Highwire Named a Best Agency to Work For by The Holmes Report

By Andrew Robinson

Highwire has been ranked by The Holmes Report as the No. 3 Best Agency to Work for in our category — and I could not be more proud! At Highwire, we prioritize a strong company culture that fosters a positive, impactful and inclusive employee experience for nearly 100 employees. Being selected as a Best Agency to Work For is an impressive benchmark. It allows us the opportunity to showcase our vibrant culture within an industry whose primary asset remains its people.

Highwire’s culture and core values are guided by The Highwire Way, which embodies an environment of critical thinking, creative ideation and agile, tenacious execution. This philosophy is engrained in everything we do and enables us to create award-winning programs. It drives our high-touch focus on professional development to give every team member the opportunity to grow and develop. We’re committed to providing the tools they need to succeed through mentorship, quarterly goal setting, continuous coaching conversations with managers and a robust training program that includes a dedicated writing coach.

The Highwire Way defines our focus on balance and flexibility — team members can work from their location of choice, be it the apartment or a coffee shop, each Friday, and participate in wellness events like in-office yoga and small group classes at popular fitness studios.  The Highwire Way also inspired our “No Multitasking Manifesto,” through which we commit to fewer, focused meetings and to honor deep work without distractions.  

The Highwire Way pushes us to work toward a culture where every team member is valued for their unique perspective and life experiences. This year, we embarked on an intensive four-part diversity and inclusion training initiative. Employees took a break from their busy work days to join in an open dialogue about personal backgrounds and experience, effective communication techniques and tools that can be used to better understand our colleagues and our clients.

Highwire Inclusion and Diversity Training

One of my favorite projects that The Highwire Way has inspired is our H-Wow video series. In an effort to ensure employees feel appreciated and recognized for their work across all levels, we created an entertaining way to recognize employees with a “Weekend Update” twist. This internal video newscast celebrates employees and their hard work through peer nomination, and regularly publishes to the agency’s YouTube channel after being shared agency-wide.

From office museum trips to our annual Kickoff event that brings together employees from our San Francisco, New York, Boston and Chicago offices, our “work hard/play hard” mentality has led to a lot of fun times at Highwire. I am honored that our agency has been recognized for the hard work we do every day to create an environment where each employee feels valued and engaged.

What is the Biggest Problem in Cybersecurity Today?

Themes from the show floor of RSA 2018

Viability. Quite simply, the operating environments of organizations have gotten too complex for cybersecurity defenders.

The problem goes beyond not being able to see what is happening in organizational systems to not even understanding the full extent of those systems. Keeping up with the assets under their control and keeping them secure is a new challenge for the modern enterprise.

Asset Explosion

As organizations move to the cloud, their data moves to systems they don’t own. Employees frequently log into corporate accounts from personal devices. Add the growing number of IoT devices connected to corporate networks and the number of ways for organizations to lose control of their data spirals out of control.

This is not to say that responding to and stopping threats is not important, but before organizations can even begin to think about remediation, they have to know what is under attack. Theresa Payton, CEO and President of Fortalice Solutions and former White House CIO noted in a panel that the first step to securing an organization is understanding what assets are under its protection.

What You Don’t See

Two of the top five attacks from “The Five Most Dangerous New Attack Techniques” keynote presented by SANS researchers result from abuse of poor visibility. The first is data leaks from repositories and cloud storage, a growing issue that resulted in several breach disclosures over the last year. It is easy to forget that cloud buckets and GitHub repositories are part of an organization’s assets that can lead to poor configurations.

The other is the rise of cryptojacking. Malware that appropriates processing power to mine cryptocurrency for hackers can remain undetected for months by flying under the radar of systems administrators. Seeing rogue cryptomining activity may be trivial in owned data centers, but when they are outsourced to cloud providers, organizations need to actively search for this activity.

Asset discovery cannot be a static activity though. Data and devices shift so rapidly that organizations need a constant stream of information about the state of their assets so they can adjust their practices accordingly. Dan Schiappa of Sophos said in a talk that asset management and the policies they inform need to take on an almost evolutionary appearance as they adapt to the changing operational landscape.

It’s Not About the Machines: Cybersecurity is a Human Problem

Themes from the show floor of RSA 2018

The annual Cryptographer’s Panel spent the first 10 minutes of their discussion at the opening Keynote yesterday deriding blockchain, the trendiest technology of the year. Quantum computing and machine learning are also banner bearers for technical innovation in cybersecurity.

