up and sit down with no explanation. After three times hearing the bell ring and without knowing why she was doing it, the woman stood up and sat down conforming with the group. They thought, “This is interesting, she’s going along with what everybody else is doing. Let’s see what happens if we take everybody out of the room.”

They call everybody back one at a time as if they were patients and eventually, she’s alone in the room and the bell rings. What she does is she stands up and sat down. She doesn’t know why she’s doing it. She’s going along with what everybody else had done. They thought, “This is fascinating. Let’s add some people to the room who are patients and see how she responds to the bell ringing and see how they respond.” The bell goes off and she stands up and sits down, and the gentleman next to her looks at her and says, “Why did you do that?” She said, “Everybody else was doing it. I thought I was supposed to.”

The next time the bell rings, what do you think he does? He gets up and sits down with her. Slowly but surely, what was a random rule for one woman is now the social rule for everybody in the waiting room. It’s an internalized behavior that we call social learning. We see what other people do and we think, “That’s what I want to do because everybody else is doing it.” We reward ourselves because we don’t want to be excluded.

It’s part of how conformity can be comfortable but going along with it, sometimes you get bad habits, you stunt growth and you get the status quo thinking. That can be the downfall of organizations. When we do things just because they have always been done in a certain way, we don’t progress and we don’t look for other ways to find solutions. I want to go beyond that. I want to know why we are doing things. Why is it important? What are we trying to accomplish?

That’s what I talked to companies about because they need to look at how and where are they modeling and fostering curiosity, and what action plans do they have in place to avoid status-quo thinking. Do they have all the answers? How can they take what they learn from different events and utilize that to make some changes?

It’s important because curiosity has been the foundation behind the Model T to self-driving cars. We know that leaders believe they encouraged curiosity and exploration. I have had Francesca Gino on the show. She has done a lot of great research in this area. We know that most of the employees don’t feel rewarded for it if they explore their curiosity. If we want organizations to generate innovative ideas, we have to help them develop that desire to explore through leaders.

[bctt tweet=”Businesses fall behind when it comes to technology because they fail to train their employees on how to maximize it. ” username=””]

My job is to be curious. I ask questions and get information for a living. I do that through the show, teaching, and speaking everything I do. It’s something I want to share with other people because it’s a huge part of what makes companies successful. I look at curiosity as the spark that ignites the process that everybody is trying to achieve. Think of it as baking a cake, if your goal is to bake a cake, you’ve got all these ingredients. You have eggs, milk, flour, whatever it is you take to bake the cake. You mix it and you put it in the pan and you put it in the oven. What happens? If you didn’t turn on the oven, you get goo, nothing happens.

That’s a huge problem that organizations are trying to get. Instead of cake, they are trying to get productivity. They were trying to make money. They know the ingredients. They know they want motivation, drive, engagement, creativity, communication, all the soft skills and stuff. They are mixing those ingredients and what they are not doing is turning on the oven. The oven, the spark is curiosity. If you don’t turn on the oven, no one gets cake. That’s what I’m trying to talk to companies about.

We know that kids are naturally curious. I love a picture from the San Francisco Museum of Art from Life Magazine in 1963. They have these two little girls who are adorable looking through this grate on the wall that they can see behind the air conditioning vent. They are supposed to be looking at all the artwork on the walls because it’s the San Francisco Museum of Art, but what do the kids do? They want to see what’s behind the vent. We were all that way.

Three-year-olds ask their parents about 100 questions a day. At that age, you are just curious, you want to find out how everything works. There’s some time that we eventually lose some of that. Think about it, when did you stop wanting to look behind the vent? Did somebody say, “Stop that, get up you are getting dirty. Don’t look behind there?” We get that, that’s what our parents do, you have to behave but we have seen a big decline in curiosity and creativity.

There are some great TED Talks about the creativity aspect, which ties in similar to what we see in curiosity. It peaks around age five, and then it tanks as soon as you go through school and about the age of 18 through 31. We are even seeing low levels. Sir Ken Robinson has a great talk about how we educate people out of our creativity and competencies. George Land also has a great talk about his work with NASA. He looked at the kids and followed them.

At age five, he found that 98% of children were creative geniuses, and then by the time they were 31, only 2% were. It was a huge difference. George Land says that we have convergent and divergent thinking. He talks about it in terms of we put on the gas and trying to come up with all these great ideas but at the same time we over criticize them, and we put on the brake. Anybody who drives a car knows that if you put the brake at the same time you put on the gas, you don’t go far.

