Living in a Cyberworld Big Party Issue 19 E

Home , Ben Cherington, Spago

TALENT + LEADERSHIP + TALENT LIVING IN A CYBERWORLD BIG PARTY ISSUE 19 E. C. Publications, C. E. Inc. © S BRAZIL’ EVIL IS EVERYWHERE IS BITCOIN FOR REAL? IS BITCOIN

Spy vs. Spy TM & WAR ON CYBERTERRORISM WAR

US / CAN / US

$14.95

KORN FERRY BRIEFINGS VOLUME 5 2014 www.KornFerryBriefings.com 14/12/2012 16:20 +1 310 472 1211 l dOrchEStErcOLLEctiON.cOm | LOS ANGELES ANGELES LOS . US. diSE. CALM ir EL BEL-A OF hiBiSc hOt ENt . thE WhiSPEr . APE. E ESc rA ridGE. A hiddEN PA NS. thE Sc NS. OUt EAth PLEt cOm AN OASIS OF icONic B AN A LONG Br A LONG OF FOUNtAi thE HBA_AD_8.125x10.875.indd 1 KORN FERRY BRIEFINGS ON TALENT + LEADERSHIP

Gary Burnison Chief Executive Officer Michael Distefano Chief Marketing Officer Joel Kurtzman Editor-In-Chief

Creative Directors Robert Ross Roland K Madrid Marketing and Circulation Manager Stacy Levyn Project Manager Tiffany Sledzianowski Web Comm. Specialist Edward McLaurin

Contributing Editors Chris Bergonzi LivingLiving in David Berreby in Lawrence M. Fisher Victoria Griffith Dana Landis Stephanie Mitchell Christopher R. O’Dea aa P.J. O’Rourke CyberworldCyberworld Glenn Rifkin Stephen J. Trachtenberg Adrian Wooldridge

Board of Advisors Sergio Averbach Stephen Bruyant-Langer Cheryl Buxton Dennis Carey Bob Damon Joe Griesedieck Robert Hallagan Katie Lahey Byrne Mulrooney Indranil Roy Jane Stevenson

ON THE COVER Illustration by Peter Kuper SPY vs. SPY TM & © E.C. Publications, Inc. Courtesy of MAD Magazine Visit: www.madmag.com

• From the CEO 16 24 • The Latest Thinking • Predictive Analytics Is it Spy vs. Spy Profile: General or Me vs. I? Michael Hayden 1 7 3 5 4 2 8 9 6 11 17 13 31 12 71 21 51 15 41 14 19 16 18 61 37 27 32 33 23 57 47 35 67 25 10 22 53 39 36 62 38 43 55 63 26 28 29 59 45 65 65 56 58 72 54 69 49 52 66 46 64 48 20 50 24 42 34 70 40 30 60 19 44 aaCyberworldCyberworld

30 42 52

44 • In Review

34 60 • Parting Thoughts

Fighting Is Bitcoin Q&A: Wolfgang Puck World Cup:

Digital Wars for Real? Bugs in Boardroom Makes People Happy Is Golf in Retreat? Brazil’s Big Party 1 7 3 5 4 2 8 9 6 11 17 13 31 12 71 21 51 15 41 14 19 16 18 61 37 27 32 33 23 57 47 35 67 25 10 22 53 39 36 62 38 43 26 55 63 28 29 59 45 65 65 56 58 72 54 49 69 52 66 46 64 48 20 50 24 42 34 70 40 30 60 44 1 “The GARY BURNISON leaders must Leadership in the Cyberworld: have an When That Late-Night answer.” Call Comes In

othing good happens after midnight. When your home phone rings, star- tling you at that hour, you automatically Nleap to a worst-case scenario, as you take an instant mental inventory of your life: Where is everybody? Are the kids at home? Did someone die? The same thing happens when a CEO gets a call off-hours or on the weekend. When the caller ID is the corporate attorney’s number, you can count on it being a problem so big, it can’t wait until the next morning. In my career as a CEO, I’ve had nine of those calls. I can recall every one of them. Despite what some people may think, all organizations face their share of challenges and even the occasional crisis. The larger the organization, the more likely it will face a problem—somewhere in the world. Look no further than what General Motors is going through because of faulty switches in cars manufactured nearly a decade ago, which are now being recalled—and causing PR and legal headaches for the automaker’s current leadership. Today, life in the cyberworld has made for some insidious situations that come, seemingly, out of no- where. Late last year, a massive data breach at Target affected tens of millions of the retailer’s customers after credit card, debit card and personal information was stolen. Every day, 800,000 new pieces of malware, mali- cious software designed to cause harm, are discovered. Among the latest threats is Heartbleed, which is making pulses pound with panic because of vulnerability in encryption code used by many popular Web sites—and not just social media. Regulators have told banks to plug the Heartbleed hole. Makes you wonder the next time you use your smartphone to transfer money out of your account. Is someone else doing the same—with your money? Those ubiquitous devices we use to surf, search, post, comment, fan and fave—so indispensable,

192 BRIEFINGS FROM THE CEO THE FROM

we spend a full two years of offensively or defensively. The our lives staring at those little leader weighs the options of screens—suddenly make us all possible solutions—while feel vulnerable every time we taking into account all the per- log in (or attempt to change mutations. Strategizing means a password). Just watch the preparing for the worst-case sce- average airport security line, nario—with alternatives when where the conveyor belt looks there are further “surprises” on like a sidewalk sale at Best Buy, top of the unexpected. It’s not and spot the passenger who enough to have a Plan B. suddenly can’t find her iPhone or his Android. It’s a While cybersecurity is a relatively new entry on mad scramble until device and owner are reunited. the list of all the things a CEO must worry about It’s worse than losing your wallet. these days, the response to it boils down to timeless The risks of cyberattacks have never been leadership principles. As a CEO, you are always greater—or more common. going to face new challenges. Your leadership, in In the late summer of 2012, I was enjoying a fact, will be defined by how you lead through the quiet evening at home after a hectic schedule of most difficult times—for you and your organiza- international travel, when I received an urgent call tion. Clarity and confidence come from prepara- from our corporate counsel. At that time of night, I tion, from knowing what you will do and how you knew this wasn’t going to be good news. I was right, will respond when that call comes in—long before unfortunately. Korn Ferry had been the target of a the phone ever rings. cyberattack. For that reason, we focused much of this issue “What?” I nearly shouted into the phone. of Briefings on Talent & Leadership on the cyberworld “We’re under cyberattack.” – its malevolent underbelly, This rapid-fire exchange that is. In this issue, we inter- Gary Burnison went on for 30 seconds, as I is CEO of view Gen. Michael Hayden, a wrapped my brain around what Korn Ferry and former director of the National was happening. Then it was author of the Security Agency. The NSA is at time for action. new book LEAD the center of controversy with  LEADthebook.com When the unthinkable oc- revelations that it has been curs, there’s no time to lose. The listening in on conversations leader must trigger a launch sequence of response in held around the world. But it is also the subject of accordance with leadership principles that were de- a security breach of its own, as the story of Edward fined long before a call comes in. The more mentally Snowden indicates. This creates a new tension—the prepared a CEO is for how to respond “when that call watcher who is being watched. comes,” the more confident and clear the leadership David Berreby’s article, “Is it Spy vs. Spy or Me vs. in a crisis. I?” sums up that dichotomy clearly. In the new world A CEO is always going to face unfamiliar prob- of digital vulnerability, all of us play more than one lems and be put in tough first-time situations. Simply role. We are defending our privacy while organiza- stated, there is always going to be something that you tions we directly or indirectly support might be haven’t faced or dealt with before. Good leadership, taking it away. though, adapts; applying previous experiences and This issue also looks at Bitcoin, the controversy lessons learned to the newest challenge (the essence surrounding it and the mystery of who started what of learning agility, which Korn Ferry considers a key is rapidly becoming a global currency. predictor of leadership success). There is more to this issue than cybersecurity During business hours or off-hours, onsite or and new currencies. We also look at Wolfgang Puck’s offsite, on the job or on vacation, a CEO is always culinary empire—and the attention he pays to the “on.” The buck stops on the leader’s desk. Even when experience of dining. We also examine new ways of a CEO is caught off guard on a Sunday night, he/ hiring relying on analytics and Brazil’s preparations she can’t say, “I don’t know.” The reality is the leader to host the World Cup. must have an answer. Leaders and their teams must Even in this world of Spy vs. Spy, we are certain be adept at setting and executing strategy, whether this issue of Briefings will surprise you. 

TALENT+LEADERSHIP 3 Great potential, ignited.

We design, build, attract and ignite greatness. At every level of an organization, there is potential for leadership, growth and knowledge. We have the tools, research and know-how to turn potential into momentum.

4 Analyzed. Nobody Set the Great Optimized. understands pace, or performance, Propelled. talent better. fall behind. ignited.

Today more than ever, Decades of practical We help organizations Discover what we could it is talent that propels experience and engineer themselves to do for your organization: the most successful pioneering research ensure they are driving www.kornferry.com. businesses. But what have given Korn Ferry optimum performance propels that talent? unparalleled insight into from their people. every critical area of talent management.

5 Tech Boards: Where Are the Women?

a curious paradox: Technology companies are It’s some of the most innovative businesses in terms of strategies, products and services, but are among the least progressive when it comes to the number of women serving on their boards of directors. MARIA CORTE MARIA

THE LATEST Illustration:

6 By Julie Cohen Norris, Jeff Hocking and Scott A. Coleman

echnology, which used to be a discrete and limited sector of the economy, has Tbecome a crucial component of virtually every aspect of day-to-day business The idea operations. Companies that five years ago would have said technology was tangential that boards to their business would today acknowledge that tech expertise is as essential to their should overall success as finance or marketing are. This realization has led boards to recruit not be the directors with backgrounds in social media, e-commerce, technology infrastructure exclusive and cybersecurity. A grasp of technology will be a baseline requirement for the next domain of generation of board members. fair-skinned But what about diversity? The idea that boards should not be the exclusive domain men has of fair-skinned men has gained support, not just because it’s good public relations to gained project the image of a model corporate citizen but because of studies that have proven support...

7 the value of diversity, in particular the inclu- were collected in June 2013; only 10 boards were sion of women. without women as of December 2013.) Twelve Tech And yet, many tech companies don’t seem 100 companies have three or more female board to be getting the message. members. In the KFMC100, 37 companies have three Of the 980 corporate directors serving Tech or more female directors. 100 companies, only 14.6 percent were women. What can technology companies do to address In contrast, women hold 20 percent of board that disparity? Observation alone won’t lead to seats in the KFMC100 (the largest companies by change. Boards must identify and remove the bar- market capitalization in all sectors). Further, riers that exclude women directors. Only then will 16 of the Tech 100 boards had no female direc- they tap the pool of talented female executives who tors; only one KFMC100 board was all-male. (Six wish to further their careers and put valuable skills tech companies added women after our data and experience to good use. MARIA CORTE MARIA

Illustration:

8 THE TECH 100: SNAPSHOTS

A PAUCITY OF TECH BOARD FEMALE DIRECTORS DEMOGRAPHICS

LACK OF REPRESENTATION. As of July 2013, GENDER. There are 143 women out of 980 16 of the 100 largest technology companies total directors, or 14.6 percent, well below the had no women directors at all, a stark contrast 20 percent of KFMC100 board seats held by with the KFMC100, which had only one board women. with no women. At the same time, there are 12 Technology 100 boards with at least three AGE. With an average age of 61, Tech 100 women members. directors are younger than those in the KFMC100, whose average age is 65. Female tech LACK OF ALIGNMENT WITH CUSTOMERS. directors are younger still, with an average age Of the 16 technology companies with no of 59. female board members, three (Activision Blizzard, Leap Wireless and Sprint) target TENURE. On average, a Tech 100 director consumers directly—and a significant portion has served nine years, compared with eight of their customer base is women. Note: years for those in the KFMC100. For female tech After the data for this report were collected, directors, average tenure is seven years vs. Activision Blizzard and Sprint announced the nine for male tech directors. election of a woman to their boards.