At the same time, however, experts around RSA have shunned the idea that technology is the answer to cybersecurity. The theme of the show—“Now Matters”—calls for the defender community to take action to prepare themselves for a better and more secure tomorrow. RSA president Rohit Ghal called “the death of the silver bullet fantasy” a major win for cybersecurity. Meanwhile McAfee CEO Christopher Young called for a culture shift across organizations to realize that cybersecurity is everyone’s responsibility.

This theme has echoed across the rest of the conference as well.

Technology Does Not Make Security

Panelists have addressed blockchain in nearly every session, either bringing it up themselves or responding to questions from the audience.

In a panel about building trust in an insecure world, Adam Ross, a manager at GmbH, noted that blockchain does not build trust. It is merely a means to store data, and does little to guarantee that the information it stores can be trusted.

In the same vein, machine learning technology is a valuable supplement to human cybersecurity teams, which are understaffed with skilled workers. But machine learning processes are highly corruptible if not properly secured.

Even encryption, an almost automatic part of privacy and security processes by now, only works if there is a deliberate decision.

“It’s easier to say I can’t than I won’t,” said Moxie Marlinspike, founder of Signal.

Organizations that have taken custody of our data are under constant pressure to divulge that information to governments. If they care to protect our data, they need to build their systems in a way that no one can access it, not even themselves.

The Importance of a Sound Strategy

While technical solutions are an important part of security, it’s how they are used that makes security. In the past, there has been a culture of treating security as an afterthought. Now, the question of how to use that technology is a question that has been the subject of many panels across the show.

While the answer is far from simple, two essential parts of it are building a sound business case for cybersecurity and focusing on outcomes. What this accomplishes is up-leveling the conversation around cybersecurity issues so that executives don’t feel lost in the technical quagmire of the day-to-day operations. It also opens to door to understanding what is important in this task.

Theresa Payton, CEO and President, Fortalice Solutions and former White House CIO, noted in a panel the importance of prioritization. Limited resources mean that no organization can protect all of its data equally well. Deciding what is important and starting a conversation about what a cybersecurity program should do lead to the beginning of a plan.

We will always need innovation in cybersecurity to keep ahead of the hackers that threaten our digital landscape. Tools, platforms and techniques that make it easier to identify and stop hacker activity will always help, but many of the innovations we need are in the processes we use to make our organizations secure. Remember that people are part of this too.

A Time for Optimism: Cybersecurity is Stronger than Ever

Highlights from the Opening Keynotes of RSA 2018

It’s easy to call 2017 a cybersecurity failure. WannaCry alone rocked the digital world to the core. But it was only made worse when we realized that the attack was perpetrated by governments, not individuals or criminal organizations.

But across the board, the speakers of the opening keynotes at RSA 2018 called for optimism. While there is still a lot of work to do and the job of cyber defenders is by no means done, these keynotes highlighted that the work they do every day is making a difference.

The Little Things Count

It may not look like it, but the cybersecurity progress that has been made over the last 30 years of RSA conferences is making the world safer.

“Joe, your brilliant deployment of multifactor authentication to stop a massive breach will never make the New York Times,” said RSA president Rohit Ghal.

That is the danger of cybersecurity. The only news is bad news. The best state of affairs is when there is nothing to report. The end of the keynote by McAfee CEO Christopher Young was a video whose mantra was “Nothing important happened today…except everything.”

“We need to shift our focus from becoming perfectly unhackable one day to being a little more secure every day,” said Ghal.

All the little things do add up. Every activity that makes us a little more secure is time well spent, because security is an ongoing battle. There is no silver bullet for security, and while the daily grind may feel like a thankless task, that is how we win.

Adapting to Change

Microsoft president Brad Smith spent much of his talk calling for governments to do more to defend us now that the battlefield has shifted to the cyber realm. We need to view attacks on machines as attacks on people.

“We need a new digital Geneva convention,” said Smith.

WannaCry, which exploited a vulnerability in Microsoft operating systems, had a global impact by shutting down key elements of our society that have come to depend on machines. In the U.K. 19,000 hospital appointments were cancelled because of WannaCry.

But cyber defenders have advantages over the hackers. When hackers find a creative way to breach companies, we can force them to be creative again by closing that vulnerability. Young pointed to the how the air travel industry became more secure over time by adding security measures when would-be attackers tried new techniques

By working together and sharing information we can make the increasingly connected world more secure. Ghal praised organization like the Cyber Threat Alliance and Smith pointed to a new coalition of security companies that have promised to prioritize security.