That’s what’s happening to our curiosity and our creativity. I thought, “This is interesting because curiosity can translate into serious business results.” CEOs get that but a lot of them are not investing in the culture of curiosity but some of them are doing some amazing things. I want to talk about what is the cost of lost curiosity. What it is? There are many aspects of what costs companies. We know that they are losing $16.8 billion due to emotional intelligence if you ask the Consortium for EI or if you look at Gallup’s numbers, they are losing $500 billion a year due to poor engagement.

I have seen everything with communications. Holmes has it at $37 billion and I have seen much higher. It depends on where you look but we are talking tens to hundreds of billions for each of these issues, emotional intelligence, communication and engagement. It’s a huge problem out there. Companies know that they are losing money but they don’t recognize the value sometimes of curiosity. We would talk about curiosity, there’s a big innovation factor. We want to be more innovative but we are worried about job loss and jobs being automated.

The majority of the Fortune 500 companies from 1995 are gone. No one wants to be Kodak or Blockbuster. We know that Netflix ate Blockbuster’s lunch. The reason those companies are not here is that they looked at things from the status quo way that they have always done things. They didn’t want to cannibalize their product and the success they had. If you do that, the world keeps moving and you get stuck. That’s a huge problem.

What was interesting to me to study curiosity is that there are a lot of researches on curiosity but there are not the great statistics I would like to see. There’s a state of curiosity report that Merck did in 2018 and it showed that curiosity was higher in larger companies than smaller ones. It was 37% versus 20%, and then Millennials were more curious than Gen Z and Boomers. The US had a higher level of curiosity compared to China but maybe they weren’t as high as Germany. That’s just one report. I would like to see a lot more research done. It’s fun to look at what experts have shared regarding the value of curiosity.

Francesca Gino did a great job with the HBR article she wrote. I loved having her on the show. I hope you check out that show because it’s amazing. In that report, she talked about leaders recognize curiosity is important, and they think that they are encouraging it. We found that most of the employees don’t believe that, only 24% feel like they are curious about their jobs and 70% said they face barriers to staying curious and asking questions. She has done some great research. If you get a chance, I recommend reading that show and also checking out that HBR article.

I have had Daniel Goleman on the show. He was incredible. He talked about how emotional intelligence ties in. He was cute because he said he couldn’t see why I developed a measure of curiosity. It’s because I’m curious. He was talking about an article in HBR as well by Claudio Fernández-Aráoz saying that curiosity is one of the most important competencies in the future. That’s a huge plug for curiosity coming from Daniel Goleman. He was talking about younger generations questioning organizational missions more than older generations. We’ve got into a great discussion about that. I hope you take some time to read to that show.

TTL 905 | Cybersecurity Measures
Cybersecurity Measures: Digital risk management is all about culture.


Another great episode on the show was with Amy Edmondson who has an incredible TED Talk. She gets into curiosity and how it ties into collaboration. She does a TED Talk about teams and teaming and she gets into how the Chilean miner disaster was able to be resolved. A lot of it was because of curiosity. She says, “You’ve got to look at what are you trying to get done, your goal, what’s in your way, your concerns, worries, barriers and stuff like that. What resources, talents, skills, and experience do you bring?” She talks about how they did all that to get those Chilean miners out from under that rock. It is worth watching her TED Talk. All of them have TED Talks that are amazing.

A great guest as well on the show was Doug Conant, the guy who turned around Campbell’s Soup. He did that by asking questions. He asked employees what motivated them, and then he looked at how to build engagement by writing 10 to 20 personal notes six days a week. He counted 30,000-plus, which is huge. When he took over in 2002, they had 12% engagement. By 2009, they were up to 68%. He did some amazing things by asking questions, writing comments and giving input. All that stuff comes out of curiosity.

Another great guest of the show was Zander Lurie, who’s the CEO of SurveyMonkey. They are so much into curiosity. They’ve got permission to change their street address to 1 Curiosity Way. I love that. I was asking him some of the things that they do because they have a culture of curiosity there. They asked, “How can we make our products more productive for our customers? How can we create an environment where people do their best work?” He says, “They do skip-level meetings so that he can find out what works and what doesn’t.”