RECENT DEVELOPMENTS FEW WOMEN IN BOARD Slow pace of change. Of the 91 directors LEADERSHIP POSITIONS joining Tech 100 boards in the 12 months ending June 2013, 16 were women, bringing CEOs. Six women are CEOs of the Tech 100 the proportion of female directors up slightly companies; three also chair the board. to 15 percent total. Between July 31, 2013, and December 2, 2013, an additional 15 women LEAD OR PRESIDING DIRECTORS. joined Tech 100 boards. Five women hold the title of lead director or presiding director. Profile of new women joining boards. The age range of women joining boards for the COMMITTEE CHAIRS. 12 months ending July 31, 2013, is 49 to 62, with Fifty-seven women chair board committees: an average age of 54. They are from a variety of industries and functional backgrounds. • 18 nominating/governance committee chairs Untapped talent out there. There are 15 • 17 audit committee chairs female chief financial officers (CFOs) in the • 16 compensation/human resources Tech 100. Of these, seven are not yet serving committee chairs on an outside board, suggesting boards • Two finance committee chairs haven’t tapped many valuable sources of • One of each: Compliance and Risk, expertise. Corporate Relations, Business Conduct, Acquisitions Julie Cohen Norris is a Senior Client Partner for Korn Ferry’s Global Technology Market and a member of the Board and CEO practice, based in the Firm’s Boston “See The Bottom Line: Corporate Performance and Women’s Representation office •Jeff Hocking is a Senior Client Partner for on Boards (2004–2008)” from Catalyst, and Gender diversity, Korn Ferry’s Global Technology Market and a member of a corporate performance driver from McKinsey & Co. the Board and CEO practice, based in the Firm’s San Francisco office. • Scott A. Coleman is a Senior Client Partner for Korn Ferry’s Global Technology Market specializing in mobile devices and operating systems, consumer electronics and unified communication services. He is based in the Firm’s Atlanta office.

9 STORY BY GLENN RIFKIN ILLUSTRATIONS BY CARLO GIAMBARRESI BIG DATA, PREDICTIVE ANALYTICS AND HIRING

“When the numbers acquire the significance of language, they acquire the power to do all of the things which language can do: to become fiction and drama and poetry. And it is not just baseball that these numbers, through a fractured mirror, describe. It is character. It is psychology, it is history, it is power, it is grace, glory, consistency, sacrifice, courage, it is success and failure, it is frustration and bad luck, it is ambition, it is overreaching, it is discipline. And it is victory and defeat, which is all that the idiot sub-conscious really understands.”

—Bill James, The Baseball Abstract

10 Numbers Never Lie URING THE WINTER successfully by Oakland A’s General Manager Billy BIG DATA, of 2012-2013, the Boston Red Sox Beane for more than a decade. Unlike Oakland, a faced a monumental challenge. The small-market team with limited financial resources, PREDICTIVE ANALYTICS team was coming off a last-place, the Red Sox could spend as much as they wanted. 69-93 train wreck of a season that had But by focusing on these types of players—backed by AND HIRING Dsent its fervent fan base into paroxysms reams of analytical data compiled by his front office of anguish and left many empty seats at Fenway team—Cherington believed the whole would be much Park after a decade of sold-out games. The Red Sox better than the sum of its parts. And as even casual ownership was well aware that its vaunted brand was sports fans know, the strategy paid off. The 2013 Red fraying at the edges and that Red Sox Nation would Sox shocked all of baseball by rising from worst to first have little patience with multiple rebuilding seasons and winning the World Series, its third championship ahead. Entrusted with the task of building a competi- in a decade. The outcome surprised the baseball pun- tive team for the 2013 season was the Red Sox’s young dits and Las Vegas gamblers, and proved, among other General Manager Ben Cherington. things, that hiring analytics was a potent method for The temptation to sign high-priced superstars measuring talent. was great. Big names bring excitement and hope. They sell tickets. For Cherington, however, that strategy was anathema. In August 2012, in fact, he had shed more than $270 million worth of payroll when he traded superstars Adrian Gonzalez, Carl Crawford and Josh Beckett to the Los Angeles Dodgers. Rather than creating a dynasty in Boston, those monster contracts had become expensive boat anchors helping to sink the team and its future HIRING BY ALGORITHM fortunes. Instead, Cherington employed his own IG DATA, the hottest addition to the version of predictive hiring analytics to find and sign corporate lexicon, has moved well beyond a group of what the press labeled “complementary” Bthe baseball diamond, across the business players, productive but generally unheralded players spectrum into the world of hiring and talent manage- who might perform just well enough to make the Red ment. “For more and more companies,” a recent Sox contenders again. Among those he signed were Wall Street Journal article reported, “the hiring boss Shane Victorino, a speedy, talented outfielder; Mike is an algorithm.” Napoli, a slugging first baseman; Jonny Gomes, an The use of predictive hiring analytics is surging. average outfielder; David Ross, a backup catcher; and In a time of corporate belt-tightening, the cost of a Koji Uehara, a relief pitcher who had done little to failed hire is too great to ignore the potential benefits distinguish himself in his years in the major leagues. of these new methods. Corporate giants, including Cherington wanted players with specific talents, Google and Sears, are embracing the power of data solid but unspectacular statistics, and that crucial and analytics to vastly improve the success rate in but difficult to quantify locker-room presence that talent acquisition and retention, and the days of the might produce the needed chemistry to field a winner. traditional job interview are rapidly disappearing in It was a strategy reminiscent of those described in the rearview mirror. Moneyball, the famed Michael Lewis book that profiled Consider the realities of finding and retaining top the “sabermetrics” created by Bill James and employed talent. Survey data from the Corporate Executive

11 Numbers Never Lie 11 Board, an advisory firm, revealed that nearly a quarter manufacturer, an internal candidate was pitted of all new hires leave their company within a year of against an external prospect. The external candidate the start date, according to a 2013 article in Atlantic interviewed impressively with the board and became Monthly. Younger workers are no longer viewing a job the front-runner. But when he was put through the as a lifetime commitment, and most are constantly simulation exercises, “he turned out to be an empty on the lookout for a better opportunity. Thus any tool suit,” said Crandell. “He could talk a good game, but that helps identify a better hiring decision is going in action, he didn’t know how to execute.” In the past, to be invaluable. Gartner, the research firm, predicts he likely would have been hired, with dire results. The that data will grow by 800 percent over the next five internal candidate performed far better on that simu- years. Search firms such as Monster Worldwide and lation and ended up with the job, which he performed Korn Ferry are incorporating predictive analytics into superbly, guiding the company through difficult their recruiting activities. patches and turning around the business. According to Dr. John Sullivan, a Silicon Valley-based Perhaps more important in this move toward Big human resources expert, analytics are superior because Data is the ability to analyze and understand the traditional HR metrics “are overly simplistic in that they information that is being gathered. Many organiza- merely report what happened last year. Analytics are tions are doing all types of assessments, but what superior because they analyze past and current data and comes out of the graphs, bar charts and numbers? “It’s reveal patterns and trends” for the future. very difficult to make sense of it,” Crandell said. “It is In truth, measured talent assessment is not new. critical that the results are made clear immediately. “This sounds really different, but in many ways it is What is all this telling you about the kinds of deci- something that the field of industrial psychology has sions you need to make?” been doing for the past 50 years,” said Stu Crandell, senior vice president at Korn Ferry, the global talent management firm. Corporations since the 1950s have used personality and aptitude tests to enhance the interviewing process. But the advent of more sophisticated digital technology has vastly increased the effectiveness of these assessments. According to Cran- dell, the underpinning of any successful search effort SHOPPING AT SEARS is the assessments that are built upon the research T SEARS Holdings Corporation, the and data, and the current wave of predictive analytics $36 billion retailer with more than 230,000 is only as good as those assessments. Aemployees, the move to predictive hiring “We have developed and improved assessments— analytics over the past two years is paying dividends. which range from online self-assessments to simula- According to Dean Carter, chief HR officer, Sears has tion—to interview techniques and integrated all a rich history of pre-employment selection that dates those into algorithms,” Crandell said. “More and more to the 1960s. Its current hiring analytics, however, go companies are now trying to get on the bandwagon well past its traditional techniques. Sears has multiple of analytics by saying they have online cloud-based efforts on this front, but its two primary targets are analytics for predictive hiring, but often it means retail sales staff and executive-level hiring, opposite they’ve just developed another online personality test. ends of the corporate ladder. You have to be careful about sifting through a lot of For Sears, which is in the middle of a major transfor- bad data that is out there.” mation in an attempt to return to profitability (Sears lost That said, Crandell believes that the simulations a staggering $1.4 billion in 2013), the company is trying made possible by technology are a key talent indi- to move from a traditional retailer to one that focuses cator, especially at the most senior levels. “We get to on “members” who join its Shop Your Way rewards see how someone does in action,” Crandell said. “How program. Part of this overhaul is the corporatewide well do they influence that authority? How well do introduction of predictive hiring analytics. they think strategically? Can they coach and develop? Sears hires between 140,000 and 160,000 retail This goes beyond what they tell us in an interview. sales representatives each year, a large number of Can they actually do it?” those brought in on a seasonal basis during holiday For example, in one Korn Ferry search for a crushes. With 6 million applicants a year, Sears had to new CEO for a Midwestern industrial equipment find a way to improve its methods.

12 Numbers Never Lie

Sherry Nolan, head of talent acquisition, and Don competencies they brought to a particular position. Moretti, head of analytics for talent acquisition, were Was someone especially resilient or good at strategic tasked with incorporating sophisticated analytics thinking? Are they adept at leading a turnaround? into the hiring process. Under the new system, By creating a baseline measure for successful current prospective employees fill out an online application, executives, “we might end up with a higher predict- which includes a retail tech simulation test. In this ability of someone being successful in our organiza- video game-like simulation, an applicant encounters tion,” Nolan said. a real, interactive sales scenario and must sell to a The result is a “really good road map for us” as a variety of customer types, from the angry, impatient candidate is going through the interviewing process. customer to the maddeningly indecisive shopper. Nolan calls it the “art and science” of interviewing, Navigating through the 35-minute process is actually which is based on the idea that it is possible to predict fun, according to Nolan, and improves the candi- whether a prospective executive will enjoy working at date’s job-seeking experience. More important, it in- Sears, especially during a stressful transformation. troduces potential employees to the reinvented Sears. Carter says Sears Holdings is a “moving target, Candidates are given an opportunity to join Shop and as we move and change and adapt, the things Your Way, the customer loyalty program, and even if that make someone successful move and change they are not hired, they may become Sears customers. as well.” Part of the mandate for HR is to find the Sears has established a “talent hive” of more than profiles that “are going to help us be successful 2.5 million prospective employees and found a way tomorrow. So the elements we used three years ago to generate revenue from the process. aren’t nearly as relevant today as they were then,” “The first thing we did was to redefine the way Carter said. “We continually have to look at the our test questions were weighted and defined,” Nolan elements and test and retest because what meant suc- said. “Most retailers focus on work orientation and cess three years ago certainly isn’t necessarily going reliability. ‘I’ll show up. I won’t steal,’ that kind of to mean success three years from now.” thing. But that is just a basic price of entry, and you won’t maintain employment if you are stealing and showing up late every day, anyway. So we shifted our weighting to be about customer orientation and digital savviness. Can you use tools like iPads and tablets to communicate with your customer? And ultimately, we focused on their selling ability.” This simple reweighting of the assessment cut the number of candidates that eventually would be passed on from 90 percent to less than 60 percent, thus reducing time and cost in the hiring process. The company hires more than 30,000 temporary workers during holiday seasons, and a process that once took three months is now streamlined down to 35 days. More importantly, using analytics on temporary hiring for the first time seemed like common sense. “We said, ‘Why would we want our most precious selling days to be entrusted to associates who we didn’t feel were our best?’ ” said Nolan. The result was a significant uptick in the quality of service and customer satisfaction during the most recent holiday season. Equally important for Sears is enhancing its talent management at the division vice president level and above. According to Moretti, external candidates for executive positions are measured against the Sears leadership model, which identifies 14 to 17 desired competencies. Nolan and Moretti tested some of the company’s best current executives to understand the