Turning Awareness into Action

If there is a good side to the “breach a day” cadence of stories coming out about cybersecurity, it is that awareness of cybersecurity issues is reaching board members and executives.

Ghal pointed to a statistic that 89 percent of board agenda have cybersecurity on the agenda at some point. It’s a step in the right direction, but there is more to do.

“The awareness is there, but there is a failure to turn that awareness to action,” said Young.

There needs to be a cultural shift in the approach to cybersecurity. In addition to the incremental progress of small gains, everyone needs to take responsibility for cybersecurity. There are signs of progress on that front across the industry with the adoption of DevSecOps, which pushes cybersecurity to the beginning of the development process.

The gains from baking in cybersecurity from the start cannot be matched by the “bolted-on” approach we’ve taken in the past.

Incremental success is a hard story to tell. It’s a lot easier to focus on the disasters of cybersecurity like WannaCry, but the truth is that there is a reason for optimism. For every attack that we hear about, there are hundreds or thousands that defenders stop dead in their tracks.

The hard work of cyber defenders may be a thankless task, but it’s working and it’s making a difference.

+++++

Check back tomorrow for the next blog in this series live from RSA where we’ll have insights from our panel of industry experts.

AI Won’t Take Over Corporate Communications, But It Can Help

A workplace revolution is underway across most industries, and robots and artificial intelligence (AI) are at the center of it. Machine learning and automation are becoming deeply integrated across all aspects of the way we live and work. As the promise of AI threatens to replace human drivers, factory workers and cashiers, which industry is next?

There’s been discussion of corporate communications being replaced by automation and robot writers once and for all. I say, no way. Compelling, effective public relations is not possible without emotional intelligence and human trust. Here are four reasons why human communications professionals won’t be replaced by AI anytime soon.

At its core, content is about human relationships.

The best marketing creates and builds relationships between brands, consumers, customers and journalists based on trust and respect. This is increasingly important as journalists and consumers are inundated with information and overloaded with posts and messages on social media. Reporters need sources to deliver truthful, compelling and relevant stories. In a time of skepticism for news, we need to do more to drive trust and empower journalists to work with real, true sources — not AI technologies or robots that can be programmed to manipulate. Emotional intelligence is at the core of strong relationships.

Understanding reporters requires human intelligence.

Reporters and editors are being asked to take on expanded roles and write a greater number of stories in the 24-hour news cycle. They have no time to waste and communications strategies must adapt to meet their needs.

For those on the front lines of companies, the issues we encounter every day are different and require varying approaches. Real relationships with reporters are critical in verifying the truth and getting attention. Companies need to understand what journalists care about, what their readers want and what is new and different.

Indeed, robots could — and technologies exist that do — analyze what a reporter covers to capture key phrases and generate an email. Reporters can see through this and it often creates more noise than value. Developing a unique angle, tying your company news to a bigger industry trend or sharing an unusual statistic requires creativity, context and human intuition. This deeper understanding goes beyond commands and keywords.

Creativity is best done by humans.

Last year, Google financed a new project in Europe called Radar, aimed at automating news writing. There are existing technologies that automate press release writing as well, and that’s a good thing because they are becoming less important. In fact, having a robot create press releases would free more time for humans to develop creative and impactful stories.

The best marketing elicits impact, humor, attention and value. Sweden listed its entire country on Airbnb as a tourism stunt last year. A few years ago, millions of people poured buckets of ice on themselves to raise money for ALS. Robots won’t be pulling off this level of creativity anytime soon and here’s why: In order to make humans care about something, you have to understand the human psyche.

AI can make communications better with humans.

Brands and marketing professionals need not fear automation and AI because these technologies are proving to play important, helpful roles. Numerous tools are available that allow us to connect with audiences. Tools like BuzzSumo, Zignal and TrendKitecreate valuable insights and can measure reach and impact of company messages and direction for future engagements. Hashtag and keyword tracking programs like Keyhole enable monitoring for trends, brands and competitors in real time, so companies can communicate quickly and efficiently. Conversational language companies like Narrative Science use analytics to create data-driven stories about a company or industry. Using AI and automation tools can replace mundane and time-consuming tasks that provide more time to focus on creative and contextualized story angles.

Humans are essential for telling creative stories, developing buzzworthy ideas and communicating effectively. AI and automation play an important role, but those technologies have their limits. At the core, marketing and communications develop important relationships that cannot be replaced or mimicked by technology.