Those are some examples of people who were on the show. Other examples are fascinating. Some companies like Monopoly, Ben & Jerry’s, VanMoof bicycles, I have looked at some of them to see how they used curiosity to go a step further. Monopoly did some research because they always come out with the dog’s or cat’s version. They didn’t want to come out with another version.

They decided to come out with some research to find out what people did with Monopoly and what they can learn about it. They found out that a lot of people cheat. Over half the people cheat when they play Monopoly, so they came out with the Cheater’s Edition. That was their second-biggest release since the initial release of Monopoly. It was a cool thing.

Ben & Jerry’s got some interesting information. What they do in terms of not getting into status-quo thinking is they don’t keep flavors around forever. They research to find out what’s working. They ask questions, “What’s a good flavor and what’s no longer a good flavor?” Instead of freaking out that their flavors are no longer successful, they celebrate them and give them a burial. I love that. They even have a headstone or whatever on their website. They show this flavor was live from this year to this year. They celebrate their success and then they move on.

An interesting story is VanMoof. They make these bikes and they would send them in packages in the mail, through UPS or whatever they would send. A lot of them were ending up broken, and they kept trying to fix these bikes and this issue with the packaging. They didn’t want to spend a lot more money because if you make the package twice the size, you get a lot more expenses. They are trying to figure out how to do this to make their bikes not break and yet, not go over on the spending.

What they have looked at was the type of box they were using. They have noticed it was very similar to a flat-screen television box. They looked into how many flat screens broke and they weren’t breaking. The only real difference was the flat screens had a picture of a flat-screen on the box. They thought, “Let’s draw a picture of a flat-screen, a little bit of extra ink, and see what happens.” It was a dramatic difference in the number of damaged bicycles. It’s thinking outside the box.

Sometimes it’s just asking questions. Disney did a lot of that. They did some great questioning to find out what was happening with their turnover. The laundry division of Disney as glamorous as it sounds is not. They were losing a lot of people that didn’t love working there and they couldn’t figure out why. They put out a questionnaire to their employees and said, “How can we make your job better?” They didn’t expect to get things back that they could do anything about but they did. They’ve got back great things. They’ve got back things like, “Put an air vent over my workspace or make my table adjustable when I’m folding things that work for my height.” Those are things like, “We can fix that,” and they did.

Going to the horse’s mouth, the employee and saying, “How can we make this better,” was huge for them. Sometimes it’s not just an employee, sometimes it’s leaders. In the book, Cracking the Curiosity Code, I gave a story about Great Ormond Street Hospital in London. They were having a lot of patients that were dying when they were being transferred from one unit to the other.

Some physicians were watching a Formula 1 race car event one night and were impressed by how quickly that that Formula 1 pit crew would take the car apart and put it back together in seven seconds. They are looking at this going, “They did that with no problems and we can’t transfer people from here to here.” They thought, “Why don’t we have these guys come in, this Ferrari team, and can show us any improvements that we could make.” They did get some great ideas, which reduced their errors by more than 50%.

We think inside of our cubicle and inside of our silos but sometimes we need to think outside of even our industry because that can be important. Some of the greatest ideas are from that. I gave you some examples. We know we came up with Velcro from a Swiss engineer hunting with his dog and came back with burrs in his fur. He’s like, “What are these things? Why are they sticking?” What he did was he stuck it under the light to look at it and he saw the way it hooked together and he thought, “Why don’t we try this?” In 1998, they made something like $93 million in Velcro and it was sold in 40 countries. It did amazingly well.

[bctt tweet=”Have clean and clear lines of communication as much as possible. ” username=””]

You have to build a culture of learning. To do that, it’s important to look at some companies that do a great job of it. I know a top company I work with that does that, which is Novartis. Novartis does a great job because curiosity is part of their core cultural value. They encourage employees to spend 100 hours a year on employer-paid education to broaden their interests.

They do everything from paying for them to watch videos, to having them perform in mini TED events, and having employees be the actual speakers, things like that. It’s cool how much they do this. They have the whole month of September as their curiosity month and I’m one of the speakers for them. I know how much time and effort they put into this.

If you look at how much everybody talks about how they liked working at the company, 90% of employees surveyed approved the CEO. Think of how often you see that. That’s a huge thing. I know they are doing some ongoing research about curiosity with me. I’m excited about that. One of their employees is writing her Doctoral dissertation and we are looking at the curiosity, how it compares to if you intervene, and give them some information about things that are holding them back. I’m anxious to share that information when it comes out because I did a lot of research for my talks and my book, Cracking the Curiosity Code, and I looked at so much that’s out there.