13 13 GOOGLE LEADS THE WAY

T GOOGLE, the HR function is called “People Operations,” and under Laszlo Bock, Athe leader of that organization, Google Google has become the gold standard for hiring analytics. Indeed, all hiring at Google is based on data and candidates analytics and is guided by a “people analytics team.” Given its meteoric growth—from its founding just have a far 15 years ago, the company has 45,000 employees and is now the world’s second-most-valuable company better hiring with a market capitalization of nearly $400 billion— Google is clearly focused on finding and hiring the best and the brightest. experience. According to John Sullivan, the human resources expert referenced earlier, Google’s workforce produc- And Google tivity is off the charts. Reportedly, on average, each employee generates nearly $1 million in revenue and has never $200,000 in profits each year. It would appear that Google’s commitment to its unique talent management methods has paid off. wavered from Bock told The New York Times that Google deter- mined that “G.P.A.’s and test scores are worthless as embracing a criteria for hiring. We found they don’t predict anything.” Instead, Google has focused on ways to use smart people data to measure leadership skills, cognitive ability, humility and ownership. who are Working under analytics guru Prasad Setty, Tina Malm is a people analytics manager who has been with Google for nearly seven years. With a Ph.D. in excited to do industrial organizational psychology, Malm heads a team that focuses on staffing analytics with the cool things. aim of introducing more data, analytics and science into the hiring process. Beyond removing much of the gut-feel and guesswork from the hiring process, Google has four key goals: • Using analytics to expand the candidate pipeline a different role. “We don’t want to lose out on these and bring more talented people into that pipeline. great candidates, especially if it happens for these • Using analytics to improve decision making and wrong reasons,” she said. identify the best candidates. The people analytics team created a systemic • Making the candidate experience remarkable. approach to reviewing rejected candidates and Every candidate should have a “magical” inter- established metrics for scoring the resumes of view experience and a “magical” hiring process. prospects who were turned away. From this, a new • Making the hiring process fast and efficient. list of candidates is created and shared with internal According to Malm, Google receives 2 million recruiters, staffing teams and hiring managers to resumes every year. “And even though we have a very decide whether to call back these candidates for an thorough and rigorous hiring process, sometimes open role. In other words, at Google, “don’t call us, strong candidates who would be a great fit don’t get we’ll call you” is not just lip service. According to hired,” Malm said. A candidate might have a single Malm, the system has generated more than 20,000 bad interview, or the position might have already return visits for rejected candidates since 2012. been filled, or the candidate might be a better fit in Google has also incorporated best interviewing

14 Numbers Never Lie

practices through research. First, it cut down its data. But it is broad but not deep.” Crandell said. onerous 12-interview process to no more than four “We have data about people’s capabilities on a whole for non-technical jobs and five for technical jobs. Not range of competencies—strategic thinking, coaching, only was this process incredibly stressful for candi- leading others, building a team, as well as personality dates, but having studied every interview ever done attributes and leadership style—that is much deeper at Google, the group found patterns of predictability and thus more effective.” that changed the company’s outlook. And what about the human touch? Tom Daven- “We found something surprising,” Malm said. port, a professor of management at Babson College “Our most predictive interviewer was actually the who has written several books on Big Data and wisdom of the crowd. In other words, we didn’t find analytics, said, “Analytics are a transformative force that any particular interviewer group, like senior of our age. It turns out they improve decision making Googlers or longtime employees, were better at iden- in all walks of life—not by a huge amount, but there tifying who we end up hiring. It is really the average is a little edge to be gained everywhere. In some areas, score of four interviews.” The wisdom of the crowd humans are still pretty good at hiring, and there was correct 86 percent of the time in picking the best are aspects of the recruiting process that still need candidate, and any additional interview beyond that the human touch. It’s folly to hire someone without added only one percent more accuracy. meeting them and talking to them.” Google also used analytics to revamp its inter- Dean Carter of Sears Holdings agreed. “One of the viewing process, removing brainteasers and similar things we know about this selection process is that if challenges because they didn’t find any connection we went on a purely analytic basis, we’d make very bad between an ability to solve those puzzles and a suc- decisions,” Carter said. “Conversely, if we went purely cessful candidate. Instead, Google identified its best on gut instinct, we’d also make very bad decisions. So interviewers and introduced consistent rating scales somewhere in this, the analytics help us raise the bar and a common set of questions that each interviewer for the pool that we’re looking at, and then we have to must ask. Every Googler who does interviews must use really great interviewing techniques and analytics attend regular training so that they all know what to help us make a better decision.” constitutes a bad answer and what makes a really Even data-centric Google understands the dangers great answer. of relying too heavily on the numbers. “We take data The results are stark: Since 2005, Google has and analytics very seriously,” said Malm. “But data is halved the hiring-process time, and candidates have not everything. It can’t be viewed in a vacuum. We all a far better hiring experience. And Google has never bring unique flavors and personalities into the mix, wavered from its core value: embracing smart people and we have to ensure that our programs, processes who are excited to do cool things, who love solving and interviews stay human.” problems and love to learn and collaborate with How talent management will evolve in the age of others. “One thing that has never changed is how seri- Big Data remains to be seen. But reliance on a resume ously everyone takes survey results here,” Malm said. and a round of interviews, the popular-but-flawed conventional approach, is going the way of the dinosaur. “With these new approaches, the numbers are all there, and you THE HUMAN TOUCH can eliminate the weirdness and REDICTIVE HIRING analytics is not a discrimination that goes into panacea; it’s more a potent tool than a personal judgment,” Bryn- Pmagic bullet. jolfsson said. “If you can get Korn Ferry’s Crandell warned that talent managers lots of quantitative data, you who seek to embrace analytics must be aware of the can really improve the alloca- type of data they are employing in their searches. tion of talent and make people Many companies, he pointed out, are attempting to more fulfilled in their careers use predictive analytics without having the depth and and companies more profitable breadth of data that comes with effective assessments. by having the right people in “Arguably something like LinkedIn has a lot of the right job.” 

15 15

Story by DAVID BERREBY Illustrations by PETER KUPER

17 WE’VE SOUGHT TO FOR AS LONG IDENTIFY OUR FRIENDS AND FOES WITH EVER-

AS THERE INCREASING CLARITY. HAVE BEEN PEOPLE INVENTED FLAGS AND UNIFORMS, HUMAN BEINGS, TEAM COLORS AND CORPORATE LOGOS. THEY’VE TOLD THEIR CHILDREN,

“WE DON’T DO THAT.” THEY’VE EXPLAINED WHO

THE “GOOD GUYS” AND THE “BAD GUYS” ARE IN THE

WORLD, NATION AND NEIGHBORHOOD. AFTER ALL,

WHEN CONFLICT COMES BETWEEN OUR VERSION OF

THE GOOD GUYS AND SOMEONE ELSE’S GOOD GUYS,

EVERYONE MUST CHOOSE, AND SHOW THEIR CHOICE.

ARE YOU FLYING THAT RUSSIAN TRICOLOR, OR

WRAPPING THE GOLD AND BLUE FLAG OF UKRAINE

OVER YOUR SHOULDERS? DO YOU CALL THOSE

DISPUTED ISLANDS IN THE EAST CHINA SEA SENKAKU

OR DIAOYU? IT’S HUMAN NATURE, AND THE ROOT

OF WAR: YOU CHOOSE YOUR SIDE, YOU SHOW YOUR

SIDE, YOU KNOW WHO STANDS WITH YOU. BUT DIGITAL CONFLICT—CYBERWAR— IS DIFFERENT...

HOSE SIDE IS THE CENTRAL of ramen noodles.) Whose side is Google on, when it INTELLIGENCE AGENCY ON, pledges to protect the privacy of its first-rate e-mail W when it snoops on the hard drives of product—but then harvests users’ information from al-Qaeda operatives and (as U.S. Sen. Dianne Feinstein that product to make money? has alleged) on Senate staffers? On whose side is a Yes, every conflict includes people and organiza- young hacker named Wang, when he writes viruses tions who change sides as time passes (as Edward (for Unit 61398 of the People’s Liberation Army’s Gen- Snowden, who’d once opined that leakers should be eral Staff 3rd Department, 2nd Bureau) and writes shot, had done by 2013, when he began the systematic more than 600 posts for a blog about his lousy job? leaks that have revealed so much about U.S. cy- (As the Los Angeles Times’s Barbara Demick has re- berespionage around the world). But in cyberconflict, ported, the themes are poor pay, long hours and lots and cyberlife, many people and organizations seem

19 YES, ACTIVISTS HAVE USED FACEBOOK AND TWITTER TO FIGHT OPPRESSION. BUT IT’S ALSO TRUE, AS THE TECH CRITIC EVGENY MOROZOV POINTS OUT, THAT DICTATORSHIPS HAVE USED THEM EFFECTIVELY.

to be on opposing sides at the same time. This is part AST YEAR’S INFAMOUS BREACHES of what makes it maddeningly difficult to protect of retailer security (such as the holiday-season oneself from digital hazards. After all, a friend (the L attack that stole information on more than government that relentlessly mines data for signs of 110 million accounts from the American discount terrorist plots) may also be a foe (the same govern- store chain Target) depended on malware created by ment that includes your data in its relentless mining). a solitary Russian named Rinat Shabayev, who was Familiar faces feel untrustworthy, somehow—and all of 23 years old. And one reason for the success of that can even include the one in the mirror. the Target attack, as Bloomberg Businessweek reported What is it about the digital world that fosters last March, was that the company apparently ignored this ambiguity? The newness of the technology is a warning from its own security system. If we do not certainly a factor. Eons of evolution have primed us see our enemies in cyberspace, part of the reason is to be afraid of big men with weapons; centuries of that we aren’t used to looking for them. human history have taught us the indicators of ag- Another consequence of the newness of digital gression—angry declarations, troop movements and tools is that—contrary to what you might hear from the like. Accustomed to people locking in their loyal- cyberevangelists—they aren’t yet associated with any ties with symbols and rituals, we are not yet used to particular moral or political commitments in the the idea that a huge amount of damage can be done non-digital world. For all the rhetoric about the In- by someone who just changed his mind. ternet as a driver of freedom and empowerment, the

I KNOW IT’S BIG AND SCARY THAT THE GOVERNMENT WANTS A DATABASE OF ALL PHONE CALLS. AND IT’S SCARY THAT THEY’RE PAYING ATTENTION TO THE INTERNET. AND IT’S SCARY THAT YOUR CELL PHONES HAVE GPS INSTALLED.... BUT BE HONEST, MOST OF US ARE GRUDGING PARTICIPANTS IN THIS DYNAMIC. WE WANT THE CELL PHONES. WE LIKE THE INTERNET....”

