In early 2002 i recall reading and falling in love with Jim Collins book: "From good to Great". I recall being so excited by some passages that i typed out whole paragraphs and sent them around to the rest of the office..

For my last birthday Deels got me Collins other book "Built to Last: Successful Habits of Visionary Companies".

It seems as if he has done it again, with his new (soon to be released) book called "How The Mighty Fall: And Why Some Companies Never Give In"

Businessweek posted [an excerpt from the book], and i wanted to post an excerpt of that excerpt. He covers the 5 stages of a failure (im pasting 3 of them):

1. HUBRIS BORN OF SUCCESS Great enterprises can become insulated by success; accumulated momentum can carry an enterprise forward for a while, even if its leaders make poor decisions or lose discipline. Stage 1 kicks in when people become arrogant, regarding success virtually as an entitlement, and they lose sight of the true underlying factors that created success in the first place. When the rhetoric of success replaces penetrating understanding and insight , decline will very likely follow
2. UNDISCIPLINED PURSUIT OF MORE Hubris from Stage 1 ("We're so great, we can do anything!") leads right to Stage 2, the Undisciplined Pursuit of More—more scale, more growth, more acclaim, more of whatever those in power see as "success." Companies in Stage 2 stray from the disciplined creativity that led them to greatness in the first place, making undisciplined leaps into areas where they cannot be great or growing faster than they can achieve with excellence—or both. When an organization grows beyond its ability to fill its key seats with the right people, it has set itself up for a fall. Although complacency and resistance to change remain dangers to any successful enterprise, overreaching better captures how the mighty fall. Discontinuous leaps into areas in which you have no burning passion is undisciplined. Taking action inconsistent with your core values is undisciplined. Investing heavily in new arenas where you cannot attain distinctive capability, better than your competitors, is undisciplined. Launching headlong into activities that do not fit with your economic or resource engine is undisciplined. Addiction to scale is undisciplined. To neglect your core business while you leap after exciting new adventures is undisciplined. To use the organization primarily as a vehicle to increase your own personal success—more wealth, more fame, more power—at the expense of its long-term success is undisciplined. To compromise your values or lose sight of your core purpose in pursuit of growth and expansion is undisciplined.
3. DENIAL OF RISK AND PERIL As companies move into Stage 3, internal warning signs begin to mount, yet external results remain strong enough to "explain away" disturbing data or to suggest that the difficulties are "temporary" or "cyclic" or "not that bad," and "nothing is fundamentally wrong." In Stage 3, leaders discount negative data, amplify positive data, and put a positive spin on ambiguous data. Those in power start to blame external factors for setbacks rather than accept responsibility. The vigorous, fact-based dialogue that characterizes high-performance teams dwindles or disappears altogether. When those in power begin to imperil the enterprise by taking outsize risks and acting in a way that denies the consequences of those risks, they are headed straight for Stage 4

At [DeepSec] last year i had the pleasure of hearing Ivan Krsti? speak. While some of his arguments had (small) holes in them (which the audience were quick to pounce on), he raised the ugly fact that people like me like to ignore.. That some of us spend a lot more time thinking of elaborate ways to break stuff than we do designing less breakable stuff..

I think for most security "breakers" its an argument that sometimes hits hard, and makes you wonder if you should be refocusing your efforts..

Ivan designed the bitfrost security system for the OLPC and is/was a Harvard academic with strong ties to the Python community. (you can follow his talk schedule here).

It seems, he has just taken a position at [Apple]

We recently wrote a paper contrasting the built in memory protection mechanisms on OSX and its windows counterparts, and concluded the paper with the following lines:

"It can be postulated that OS X currently sits in an unusual niche, staying off the radar of server-attackers while below the threshold to make it an attractive target for attackers wishing to capture large volumes of desktop computers (for botnets or similar activities). Apple would be well advised to make good use of their time in this niche to learn from the mistakes made by those before them, because as their market share steadily rises, they steadily inch closer to moving out of this protected space.... .. We hope that Apple is able to make the necessary improvements before it too is forced into altering its views on generic OS protection mechanisms through the media frenzy that follows public security breaches."

It would seem like with a move like this, Apple are thinking these thoughts too..

/mh

Yvette Du Toit (E&Y - UK/ZA) featured on the latest ITSecurity Pubcast and spoke about her role in CREST. SensePost were invited along, and i showed that while i have a face for radio, i do not have the voice for it.. Ahh.. some day ill find my niche..

Till then, you can listen to the pubcast [here] and SensePosters can grab the mp3 [here]

[Zappos.com] is one of those companies people love to write about. They make headlines for their use of new media and their CEO (Tony Hsieh) is as .com legendary as one gets.. (he sold LinkExchange in 1998 for $265 million and under him zappos went from $1.6 million in sales (2000) to $840 million in sales (2007)).

He recently gave a talk at the [Web 2.0 conference].

He talks about how they invest in the customer experience, free shipping bouquets, and suprise shipping upgrades to get customers products delivered before they expect it.. This is all cool, and im sure people love them for it, but then he goes on to mention their number 1 priority as a company..

"Its actually not customer service. Our #1 priority as a company is company culture!"

He goes on to say "Its our belief that if we get the culture right, the rest of the stuff like great customer service will happen naturally". The remaining 10 minutes of his talk are on why company culture matters..

I have so much i want to say about this, and why i think building and maintaining the right culture makes or breaks an organization, but i dont think i can beat his simple eloquence. "Our #1 priority as a company is company culture, Its our belief that if we get the culture right, the rest of the stuff .. will happen naturally"

/mh