We know that there are some great TED Talks from Daniel Pink who wrote Drive. What a great book. Simon Sinek’s Find Your Why and all the stuff that he’s talking about. Carol Dweck’s book, Mindset. All those are huge. I started to look at this curiosity thing. It’s the Max Planck Institute that coined the term curiosity gene because it’s in people and animals. It creates dopamine and it makes us feel good. If you are a bird and just flying around a bush, and you run out of berries, you are going to die if you don’t have the curiosity to go look at another bush.

As I was researching for the book, I wanted to write about curiosity but I’m like, “Where is the assessment that tells you what stops it?” I’m like, “There isn’t one.” That surprised me because the assessments tell you if you were curious or not. That’s all well and good because you do want to know if somebody is highly curious or not. The big five factors will tell you if you are open to experience and things like that but I want to know what stops it. Nobody had studied that so I did. I want to know what holds us back and I found out what it is. It is FATE, which stands for Fear, Assumptions, Technology and Environment.

I want to talk about these separately because fear is about failure, fear of embarrassment, and loss of control. Nobody wants to feel like they said something stupid in a meeting. We all want to feel like we are all prepared. We are all in the meeting and thinking, “I want to ask that but I don’t want to look dumb.” You lean next to Joe, “Joe, why don’t you ask?” It’s better for Joe to look dumb. You don’t want to look dumb. That’s a huge problem in companies. You get a lot of yes-men and yes-women because nobody wants to shake up things or look like they are trying to confront their leaders. Leaders who haven’t modeled the value of curiosity will come across that way.

I have had leaders look at me and say things like I had one guy who asked me to do something. I said, “I would be happy to do it. I have never had to. How do I do that?” He looked at me with disgust and said, “I’m going to pretend I didn’t hear that.” What does that make you feel? First of all, it tells you you’re an idiot. It tells you that you should know this. You should lie and pretend you know things.

We get a lot of leaders who will say, “Don’t come to me with problems unless you have solutions.” That sounded good at the beginning because it sounded like we were going to get rid of these whiners and complainers that didn’t have any ideas but a lot of people don’t know how to solve the problem. If we say that, then we are saying we don’t want to know about problems. That’s a huge issue.

The assumptions that we make, that’s that voice in our head that tells us we are not going to be interested, apathetic or it’s unnecessary, “The last time I did that, they gave me more work.” We all have that voice that talks us out of stuff. Sometimes I will hold up a bottle of water in the talk that I’m giving and ask, “How heavy is this?” They will say 6 or 8 ounces, or whatever.

I will say, “It doesn’t matter. What matters is how long I hold it. If I hold it for a minute, it doesn’t bother me, my arm is fine. If I hold it for an hour, my arm gets tired. After a day, my arm feels paralyzed.” That’s how our assumptions are or the voice in our head. It’s a fleeting thought, no big deal. We get past it. After an hour, we might hold on to it a little more. After a day, it starts to stay with us.

We have to recognize that we might be telling ourselves all these things we could maybe be interested in or maybe somebody would help us learn but we talk ourselves out of it. Assumptions are a big thing. What I found interesting was technology was also a big factor. Curiosity is impacted by the over and under-utilization of technology. It can either do it for you or you are not trained in it or you are overwhelmed by it. Some people had great experiences in their childhood where they had a lot of foundational learning and technology.

Steve Wozniak is one, I love his book, iWoz. He talks about his dad telling him how to connect gadgets. He would come back with all these wires and get things from work and show him how the electronics should be connected, why this wire was necessary and how it brought electricity. A lot of us don’t have that experience. A lot of us might be the greatest mathematicians in the world but if somebody just threw us a calculator or Siri did it for you, you are not ever going to have the foundation behind it.

TTL 905 | Cybersecurity Measures
Cybersecurity Measures: Your salesperson has access to all of your intellectual property because they need it to sell.


There’s got to be times where we have high foundation days where we build without technology and we learned behind it, and then there’s got to be days where we take advantage of it and learn how can we use it, and not become overwhelmed by it. The environment is a big one for a lot of people because it’s everybody from your teachers, family, friends, social media, leaders, peers, past leaders, current leaders, and everybody you have ever worked with. We know that curiosity can be influenced by everybody we are around.