— DAVID SIMON, CREATOR OF THE WIRE

fact remains that its resources are useful to all sides countries receive the lowest ranking, ‘authoritarian,’ in the world’s political struggles. Yes, activists have in The Economist’s 2012 Democracy Index,” the used Facebook and Twitter to fight oppression. But Citizen Lab post noted. (Hacking Team denied that it’s also true, as the tech critic Evgeny Morozov points they sell their tools to repressive regimes; Citizen Lab out, that dictatorships have used them effectively. For stood by its claims.) example, he notes, during massive street protests in Of course, if a tool is morally neutral, we can’t Iran in 2009, government agents used Facebook to blame it when it’s used for bad ends any more than check on the political affiliations of people entering we can praise it when it’s used for good. That, the country. ultimately, is the most important fact about the Then there’s the Milan-based firm called Hacking ambiguity we sense in the cyberworld. It comes from Team. It sells a powerful spyware tool called Remote us, not from the technology. It is a consequence of Control System (RCS)—which can capture e-mails the fact that the cybertools we use both benefit and and Skype activity, as well as other data—to govern- trouble us, often in the same instant. ments. That’s an asset for democratic governments We who are Googled by prospective mates, pro- protecting their citizens against cybercrime and ter- spective employers, enemies from summer camp, and rorism. But last winter researchers at the University on and on, also Google. Who wouldn’t want to know of Toronto’s Citizen Lab said they had found traces of if a potential hire had been arrested or made bizarre RCS on computers in Azerbaijan, Colombia, Egypt, statements on Twitter? We who are monitored by Ethiopia, Hungary, Italy, Kazakhstan, Malaysia, those who seek to predict our behavior, we also Mexico, Morocco, Nigeria, Oman, Panama, Poland, monitor others (with apps, with nanny cams). For ex- Saudi Arabia, South Korea, Sudan, Thailand, Turkey, ample, Verizon Communications now offers its cus- United Arab Emirates and Uzbekistan. “Nine of these tomers a “new tool to help parents set boundaries for

22 children,” called FamilyBase. For $5 a month, it gives Schneier wrote this year. “True, we wouldn’t get parents a complete a report on all activity on their the same level of access to information flows children’s phones—calls, texts, apps downloaded, around the world. But we would be protecting time spent talking and the times of conversations. the world’s information flows—including our Few are the parents who high-mindedly say they own—from both eavesdropping and more dam- don’t want, and shouldn’t have, such information. aging attacks.” To do that, though, we would have We who resent being spied upon by the state also to decide that we were on the side of the targets endorse the state spying on other people. (The rule of cyberweapons, not the side of the users of such seems to be: “I, in my glorious individuality, am un- devices. And that’s a commitment no government predictable but righteous, but please do use Big Data seems prepared to make. analytics on those other people to predict who will Late last February the journalist Quinn try to blow up a plane next year.”) Norton attended a workshop on identity at the As David Simon, the creator of the television Office of the Director of National Intelligence program The Wire, put it: (ODNI). That was, as she wrote later, an unex- “I know it’s big and scary that the government wants pected decision. As a writer on hackers and hacker a database of all phone calls. And it’s scary that they’re culture, with plenty of contacts in that world, she paying attention to the Internet. And it’s scary that your is no friend of the intelligence establishment. A cell phones have GPS installed. And it’s scary, too, that close friend and former lover of Aaron Swartz, the the little box that lets you go through the short toll lane Internet activist who committed suicide last year on I-95 lets someone, somewhere know that you are on in the face of an aggressive federal prosecution the move ... But be honest, most of us are grudging par- for data theft, she stands against everything that ticipants in this dynamic. We want the cell phones. We ODNI stands for. Why did she go? Several times like the Internet. We don’t want to sit in the slow lane at during the meeting, she wrote, she’d heard others the Harbor Tunnel toll plaza.” say that there are bad people and good people in the world. “I realized when I heard this,” she E NEED TO RECOGNIZE THAT wrote, “that I went to the ODNI because I don’t this ambivalence is part of what makes believe in bad or good people.”  W it hard to defend ourselves against digital dangers. Our policies are as divided as we are, as Bruce Schneier, the chief technology officer of the computer security firm Co3 Systems, has noted. The U.S. military, he wrote recently, distinguishes its efforts at CNE (computer network exfiltration, which is the business of bypassing security features on a network so as to spy on it) from CNA (computer network attack, which is sabotage). But the distinc- tion is meaningless, Schneier writes. The only way THE WORLD to do CNE is to use tools that could also be used for CNA. If a piece of malware can eavesdrop without being detected, there is no way to be certain it won’t switch to doing something more harmful once it is IS NEW installed. “As long as cyberespionage equals cyberattack, we would be much safer if we focused the NSA’s efforts on securing the Internet from these attacks,” AGAIN. Profile / GEN. MICHAEL V. HAYDEN

Edward Snowden has likened Gen. Michael V. Hayden to Voldemort, the Dark Lord of the Harry Potter novels, EVILand while that makes Hayden chuckle, he has no kind words for the former N.S.A. contractor, who he says “has done great harm, with almost criminal indifference to its consequences.”

On the other hand, The New York Times once called Hayden “the thinking man’s spy,” and that characterization seems apt. “There is genuine evil in the world, but you do not have to impute evil to everyone who is your adversary,” Hayden says. “The intel guy has a special role because the policy guy will always point to the evil. The intel guy can have a different perspective. I say publicly that I don’t think the deal with Iran is going to work, but I don’t have to demonize the Iranians.”

IS24 EVERY WHERE By Aileen Alexander, Jamey Cummings, and Lawrence M. Fisher

Photographs by Ian Merrit

EVERY WHERE 25 ‘How do I move large amounts of data between a limited number of nodes, all of whom I know, and all of whom I trust?’ There was no requirement for security. Security at that point would have been like saying I need a locked door between my kitchen and my dining room. Now what became of this limited architecture, then known as Arpanet, which linked up a few universities and a few labs, is it took off. The problem is that its architecture implies trust. Security is not baked in, it’s not made to be defended, and now you’ve got the World Wide Web, with limitless nodes, most HEN HAYDEN SPEAKS, of whom you don’t know, a bunch of whom you THE C-SUITE LISTENS, shouldn’t trust, and they’re coming at you.” because he has a resume that demands attention Hayden doesn’t speak fluent Fortran, and and respect: director, Central Intelligence Agency while college students can now major in cyberse- (2006 – 2009); first principal deputy director of curity, the former N.S.A. chief earned bachelor’s National Intelligence (2005 – 2006); and director, and master’s degrees in history from Duquesne National Security Agency (1999 – 2005). University. (He also did postgraduate work For chief executives who still think cyberse- under the Defense Intelligence Agency’s training curity is a matter best left to their technical staff, program.) But he is proud of his liberal arts back- Hayden has a simple message: think again. ground, which he says helps him frame complex “I sit on a lot of boards, and I always start by issues in human terms. It may also account for a asking, ‘Do you have an audit specialist on your colorful use of metaphor, like his description of board? Of course you do. Then why don’t you the World Wide Web. have a security expert?’” Cybersecurity, he asserts, “I’m a liberal arts major; if I get too far into is no longer just about technology. “This is about technology I’ll be making things up,” Hayden says governance,” he says. by way of introduction. “I went to London in the Interviewed at the Washington, D.C., head- ’80s, and I found Soho, and Soho in the ‘80s was quarters of the Chertoff Group, where he is a prin- pretty raw. It was art, it was dance, it was theater, Wcipal, Hayden is affable and candid, with a folksy it was drugs, it was drunkenness, it was prostitu- manner that belies his decades of service at the tion. That’s today’s Web. And yet there were other highest levels of military and intelligence service. sections of London at that point in time that were Hayden says the popular conception that the very safe, far less interesting, actually kind of Web was once safe and has become dangerous dull, but very safe. We can do that.” is wrong. Yes, it’s true that back in the early Ever since it became apparent that today’s Web ’90s, when the World Wide Web and the Mosaic is anything but safe, there have been proposals browser first made the Internet accessible to for a do-over, or a parallel Internet that would in- ordinary mortals, cybercrime was novel, rare and corporate in its design the security this one lacks. primarily the pastime of bright young men with One of the most prominent, appropriately based poor social skills. Yes, today every organization, at Stanford University, is the Clean Slate Pro- every site of any significance, is under constant gram, which its creators say will apply the school’s attack from multiple weapons wielded by diverse “depth and breadth of expertise to explore what actors. But that vulnerability is not by accident; kind of Internet we would design if we were to it’s by design, Hayden says. start with a clean slate and 20-30 years of hind- “It’s not that it was good and then it got bad; sight.” David Clark, a senior research scientist it was built bad,” he says. “Now before my good at the M.I.T. Computer Science and Artificial friend Vint Cerf starts sending me nasty e-mails, Intelligence Laboratory and a leader in the let me elaborate. This thing was invented by development of the Internet in the 1970s, is now Americans, pretty much by Vint Cerf at Stanford, focused on a redefinition of the architectural and he will tell you the statement of work was underpinnings of the Internet, and the relation

26 Profile / GEN. MICHAEL V. HAYDEN of this technology and architecture to economic, early Internet to its knees never went away, and societal and policy considerations. they have been joined by so-called hacktivists, These and other future Internet projects all terrorists of every stripe and simple opportunists. incorporate the built-in security lacking in the Organized crime is a player. State-on-state and original, and test versions in varying states of state-on-corporate cybercrime are a growing con- completion are up and running at multiple sites. cern, as highlighted by alleged Chinese intrusions In contrast to today’s wide-open cyberspaces, into The New York Times, The Wall Street Journal based on trust, these safe nets are informed by a and The Washington Post. siege mentality. They assume constant attack by The risk of internal threats was brought home countless enemies, so they deploy encryption of by the actions of Edward Snowden, the contract mind-boggling sophistication, multiple password employee who leaked scores of classified N.S.A. protocols and other protective measures too documents to media outlets. “The best defense arcane for liberal arts majors to describe. Hayden is knowing what your enemies are up to, before says they will be far less fun than the World Wide they know you know it,” Hayden says. “For today’s Web, and slower, because CEOs, there is also all of those security the challenge of measures take time figuring out who and create latency, that N.S.A. headquarters, Fort George G. Meade and where your dreaded delay between enemies are.” the mouse click and the Ultimately, next page. But they will the identity and be very, very safe. location of all Hayden says he is potential enemies confident that such a safe is unknowable, so Internet will be available most organizations in the future, and that focus on managing organizations and indi- their vulnerability. viduals will readily accept This is the domain speed limits and a rela- of firewalls, soft- tive dullness in return for ware products from rock-solid security, just as companies like many people choose to live in gated communities McAfee and Symantec, and enterprise-level solu- and other neighborhoods far less lively than Soho. tions like Mandiant’s suite of tools and services “It will happen,” he says. But in the meantime, he to deter and contain cyberattacks. Organizations counsels clients of the Chertoff Group that there have deployed waves of cyberdefense, Hayden is much they can do to make their operations says, but even the most aggressively secured safer on the Web we have now. networks have gaps. Vulnerability management is “Clients need a way to understand their level essential, but “it operates in the past,” he says. of risk, so I start with a simple equation: Risk That leaves consequences, which occur in the equals threat times vulnerability times conse- present. Since intruders will penetrate even the quences,” he says, drawing it on a page: best-defended systems, it is essential to contain R = T × V × C those attacks and stop invaders from reaching the Since this is a multiplication, the level of risk most sensitive assets. The challenge for today’s builds rapidly with any increase in one of the companies, which operate in a 24/7 online envi- three variables. Each has no theoretical limit, and ronment, is to develop comprehensive strategies to the best an organization can do is to measure manage consequences without building barriers and manage them. The most difficult to compre- that get in the way of doing business, Hayden says. hend is threat, which has grown exponentially in Perhaps surprisingly, Hayden says he sees the past two decades. some innovative consequence management tools The individual hackers and pranksters who coming from the insurance industry, which is launched the viruses and worms that brought the after all in the business of mediating risk. Insurers

27 Profile / GEN. MICHAEL V. HAYDEN have become more adept at assessing cybercrime security principles from the beginning as integral risks. “This is something government has been components of cloud architecture. Where more very slow and very poor at addressing, but we are sophisticated and costly security solutions are seeing private industry step up to the plate very too expensive for an individual user (or small rapidly. We will see a lot more from that corner.” network), they are more affordable when the costs The history of the Internet, and indeed of all are distributed among a larger group of users.” technology, is that innovation proceeds far more Picking the right cloud provider is critical, rapidly than do policies and practices. The first but Hayden says that is within the capability of personal computers in workplaces came in through today’s IT staffs. “It means asking the right ques- the back door as employees sought to use these tions,” he says. “Where are you going to put my productivity multipliers in their work, leaving data? Will it be encrypted in storage? Will it be systems administrators fuming at the resulting encrypted on the fly?” chaos. 3Com’s Ethernet adaptors enabled networks While cloud customers need not understand of PCs, adding to IT woes, and laptops extended the underlying technologies to use these ser- the enterprise beyond office walls. Smartphones vices, any more than most automobile drivers took computing into the ether, and introduced understand fuel injection or electronic ignition an entirely new set of vulnerabilities. Today the systems, that does not relieve them of responsi- innovation that has staff rushing to catch up is “the bility. Managers still need to take responsibility cloud,” which moves data and applications off local for the governance of data or services living in the servers to far-flung service providers like Amazon cloud. ”The current generation of computer sci- Web Services, CSC and Rackspace. ence graduates totally gets this,” he says. Cloud computing is a tremendous risk and a But he adds that information security officers

“Clients need a way to understand their level of risk, so I start with a simple equation: Risk equals threat times vulnerability times consequences.” tremendous opportunity, Hayden says. Greater need more than technical chops. They have to efficiencies, economies of scale, high-end services see the problem from an enterprise preparedness and—most importantly—reduced costs make the standpoint, not just as a matter of compliance, and cloud all but irresistible to government and pri- they need to understand the importance of ex- vate enterprise. The move to the cloud now seems ternal relationships. They need to appreciate that inexorable, a train that has left the station. But the organization’s reputation is as much at stake as the concentration of data and computing power its data. And they need to be able to communicate in cloud-based systems creates a tantalizing without resorting to jargon and hyperbole. target for cybercriminals and rogue states, and “The single most important qualification in entrusting vital resources to a third party creates a security recruit is the ability to speak English,” potential liabilities for clients for attacks they says Hayden. “If you cannot define and articulate cannot foresee or control. the issues to laypeople, the technical ability alone “The stakes are high and the costs of a mis- won’t serve you.” take particularly grave,” he says. In addition to communication skills, char- But Hayden also sees in the cloud a golden op- acter is high on Hayden’s checklist of essential portunity to build in some of the robust security attributes. “I did the commencement speech at lacking in the World Wide Web, even without an my alma mater, Duquesne University, a few years alternative Internet. “The transition to the cloud ago, as director of Central Intelligence Agency,” gives us a chance to change that flawed security he says. “I told them that the more senior I got, paradigm,” he wrote in The Hill, a newspaper the less I relied on any technical expertise and written for and about the U.S. Congress. “We the more I relied on the things I learned from my can, if we choose to, build in more powerful parents and the nuns in Catholic high school. When you get to a very senior position, it’s more about ‘should’ than ‘could.’ I told the graduates, ‘Everyone got here because they did things right. From here on out, your career is going to be gov- erned by how you decide to do the right things.’ ” Hayden says he and the other veteran intelligence operatives at the Chertoff Group bring to clients a level of firsthand experience and contex- tual understanding that is rare. “We have seen things that they have never seen; our body of experience is something they don’t share,” he says. “It allows us to give them a context that they can’t create for themselves. We were asked by a client once, as Hamas was lobbing rockets into southern Israel, ‘How safe is Jerusalem? How safe is the airport?’ And just by instinct I could say, ‘You’re O.K. now, but if these three things happen, call us.’ We know how things go down there. I won’t claim that I have the same kind of detailed tactical knowledge that I had my last days as director, but people like me can read through the headlines and the news.” “There is genuine evil in the world, but you do not have to impute evil to everyone who is your adversary. The intel guy has a special role because the policy guy will always point to the evil. The intel guy can have a different perspective. I say publicly that I don’t think the deal with Iran is going to work, but I don’t have to demonize the Iranians.” Hayden teaches two classes at George Mason University as a distinguished visiting professor, and he says many talented students are interested in pursuing intelligence work. “I tell them it’s very rewarding, very interesting stuff. You won’t regret it,” he says. Of course, a certain popular cable TV series doesn’t hurt. Hayden says he never misses an episode of “Homeland.” “I love it. People say it isn’t accurate, and yes, almost everything in the foreground is wrong. But the stuff in the background, the tension, the sense of isolation, is absolutely right,” he Aileen Alexander, says. “We got to at- is Co-Leader of Korn Ferry’s tend the third season Cybersecurity Center premiere, and I shook of Expertise, based in Mandy Patinkin’s the Firm’s Washington, DC office. hand. I said, ‘You Jamey Cummings, is know, I also used to Co-Leader of play the director of Korn Ferry’s Cybersecurity Center the Central Intel- of Expertise, based in ligence Agency.’”  the Firm’s Dallas office.

29 30 FIGHTING DIGITAL

WEST POINT’S CYBER INSTITUTE BY GLENN RIFKIN

COL. GREGORY CONTI HAS ONE OF THE TOUGHEST JOBS IN THE U.S. ARMY. AS THE DIRECTOR OF THE ARMY CYBER INSTITUTE AT THE U.S. MILITARY ACADEMY AT WEST POINT, CONTI HAS TO PREPARE THE NEXT GENERATION OF OF- FICERS TO FIGHT A COMPLETELY NEW KIND OF WAR, A WAR WITHOUT BAYONETS, BULLETS OR BOMBS BUT ONE THAT COULD POTENTIALLY BRING A POWERFUL NATION TO ITS KNEES. A WEST POINT GRADUATE WHO FOUGHT IN THE PERSIAN GULF WAR AND EARNED A PH.D. FROM GEORGIA TECH, CONTI WAS CALLED “THE ULTIMATE CYBERWARRIOR” BY LT. GEN. RHETT HERNANDEZ, WHO WAS HEAD OF THE ARMY CYBER COMMAND WHEN HE APPOINTED CONTI TO HIS CURRENT POST. (HERNANDEZ IS NOW RETIRED.)

31 the military, was trying to mount a cohesive effort HOUGHit hasn’t received the kind of to address cybersecurity in a time when threats press attention that the wars in Afghanistan from hackers were growing significantly. Under and Iraq have generated, those at the front Conti, the tiny research center with five employees linesT are clear that a global cyberwar is under way. was recently renamed the Army Cyber Institute Though absent an attack on the scale of Pearl and is now morphing into a major initiative at Harbor, the cyberwar is being waged on a thousand West Point with a broad mission of outreach, fronts by aggressive and unconventional enemies. advice, research and education. Conti said the In 2013, for example, Chinese cyberspies re- center needs to be 10 to 25 times bigger to reach portedly stole plans for a number of U.S. military maximum effectiveness, and he expects the staff weapons and vehicles, including the F-35 Joint to increase to 75 educators, researchers, scholars Strike Fighter jet, often characterized as the most and technical professionals within three years. expensive weapons system in history. Gen. Keith The Army’s cyberwarfare efforts come at an in- Alexander, the head of the U.S. Cyber Command, flection point in world events. The military is in a said the U.S. military is unprepared for such “draw down” era, with two major wars coming to cyberattacks. “What we’re seeing in cyber is going a close and a mandate to cut military spending. At to continue, and it’s going to grow and it’s going to the same time, cultures are colliding in the Army. get worse,” Alexander said after the attacks. “The The current generation of leaders comes from a platform we have today is not defensible.” time when military strategy and leadership was For Conti, being put in charge of the Army’s built upon a deep understanding of conventional cybereducation effort is a natural evolution. At warfare and military engagement. Technical 46, he has a strong technology background and types don’t have a stellar history of success in the has spent much of his Army career in signals armed forces, generally relegated to a support role intelligence, that branch of military intelligence without much hope of promotion to the highest focused on gathering strategic information from levels of leadership. signal sources such as the Internet. In 2006, after “Our senior leaders get the importance of this,” completing his Ph.D., Conti returned to West Conti said. “The news comes up every day, and it Point, where he took over a small cyberwarfare gets worse and worse. There is recognition up and research center. The Army, like other branches of down the force of the implications, but the system DIGITAL FIGHTING WARS is built to grow the best combat Army generals out training and strategy. His job is to incorporate cy- there. In the Air Force, they create the best pilots; berspace capabilities. “There is very rich thought in the Navy, the best ship captains. That is the on how to conduct warfare,” he said. “Some of center of gravity for each of these organizations. these strategies can be applied to cyberoperations So there is a cultural change going on, but things to varying degrees.” For example, if one considers move slowly.” battlefield terrain—whoever controls that bridge Writing in the Small Wars Journal in 2012, wins the battle—there is an application of such Conti, along with two co-authors, said, “There strategy to cyberterrain. is a reason why we don’t place Army officers in As our world has become intractably depen- charge of aircraft carriers. That being said, you go dent on digital systems, the threat of cyberwar has to war with the Army you have, not the Army you grown more alarming. But unlike conventional wish you had. We need to fight to understand the warfare, where the defender has a distinct ad- domain of cyberspace and learn to effectively lead vantage over the attacker, the cyberattacker has cyberwarriors.” all the advantages. The complexity of computer Conti, who recalled using paper maps as re- systems offers those with evil intent the ability cently as the first gulf war, has bridged the genera- to identify a single flaw that can be penetrated to tions enough to have the patient understanding bring a system down or infiltrate highly classified this difficult transition will require. data. A certain type of cyberweaponry may be “We have an inborn ability used just once and then to understand the laws of the never again, leaving a de- physical world,” the journal A CERTAIN TYPE fender helpless in devising article stated. “In order to shoot a defense. an artillery round farther, just OF CYBERWEAPONRY Conti believes the add more powder; to provide MAY BE USED JUST goal is to grow highly cover for protection against ONCE AND THEN NEVER qualified cyberleaders bullets, hide behind a rock. with a solid foundation The laws of physics however are AGAIN, LEAVING A across technology as well counterintuitive in cyberspace. DEFENDER HELPLESS as policy, law, ethics and In cyberspace, our under- psychology. “We have to standing of the ‘laws of physics’ IN DEVISING grow agile leaders who can is turned on its head. A DEFENSE. think strategically,” he said. “Weapons can be repro- “They have to be aware that duced instantly, ‘bullets’ travel at near the speed the implications of their actions can have global of light, destroyed targets can be brought back consequences. They have to understand that we from the dead, and a seventeen-year-old can are building the airplane while flying it. And we command an army. As human beings we are at a have to inspire them to pursue a lifetime of self- distinct disadvantage when thinking intuitively education in this area. Because to stand still is to about cyberwarfare.” be left behind.” To that end, Conti wants to build an interdis- Despite the lure of the riches of Silicon Valley, ciplinary approach to the institute at West Point. technology savants are attracted to West Point, Rather than focus on technology or policy, he is Conti said. They tend to be well-rounded, as are intent on building “a bench of expertise across the most cadets, and looking for a bigger challenge. disciplines.” Scholars will be joined by cyberoper- Conti recalled the awe and admiration with which ations analysts, historians of technology and mili- he held his commanding officer, Gen. Barry tary intelligence, psychologists who specialize in McCaffrey, during Operation Desert Storm. security, social engineers, technologists, experts “He knew everything. He was a highly refined on policy, law and ethics. “We knew that privacy person who had grown to the pinnacle of his and civil liberties were important pre-Edward powers, and he was absolutely the right person Snowden,” Conti said. “We want a democracy, too, to lead that command,” Conti said. “I want to do a safer and more secure nation, but at the same that here. I want to grow that same caliber person. time preserving our liberties as well.” Nothing against the current commanders, but I Conti is also clear that education at West Point am trying to grow people better than us, better will remain ensconced in traditional warfare than me. We owe it to them.” 

33 STORY BY CHRISTOPHER O’ DEA ILLUSTRATIONS BY CHRIS GALL

34 34 FoolFoolss GoldGold oror thethe RealReal Thing?Thing? ' 35 starts the same way. A cry of delight upon discovering precious metal—unbounded riches for the taking. Then the rush—a vanguard grabs what it can, word spreads, and soon a multitude joins the fray. Some miners are well equipped, some less so, and all toil mightily. Gold rushes also end the same way. The euphoria dissipates as everyone realizes the opportunity may not be as grand as all had hoped, is considerably harder to exploit than promoters’ handbills let on—and is certainly not unbounded. Disruption ensues. Prices go haywire, companies go bust, fortunes are made, fortunes are unmade. As tempers fray, disputes erupt, and the vanguard arrays into victims and perpetrators according to the gains or losses they face.