The numbers I gave earlier about how it peaks about age five with curiosity, and then it tanks after that, a lot of that could be going into school and the teachers don’t have time because they are teaching to the test. They’ve got many students in class and they can’t answer why all the time. Our siblings can be brutal. If you do something that they don’t think is cool, you can take the wrath from that. It’s challenging to look at what has impacted us.

That’s one of the reasons why my research was interesting to me because I looked at these four factors of Fear, Assumptions, Technology and Environment, FATE. Those were the inhibitors for the Curiosity Code Index. They were pretty evenly matched. Assumptions and the environment were higher than technology maybe but then you can have an overlap. Fear from technology, for example. It was fascinating to do the research. I studied thousands of people for years to see what inhibited them.

I started by putting a thread in LinkedIn and asking people, and then I thought, “I’ve got interested in that.” I hired people to do all this factor analysis and ended up doing my research because a lot of the research kept coming back in the same fashion of trying to find out if you are curious or not. I didn’t want to do that. I wanted to find out what did inhibit us.

It was interesting to look at the difference between men and women. Men were less impacted by fear than women but they were more impacted by that voice in their heads. They were equal to women in technology but then maybe more impacted by their environment. These results are what I have seen. I would like to see more research done.

It is interesting to take a look at how these different factors impact us. What I do is train people. First of all, they take the Curiosity Code Index. I either go do the training at companies myself or I train consultants to give it or I train HR professionals to give it. If those people get certified, they get five hours of SHRM recertification credit. There are a lot of different versions of training that I offer.

What’s interesting is when they go through the training class, the employees, when they are training about this, they get to find out their results from the CCI. It’s like taking a Myers-Briggs or a DISC or something. It takes ten minutes and you get the big report back, a PDF, within a few minutes of taking it. It’s simple.

They get to get their results, and then they go through this personal SWOT analysis, which is cool because they look at ways to create SMART goals, measurable goals, those things to overcome some of these areas that are inhibiting them. Not only do they do that but then we do a similar thing for the corporation as a whole back to how they did it in Disney. You go to the horse’s mouth, to the employees and say, “How can we fix these things within the company? How can we help you become more curious?”

If there are issues with innovation, engagement, whatever the company issues are, the training classes are a great starting place to go to the employees and say, “How can we make you more curious so we can have this end product? How can we get cake?” You find out and the trainers go back to leaders with this great report, “This is what employees would like to do to help them improve so that we can all improve and make more money.”

It’s important in the future of companies that people have to try it, explore, poke at it and question it. It’s a huge thing that you need to ask yourself about, “How can I be vulnerable and allow this culture of learning? Maybe I don’t have all the answers.” Think about what are you doing to foster curiosity. What action plans do you have? How do you do this in this tumultuous time? Thinking about this, it’s challenging for a lot of people.

I have created a free course, and a lot of people can get a lot of value out of it if they are interested in taking it. If you go to DrDianeHamilton.com and scroll down to the bottom, it offers a free course. If you sign up, it’s a simple thing. They send it right to you and you can learn a lot more about curiosity, the factors, and see lots of videos from the talks I have given. Some of the stuff I have talked about here is in there. A lot of the chapters from the book are in there. It’s a good foundational way to learn more about curiosity. I wanted to give you that information and I hope you check out The Curiosity Code.

Important Links:

About A-Jay Orr

TTL 905 | Cybersecurity MeasuresA-Jay Orr, PMP: Is an Award-Winning Author, United States Army Veteran, Cancer Survivor, Internationally Certified Project Manager, the Founder and CEO of Simple Plan IT and is passionate about helping to advance veteran owned businesses in Ohio through his volunteer efforts with the national non-profit Bunker Labs. He is a digital risk management expert with more than 15 years of experience in the ever-evolving field of cybersecurity. He is the expert companies rely on to provide sophisticated solutions to achieve business growth and maintain compliance. Through his work he helps business leaders to create and implement a framework that allows them to futureproof their business. His company, Simple Plan IT, utilizes behavior-based security solutions to protect businesses from cyberattacks that target their people, control systems, robotics, IoT and smart devices that often times go undetected. He is the author of The Art of War in Business Technology.


Love the show? Subscribe, rate, review, and share!

Join the Take The Lead community today:


Leave a Reply

Your email address will not be published. Required fields are marked *