Winners emerge—outfitters who graphic formulas. Bitcoin’s rise and equipped the miners, entrepreneurs fall is Silicon Valley’s remake of the with the financial resources to adopt 1849 Gold Rush, complete with its promising ideas and technologies own Genesis story, miners craving the miners may have hit upon, even riches, a frothy ecosystem supplying some miners who beat the odds. the miners’ needs and a flourishing About this time, The Law arrives to popular lore with a rogues’ gallery restore order. Some of those who ar- of digital bandits. Gold Rush 2.0 rived on the scene early act as guides also brought that most essential to the wild, helping the established feature of every boom—a stunning players sluice ounces of ore from tons crash that exposed the difficulties of dirt, or revealing the customs, of Bit-mining, and some weak—or code words and lore of the dodgy missing—links in the miners’ plans. element that arises in the wake of But the Bitcoin Rush brought an- every boom, to help The Law pursue other agenda—to replace the existing buccaneers skimming easy money financial order with a global online from those who don’t understand the network that does away with central- dangers of the frontier. ized monetary authorities and finan- So it is with Bitcoin, the best cial regulators. It’s unlikely Bitcoin or known of several active any cryptocurrency will ever replace digital currencies government-issued fiat currencies. based on crypto- But Bitcoin is a financial technology with a bold value proposition—com- The value of Bitcoin soared from puting power begets money supply. $13 at the start of 2013 to peak at more Bitcoin is staking its claim by leveraging than $1,100 in November. The stunning and helping to accelerate a revolution move resulted from Bitcoin’s direct in software and hardware design that linkage of computing power and the optimizes computing power and energy supply of Bitcoin, known as BTC. But use, while offering a new, albeit bumpy, by early 2014, the bankruptcy of the path to move money online in a world biggest Bitcoin exchanges highlighted full of digital security threats. vulnerabilities in the Bitcoin code that Just five years after Satoshi Naka- threaten the viability of the system. moto, a named but unknown founder, With all that going on, the world’s top posted source code on the Internet, payments chieftain, Visa CEO Charlie Bitcoin has become the first crossover Scharf, told analysts in a January hit from the cryptocurrency realm. It conference call that while it is too early has garnered the attention of major to understand all the implications of business media; financial regulators in Bitcoin, the phenomenon is “far more the United States, Canada and Japan; complex” than it’s often portrayed.

and the CEOs of global credit card companies. Silicon Valley’s top venture Make A capital firms have staked claims in dig- Hash of It ital wallet companies and specialized semiconductor companies that supply Cryptocurrency and digital money Bitcoin miners. Numerous exchanges, were first proposed in a 1984 research all unregulated, offer consumers the paper. In general, cryptocurrencies ability to buy and sell Bitcoins with use mathematical formulas to create dollars, yen and other real-world cur- money. Cryptographers write func- rencies. New data services calculate tions that scramble an input message, indexes of Bitcoin prices from different like the account password you type on exchanges, which reflect the Bitcoin your keyboard, into a random-looking community’s views about the safety string of numbers and letters called or reputation of the exchanges. The a hash. But it’s not a random string; Winklevoss twins even got in on the the scrambling takes place according action, proposing a public fund that to a set of rules—an algorithm—and would invest in Bitcoin. As cybercrimi- hackers work hard to figure out those nals attacked exchanges and hijacked rules or ways around them so they can the system for illicit activity, financial get into bank accounts, steal credit cryptographers developed counter- card numbers and generally wreak measures, including a digital forensic havoc in the digital economy. toolkit to track down Bitcoin abusers. A Bitcoin account consists of a

37 public name that allows a user to code revealed the exposure at a major Bitcoin miners compete to figure out send funds to another user or a mer- security conference. that name and then win the fixed chant, and a private name that allows In simplified terms, SHA-256 number of Bitcoins awarded to trans- the user to move the funds from the takes an input of random length, action verifiers. Cryptographers call public name into a personal account. like passwords, and generates a that unknown name the “nonce,” a Both are identified by unique strings corresponding string of letters and word taken from the Middle English of letters and numbers; the public numbers. Several Web sites have of Chaucer’s “Canterbury Tales” that string is your Bitcoin identity that SHA-256 processors online for those means “for a unique purpose.” To others interact with; the private who want to see how it works, such figure out the name, the miners must string is your personal identity, and as www.xorbin.com/tools/sha256- guess the value that will make the listen up—there is no record of it in hash-calculator. If one character in algorithm produce the hash string the Bitcoin system, and therefore no the input is altered, the algorithm that is the block’s name. In essence, way to “reset” your private string and generates a different string of num- the miners are solving an equation, recover your Bitcoins if you lose it. bers and letters that doesn’t match such as 6x = 12. In that case, “x” is obviously 2. But security hash functions are much more complicated, Here’s how it works: Say you want to send involving dozens of numbers and funds to another person or buy something from letters generated by functions con- a merchant. In the current physical banking or tained in the algorithm. Taylor says Bitcoin mining uses “Eureka style credit-card realm, a bank would match up the computation,” which stops the func- account numbers, verify the ownership of the action when the answer is found. There’s a catch. Bitcoin’s code counts and verify that funds were available to be varies the difficulty of solving the transferred from your account to the merchant. algorithm, which increases the With Bitcoin, a random number of “miners” see number of guesses required to find the answer. The number of guesses the pending transfer between public account needed to find the answer is called numbers, then race to be first to “verify” the de- the hash rate—it’s the key measure of tails by running calculations until they hit the the computing power of the Bitcoin network, measured continuously on combination that matches the account numbers the “genesis block” dashboard. When on the pending transaction. The fastest miner is a lot of miners are active, it’s more difficult to find the answer and the rewarded with a fixed number of new Bitcoins. hash rate rises. The goal is to have miners figure out the name of a block Bitcoin’s code is based on one of the string that corresponds to your and post it to the chain about every the most widely used and strongest password—that’s the basic security 10 minutes, a time boundary that cryptographic functions, a “secure wall that keeps thieves out of your controls the number of Bitcoins cre- hash algorithm,” SHA-256. Secure bank account. ated. Only 21 million Bitcoin will be hash algorithms are one family “Bitcoin’s source code is surpris- created, about 3,600 per day. Because of computer security standards ingly simple,” says Michael Taylor, the SHA-256 algorithm is a one-way published by the National Institute professor of computer science and function, miners can’t just run it in of Standards and Technology, or engineering at the University of reverse to arrive at the answer. So NIST, a division of the Department California at San Diego and director what to do? “The primary approach of Commerce based in Gaithersburg, of the UCSD Center for Dark Silicon. is to use brute force,” says Taylor, Md. The code for the SHA-2 series Each Bitcoin transaction is grouped referring to the cryptographer’s was originally written by the Na- into a block that is posted to a “block- inelegant term for guessing a lot, and tional Security Agency. The SHA-2 chain,” a digital public ledger that guessing fast. “If the difficulty value series became the standard in 2005, records every Bitcoin transaction as it is twice as large, then it takes twice after researchers who had figured moves between parties. Each block is as many brute-force tries to find the out how to break the previous SHA-1 identified by a specific name, a hash. corresponding nonce.” unused. The third generation of Chips bitcoin mining, Taylor says, began in June 2011, when miners began using Ahoy field-programmable gate array chips The fundamental tension of Bitcoin, (FPGAs), which could be configured for then, is the interplay of how many a specific purpose by a customer or a tries miners can make, how fast they designer after being manufactured— can make those tries and the level of hence the name “field-programmable.” AM NOT DORIAN NAKAMOTO.” With that difficulty that the Bitcoin code creates That flexibility made FPGAs well- “ Isentence, the mystery depending on how many miners are suited to Bitcoin mining, but the chips surrounding the identity of Bit- digitally digging. It’s like your algebra used more power than GPUs. coin founder Satoshi Nakamoto teacher changing the problem in the A better solution would be chips deepened. Coming a day after a article claimed to middle of a pop quiz when the class manufactured to run nothing Newsweek have found the man who wrote math whiz shows up—the quiz is but mining code. The answer was the computer code that runs harder for everyone, and the whiz application-specific integrated circuits, Bitcoin, the denial alone would is likely to have an edge. To harness or ASICs, which concentrate chip re- have fueled the long-running the power to put their brute-force sources on performing one function speculation about the origi- nator of the first successful approach into action, bit-miners at low power. ASICs are typi- cybercurrency. brought on a new era of semiconductor cally used in consumer What made the engineering, says Taylor. In a recent devices, which spread denial more pow- paper, “Bitcoin and the Age of Bespoke hefty development erful was that it was posted Silicon,” Taylor contends that Bitcoin’s costs over millions on a network development shows how to make small of chips, says that promotes batches of chips that are superefficient John Blyler, chief peer-to-peer at one task—a new era of hardware content officer at technology by the same innovation. Extension Media e-mail ad- Successful Bitcoin mining requires and editor-in-chief dress that had a computer that performs one type of Chip Design posted one of of calculation at the highest pos- magazine. ASICs the first papers sible speed. General-purpose central are fabricated at high- to describe Bitcoin in 2009, processing units (CPUs) and graphics end plants, including according to Bitcoin processing units (GPUs) are designed Taiwan Semiconductor bloggers. That e-mail ad- to perform a range of computations, Manufacturing Company, in dress hadn’t been heard from which wastes performance and energy Taiwan, and GlobalFoundries in New since, they say. Whoever created Bitcoin is when running a single computation. York. Using FPGAs as a bridge to ASICs a modern Prometheus. Money Between 2009 and 2011, Bitcoin miners was an innovative step by the Bitcoin fuels global commerce and used basic rigs with widely available community, which was funding finance, and Bitcoin is the CPUs and GPUs, in effect panning for development with pre-orders, since digital equivalent of fire, a fun- damentally new tool for human gold in open streams. Some realized FPGAs use specification language activity in the Internet age. there was power in collaboration, and similar to what’s used to design ASICs. Like fire, Bitcoin has had unin- formed mining pools that share re- Ultimately, an ASIC is the right tool for tended consequences, which wards in proportion to the processing Bitcoin mining, Blyler says. “It’s small, are only starting to unfold as power that each member contributes. and it’s fast.” central bankers and financial regulators ponder the impact The influx of miners started to raise Taylor notes that the difficulty level of the new technology and how the difficulty rating, but the price of when Bitcoin was introduced meant to control it. Bitcoin kept pace, so early miners were that a miner would have to try about Despite yeoman efforts, still rewarded for their efforts. 7 million hashes per second to find the Nakamoto’s true identity may never be discovered. In that Since Bitcoin-mining calculations name of a block. By September 2013, case, Bitcoin’s founder will don’t utilize some parts of a generic as early Bitcoin-dedicated ASICs came become Prometheus Encoded,

CORBIS microprocessor, it made no sense into use, the difficulty of finding the the first mythological icon of to continue using general-purpose right value was about 50 million times the digital age. chips that left computation capacity greater, requiring about 350 “terahash” Photograph:

39 39 tries per second. By winter, the total the time. Mt. Gox said the problem number of guesses active mining stemmed from a software glitch DIGITAL computers could make each second called “transaction malleability” that had mushroomed to a nearly incon- allowed hackers to alter the code on GUMSHOES ceivable 30 petahashes. (The prefix Bitcoin transactions to make it ap- But hacking leaves a trail. Despite “tera-“ signifies “trillion.” “Peta-“ pear that transactions were not pro- conventional wisdom that Bitcoin stands for “quadrillion.”) cessed. When the unpaid recipient provides a surefire way for criminals The system “provides strong requested payment a second time, to hide their tracks, Bitcoin trans- incentives for early adopters—the Mt. Gox paid, eventually running out actions are not anonymous. The earlier in the game, the cheaper of coins. The Bitcoin Foundation, a blockchain records the digital history the coins minted,” according to trade group that supports the use of of every Bitcoin’s journey through cy- Simon Barber, cofounder and chief Bitcoin, blamed Mt. Gox for failing berspace. A team of Italian cryptog- technology officer at San Francisco- to protect against an exposure in the raphers has developed tools to enable based HashFast Technologies, which code that developers had been aware law enforcement agencies to use the produces one of the top ASIC chips of since 2011. blockchain to identify likely owners for Bitcoin mining, aptly named It wouldn’t have been the first time of Bitcoin account numbers. the Golden Nonce. Barber studied Bitcoins had been stolen. Last August, Aptly named BitIodine, the toolkit Bitcoin as a lead researcher at Xerox’s cybercriminals stole Bitcoins from analyzes online behavior—and it Palo Alto Research Center before digital wallets on Google Android turns out that Bitcoin bandits display cofounding HashFast. The Golden devices. The thieves exploited a weak- a “digital M.O.” every bit as illumi- Nonce was one of the first mining ness in the Android random-number nating as the habits of convenience- chips to use 28-nanometer circuits, generator that resulted in some store robbers. BitIodine’s creator, the smallest then in production. wallets not having “cryptographically Michele Spagnuolo, is a young Italian Austin, Tex.-based CoinTerra, which strong” protection. Google confirmed computer scientist who has won four claims its 28-nanometer chips ac- the flaw and quickly posted a fix on Google Application Security awards count for more than 6 percent of the the Android developer site. A virus for identifying critical vulnerabilities Bitcoin network’s computation ca- designed to steal cryptocurrency in Google sites. He devised BitIodine pacity, is readying the next big thing has also grown in step with Bitcoin’s as his master’s thesis in information in Bitcoin mining—a water-cooled increasing value. One security firm engineering at the Politecnico di chip that uses a radiator to circulate says there are 146 types of Bitcoin Milano, Italy. A generalized paper, coolant over the microprocessors. malware, up from 45 a year ago and “BitIodine: Extracting Intelligence Initial delivery is scheduled for June. 13 two years ago. from the Bitcoin Network,” was pre-

GOLD GONE MISSING The discovery of gold coins from the California Gold Rush buried on a property in what was once California gold country was a reminder that physical coins can go missing. The travails of what was once the largest- volume Bitcoin exchange, Tokyo- based Mt. Gox, showed that digital coins may not be any more secure. As of this writing, Mt. Gox had filed for bankruptcy in Japan, saying it appeared that 740,000 coins owned by customers had been stolen, about 6 percent of outstanding Bitcoin at exceeding 111,114 BTC (more than Despite conventional wisdom USD 22,000,000), likely belonging to the cold wallet.” The paper details that Bitcoin provides a sure- the digital chase to the dread pirate’s cabin door. “BitIodine found a fire way for criminals to meaningful connection between the addresses, leading us to argue—with hide their tracks, Bitcoin some grounding—that 1933 was part of the cold wallet of the Silk Road.” transactions are not anonymous. WINNER

TAKE ALL It may be some time before the FBI releases DPR’s account number. But Wall Street is already looking for opportunities after the gold rush. At Bank of America Merrill Lynch, foreign exchange strategists developed a valuation model of Bitcoin as three segments. “As a medium of exchange, Bitcoin has clear potential for growth,” according to BAML. “Bitcoin could become a major means of payment for e-commerce, and may emerge as a serious competitor to traditional money-transfer providers.” The bank assigns a maximum market capitalization of nearly sented at the International Financial the most striking example, BitIodine $15 billion: $5 billion as a medium of Cryptography Association annual identified the notorious Dread Pirate exchange for business-to-consumer conference in February by Spagnuolo, Roberts, or DPR. The FBI identified e-commerce, $4.5 billion as a means Federico Maggi and thesis advisor DPR as 29-year-old Ross William for payments such as those handled Stefano Zanero. Spagnuolo gradu- Ulbricht when it arrested him last by Western Union and $5 billion as a ated in December and now works as October on suspicion of being the store of value. an information security engineer in creator and operator of the infamous While the increasing acceptance Zurich—at Google. Silk Road black market. and popularity of Bitcoin raises “A lot of potentially interesting The FBI seized some Silk Road its likelihood of success, Mt. Gox’s information can be mined from the funds from a Bitcoin operating cap- failure highlighted the weakness blockchain,” says Spagnuolo. “It is ital pool that sent funds to addresses of Bitcoin exchange security. The possible to automatically find out controlled by the FBI, which are episode may help Bitcoin, says New how much an address is used for publicly known. “But Ulbricht held York State’s chief financial regulator, gambling activities or mining, if it the majority of his funds separately in Benjamin M. Lawsky, who plans to was used for scamming users in the an encrypted ‘cold wallet,’ ” according issue “BitLicenses” to establish solid past, if and how it is related to other to Spagnuolo, and that address had oversight. The Bitcoin community addresses and entities.” The team not been made known at the time needs to address security before a grouped more than 18 million block- the research was published. “Using competing digital currency can gain chain addresses into about 4 million BitIodine alone, we are able to find an traction, says BAML. Like any gold groups for linkage analysis. Spag- interesting connection between an rush, the stakes are high: “We believe nuolo tested his tools by trying to address known to belong to DPR and the structure of the digital currency identify malefactors who had already 1933phfhK3ZgFQNLGSDXvqCn32k2b- market is one of ‘winner takes all,’ ” been unveiled by law enforcement. In uXY8a, an address with a balance the bank analysts concluded. 

41 Behind any wall a microwave listening device may lurk. Technology can listen for the electronic waves these bugs emit.

Even before 007, telephones There are bugs that were tapped. Guess what? can monitor every They still are. Every phone keystroke made on a needs to be checked. laptop or computer and capture what you type. These bugs have signatures that tell the experts exactly where they are hidden.

Video has been shrinking. Cameras can be placed anywhere and can record and send everything happening in the room. Cameras emit electronic noise sensitive devices can hear.

When you bring the counterespionage experts into the boardroom, they can sweep it with sophisticated electronic tools that analyze radio spectrums, search for imaging TIP devices and find out if your data is safe.

42 CATCHING A BUG IN THE BOARDROOM

It happens—people secretly listening and watching. Listening devices are tiny. They can be Boardrooms are vulnerable. planted anywhere. There are many reasons why The challenge is to find them. shady characters snoop. To steal business, trade and technology secrets. To make money from a stock. To leak board-level disagreements or management departures. But there are steps you can take to stop secrets from being stolen, even in today’s hyper-transparent world.

Our voices vibrate windows. These vibrations can be picked up by faraway lasers, turned into sound and recorded. Laser detectors can find these bugs.

Think metal tape. That’s how bad guys often connect their listening devices to windows, doors, ceilings floors and walls. Metal detectors find that tape.

I LLUSTRATION BY PAUL GARLAND CONTENT COURTESY INTERNATIONAL SECURITY GROUP, LLC

43 Q&A

Wolfgang Puck

44 BRIEFINGS Making People Happy

Before there was a Top Chef, before Rachael Ray, Bobby Flay and Anthony Bourdain took to the small screen to spread the gospel of good eating, there was Wolfgang Puck, the Austrian-born chef with a warm smile, a soft accent and yes, a puckish charm seemingly made for television.

TALENT+LEADERSHIP 45 Q&A: Wolfgang Puck

abroad, in sites from London Puck has been to Singapore. The Wolfgang Puck Companies, a privately held corporation, now includes a regular guest the Wolfgang Puck Fine Dining Group, Wolfgang on ABC’s “Good Morning America” since Puck Worldwide, Inc. and Wolfgang Puck 1986, while his Emmy Award-winning Catering. The Wolfgang Puck Companies television series, ”Wolfgang Puck,” de- encompasses over 20 fine-dining restau- buted on The Food Network in 2000 rants, premium catering services, more and aired for five seasons. He has been than 80 Wolfgang Puck Express opera- a guest on countless shows, from late tions, and kitchen and food merchan- nights with David Letterman and Jay dise, including cookbooks and canned Leno to appearances on The Simpsons, foods. Lazaroff remains Puck’s partner Keeping Up With the Kardashians and in the restaurants opened before their even a cameo as himself on an episode divorce in 2003. He is now married to of Tales From the Crypt. Gelila Assefa, the Ethiopian-born fashion While his celebrity has helped turn his designer. name into a global brand, Puck earned While it is not unprecedented for a his reputation the hard way, serving star chef to lend his name to related an exacting, if somewhat ad hoc ap- products, Puck has stretched his brand prenticeship before making his name at further than most, perhaps too far. His Ma Maison in West Hollywood. Spago, frozen pizzas and canned soups taste which he opened on the Sunset Strip in just like frozen pizzas and canned soups 1982 with his then-wife Barbara Lazaroff, usually do, and there is nothing to dis- firmly established Puck in the pantheon tinguish Wolfgang Puck steak knives, six of California cuisine, alongside Alice Wa- for $19.95 on Home Shopping Network, ters, Jeremiah Tower and Mark Miller. from similar products without a celebrity But more than any of those renowned endorsement. On the other hand, his chef/restaurateurs, Puck had ambitions Gourmet Express outlets provide a reli- to grow and diversify. In 1983 he and ably better-than-expected airport dining Lazaroff opened Chinois on Main in experience. And as anyone who has Santa Monica, which pioneered so-called eaten at one of Puck’s restaurants when fusion cuisine, and in 1989 they opened the maestro is in the kitchen can happily Postrio in San Francisco, which brought attest, the man can really cook. a dash of Hollywood glamour to the City Briefings caught up with Puck at his by the Bay’s dining scene. In 1997, they flagship restaurant, Spago in Beverly moved Spago to an elegant new venue in Hills. The interview was conducted by Beverly Hills, and followed up with Spago Peri Hansen, Senior Client Partner, Los Las Vegas, Spago Maui and Spago Angeles and Co-Lead of the Restaurant Beaver Creek. Many more restaurants and Foodservice space within the Global followed, across the United States and Consumer Market, Korn Ferry.

By Peri Hansen, Chris Von Der Ahe and Lawrence M. Fisher Photographs by Scott Gilbert

46 BRIEFINGS Cuisine has to “change, too. Young people today—they like to experiment. They like to eat, and not conservatively. They are more open and more ready to experiment.”

Malcolm Gladwell, The New Yorker writer, guy who barely came up to chest height on the says that you need to put 10,000 hours stove. For three weeks I peeled potatoes, and into any art or craft to get really good. then one day we ran out at lunch, and it was my What were your 10,000 hours? fault. The chef said the same thing as my stepfather, “You’re good for nothing. Go back home PUCK: My 10,000 hours started really badly. and tell your mother we don’t want you here.” I left home when I was 14 years old. My father, But I couldn’t just go home. I was standing my stepfather, actually, was really crazy. All on a bridge, crying for an hour. And it was I wanted to do was get out of the house. He cold in December. But I went back the next always told me I’m good for nothing. So I moved day, and the others took me down to the veg- away. I didn’t go to high school. I found work etable cellar. I was peeling potatoes down in a hotel restaurant, when I was this little there for 10 days, and then the chef comes

TALENT+LEADERSHIP 47 Q&A: Wolfgang Puck

down one day. And he says, “What the heck done. But it was actually a good experience, are you doing? I fired you.” But the owner was to see America in a different way than I had a little nicer, and he sent me to another hotel expected, and because I got my green card. he had, and there I started doing O.K. They I came out here to Los Angeles; I went sent us to cooking school, three months out of to work at Ma Maison, which at that time the year, and I had straight A’s. was basically bankrupt. My first paycheck When I was 17, I moved to France, and bounced. They couldn’t pay me, so they gave worked in some of the best restaurants me a share in the restaurant. I started to buy there—L’Oustau de Baumanière in Provence, fresh fish and whatever good things we could then Hotel de Paris in Monaco, and then afford. I used what I learned at the great res- Maxim’s in Paris. A friend of mine offered taurants in France. me a job in New York. I thought, “In New I started there in ’75 and I left in ’81, but York—in America, everybody’s rich.” So I along the way, I met some amazing people, came to New York. But I didn’t like it, because like Orson Welles. He used to come early, and I had been working in restaurants with he liked the same champagne I liked. Every Michelin stars, and here they just had me morning I opened a bottle of champagne. I grilling steaks. I wanted to make something had a glass and Orson finished the bottle. It more fancy. was good. I didn’t want to leave, really. But I Then somebody offered me a job in India- wanted to open an Italian restaurant, a simple napolis, and all I knew about Indianapolis place where people from the neighborhood was they had a race there. So I said, “Why could stop in for a pizza and a glass of wine. not? Maybe it’s like Monaco.” But I cooked So that was Spago in 1982, and it was an im- more steak well done there than anything, mediate hit. because everybody there ate everything well

I wanted to open an“ Italian restaurant, a simple place where people from the neighborhood could stop in for a pizza and a glass of wine. So that was Spago in 1982.”

48 BRIEFINGS One key to having a premium brand is to All he knew is that you could make it like keep demand greater than supply, to keep the other brands. So we made one like all it special as you grow. How have you kept the others in the supermarket, except it was Wolfgang Puck special? expensive. So a few years ago, I bought the license back for $250,000. Now, if we do it, PUCK: It’s like a marriage. If you want to we’re going to do it right, from the packaging keep it special after 25 years, you have to to what is in the box. work on it really hard. To me, Spago is like my I don’t want to have anybody tell me home. I’m here all the time. I still care. We anymore, “This is the way.” Because I had so try to improve all the time, to keep it fresh. many people in my company who claimed To be successful, I have to work, and I have to to know the way. We hired a guy who went change. Some people don’t want change; they to Harvard Business School, and he made want to keep the same thing. I think if you projections on the table, like we would be a don’t want change, you know where you go. billion-dollar company in five years. But, you In about 1995, when I was still up on Sunset, know, he knew how to do it on paper, but he I said, “If I’m still here in the year 2000, I’m didn’t know how to execute. going to jump off the roof.” Because I couldn’t make the kitchen bigger. The whole building was falling apart. So we opened this one. It As a leader who embraces change, who became successful. But to keep supply smaller likes to do things different, how do you go than demand is not an easy thing when you about getting the right team? open a big restaurant. If we would have 60 seats or 70 seats, you never could get a table, PUCK: I have a team who’s with me for because we always would be sold out, every many years. Lee Hefter, my right-hand man night, with a waiting list. Then it becomes a in the kitchen, is a very talented guy who pain in the neck. It’s not good business. could easily have his own restaurant, or two Also, we have become international. When restaurants, really. I have a team of people people come to L.A. from England or Italy or I know very well, and they really supervise wherever, they know Spago more than any the fine dining. Then I have a team who do other restaurant in L.A. The only other one the catering business of the company, and that is known is Nobu, which now is in many one of them is with me since the old Spago. I different cities. In the old days, we had the still have all these anxieties when I wake up Oscar party at the old Spago, Swifty Lazar’s at night, that the business goes down, that Oscar party, and we could really get interna- I cannot feed the kids, that I have to sell the tional publicity for that like I never could pay house. But I think everybody has these anxi- for. Because everybody loves movie stars. eties in the dark.

You have Gourmet Express at airports. Who do you see as your consumer? You have canned foods and frozen foods, cookware. How do you maintain a high PUCK: We have people who are regular, who standard? can afford lunch here every day or dinner every day if they want to, who are the locals. PUCK: Well, we tried. Take pizza—I sold my And everybody here knows us because we are pizza business some years ago to ConAgra. I here for so many years. And now we have an thought, they know better; I would have had international following. Howard Stringer, to raise the money to expand. But that was the former chairman of Sony, came last night one of the worst things I ever did. Because with the new Sony guy, from Japan. Then we they put some guy in charge who never made have people who might come once a year for a pizza, who never had any idea about pizza. their birthday or somebody who might come

TALENT+LEADERSHIP 49 from Nebraska, and they come to see their son ones. We really don’t use a lot of butter. We use going to school, and they really cannot afford a lot of olive oil and vinaigrette and things like a restaurant like that, but once a year, maybe, that, and keep the food really simple. they splurge. Is steak the healthiest thing? Maybe not, When I go in the dining room, I don’t just if you eat a lot of steak. But if you eat in mod- say hello to the people I know. I say hello to eration, you don’t have to eat a 12-ounce steak everybody and spend the same time with ev- at 10 o’clock at night. erybody. I say something to them, talk about what they’re going to eat or what they should eat—and so it makes them all feel special. We What are the core values of Wolfgang are not in the food business. We are in the Puck, the enterprise? hospitality business. I tell my people, to have a smile, to be polite, to be friendly doesn’t cost PUCK: For the enterprise, I think our value us any money. To buy fish, meat, vegetables— really is that warm hospitality. I tell every- that’s very expensive. To make somebody body, “You know, I’m not paying you. It’s the feel good just with your words or with your customers who pay your salary.” Whoever—a attitude—that’s the least you can do. waiter, a busboy, a chef or a dishwasher—I try to teach everybody to be in the hospitality business. When you think like that, it’s also There is so much media attention on chefs. easier to be nice to the guy who works with Have we lost track of the role the you. You want to be treated the same way as restaurateur plays? Clearly there’s an art you would treat a customer. to making people feel warm and welcome from the moment they walk in. How do you reinforce and perpetuate the PUCK: If you are great at the front door, you enterprise’s values across a far-flung empire? don’t need a super-talented chef, just somebody who can cook a really good meal, grill a really PUCK: It’s really about the team you put good steak, make a few good salads, a few together. If you have one restaurant, it doesn’t good side dishes. You can be very successful, as matter. But with so many, I cannot supervise long as you buy the best product. If you keep everything. I cannot cook everything. We it simple, you can cook anything, but you have have to train people and instill in them the to buy the best quality ingredients. I have the culture we have, which is really what keeps same meat purveyor since Ma Maison. In the us going in different places. We don’t expand same way, do I have to go to the fish market fast, because if we don’t have the talent, it’s myself? No. Do I want to? Yeah. silly. We could sign I don’t know how many At the end of the day, we have to make deals. We could open in Delhi, in China, in people feel special. If it’s a special occasion for Moscow, in God knows where. But I have people to come here, they want to feel good. to really gear up to that. I have to invest in Somebody who comes all the time—they want talent, to hire expert people in each of the to feel good, too. They want to feel appreciated, restaurants we already have to work with us because there are too many other options. at least for a few years. We are opening in Dubai, and I know already which chef is going to be there for about How do you balance a great culinary expe- a year now, and he has worked with us for rience with everyone being so health- and five years. We’re going to open in Doha next, diet-conscious these days? a year after that, and I know already who is going to be the chef there. That way I don’t PUCK: I think if you go to a really good restau- have to worry is somebody going to be there rant, generally, it’s healthier than at any other who doesn’t know my philosophy, who doesn’t restaurant. The unhealthy ones are the cheap know what I like.

50 BRIEFINGS Q&A: Wolfgang Puck

Some of the most successful global restaurateurs have had one big stumble, What’s the future of cuisine? at least one restaurant they had to close. Did you have an opening like that? PUCK: Cuisine has to change, too. Young people today—they like to experiment. PUCK: I had a brewery called Eureka. We They like to eat, and not conservatively. wanted a brewery to create that label, to They are more open and more ready to create a brand. We were supposed to make experiment. In the restaurant I ask, how a million cases of beer in a year. I had two can we get these people to try it? For ex- partners and a financial guy. We got this fancy ample, now we have this bar menu, where brewing equipment from Germany, and then you can come and sit in a nice restaurant, we did not pasteurize the beer, to keep the and get a little bit to eat and not spend a fresh taste like on tap. So when we bottled lot of money. Young people especially like the beer, the beer had to be refrigerated. If it it. We have low tables so people can sit in was not refrigerated, it would start to ferment front of the fireplace and enjoy a cocktail. again in the bottle and spoil. That would We always think about what can we make happen again and again and again. different. But whatever we do, we have to I tried to get rid of the partners, but they do it really well. wanted to stay. We were going broke. At the I look often at fashion designers, be- end, I said, “I’m not raising more money with cause my wife is into fashion, and I go to these three guys running the brewery. It’s the fashion shows in Paris with her. Why pouring money down the drain, just like we does Armani still do that? He’s 80 years did with the beer.” old. He’s in the back, putting the dresses Up to that point, I thought I could be suc- on the girls to make sure they hang right. cessful in anything. If I opened a gallery or He’s a billionaire. He could have somebody a shoe store, it would be successful. Then I do it. But he still likes what he does. realized I better stick to what I know. That’s Just like him, we have a lot of good people one of the most important things I learned doing it, putting it together. But somebody from that episode. You have to know what you has to give them the direction. Somebody know, and, more important, you have to know has to say, put it here and here, not there and what you don’t know. You can’t do everything there. You know when it’s an Armani dress well. I cannot be a beer salesman. That’s not or an Armani suit. You know, hopefully, the my passion. My passion is the restaurant. same thing when you go to Spago. 

You have to know what you “ know, and more important, you have to know what you don’t know.”

TALENT+LEADERSHIP 51 Like a golfer facing a 200-yard shot over water, the ruling potentates of the game are feeling a palpable sense of desperation these days. The numbers just don’t look good for golf, and organizations like the U.S. Golf Association and the Professional Golfers Association of America, heretofore known for adding extra starch to their undershorts, are now saying the grand old game might well use a touch of Goofy Golf. If that’s what will bring folks back to the course, let’s get silly. STORY BY CHRIS HODENFIELD ILLUSTRATIONS BY CHRIS WAYSHAK Is it that bad? When the National Golf Foundation reports that Americans played 463 million rounds last year, it sounds like an impressive number of divots. But that figure is down from 518 million in 2000. And while the portion considered “regular players” is a robust 25 million, it still represents a loss of 5 million golfers in the past decade. The evidence is everywhere. At Myrtle Beach, S.C., once considered a golf mecca, courses have folded like beach tents. Lavish retirement villages that once charged $60,000 for a membership for multiple courses now plead for a third of that. In the Northeast, power clubs that once boasted seven- year waiting lists are now available for, uh, immediate occupancy. Where did the golfers go? Like sailing, golf is a classic sport that came up against modern demands and was found wanting. It could also be argued that what happened to golf is what happened to America—the middle class is disappearing. No one actually “retires” anymore. Buyouts, yes, retirement no. Is Golf in Retreat?

ary McCord, TV analyst The real question is whether the authorities have and senior-tour player, confronted how American golf got into this sand trap spoke for all mournful baby in the first place. It was not entirely the fault of the boomers recently when he Great Recession. Since the powers who oversee the Gtold Golf Magazine, “We supported all game almost all belong to exclusive private clubs, it is these clubs, and now there’s nobody possible they can’t see the essential problem: As the to tap us on the shoulder and take game got ritzed up, much of the fun was dialed out. If over our memberships because the they don’t grasp this, they won’t understand how to make it fun again. game is too expensive, takes too long, Golf can be an extraordinarily charming game. and is too hard. People can’t invest so It seems intimidating to an outsider, of course, but much energy into something that’s when introductions are properly made by friends not giving them much in return. So or family, its combination of grace, finesse and how do you fill these clubs that are spaciousness can be quite enticing, if not addictive. being depleted? That’s a problem.” But something happened to that critical process of introductions. It takes too long. The indictment is thrown down A little history here. From the 1930s up to the all the time, along with suggestions that today’s ’70s, it was easy to walk onto a public golf course. “soccer dad” is not going to throw away six hours on The neighborhood course was likely a mom-and-pop a Saturday walking around in a blue cloud of jokes operation or run by a municipality. The courses were and cigar smoke. It’s a different country now. After usually just hard enough, and golfers walked rather 9/11, everyone retired to the family room with the big than riding carts from hole to hole. Kids could get screen. Right? jobs as caddies and be exposed to the game and life- In response, clubs and public courses around style. Golf, which started the century as the province the country have found success in expanding into of bluebloods, had become broadly democratic. family health clubs. Throw out the cigar bar, add In the 1980s, a notable expansion began, fueled the squash court. by two groups. The World War II generation cashed Staring at the declining numbers, golf organiza- in its pensions and retirement programs, sold its tions have come up with “initiatives” to make the paid-off houses and trooped off to golf villages all game more hospitable to wary newcomers: Golf across the Sun Belt. Meanwhile, a huge wave of baby 20/20, the First Tee Program, Welcome to Golf boomers hit 40 and decided their knees couldn’t take Month. When the U.S. Golf Association’s president tennis and basketball anymore. Hello, golf. Tom O’Toole Jr. assures the faithful that their “core With this crush of new players, municipal strategies” will make the game more accessible, courses in the heavily urban areas were suddenly a wave of enthusiastic joy must sweep over every overwhelmed. What had once been a leisurely four- rumpus room in the land. Or not. hour round became a tiresome six-hour exercise. The latest initiative is called Hack Golf (see But Americans were indeed playing and the modern hackgolf.org), an idea that attracted participation golf industry grew to an extraordinary size. With from equipment giant TaylorMade-Adidas Golf and golf equipment intensely modernized (essentially other sponsors who wonder if, say, increasing the hole allowing aging duffers to hit the ball farther than diameter to 15 inches will make the game more fun. ever), club sales soared. Joe Beditz, president of the

55 Is Golf in Retreat?

National Golf Foundation, asserted that the nation “It takes too long to play” has become a mantra in needed to add a new golf course every day to keep up the industry. The USGA took note and commenced with the demand. a campaign called “While We’re Young” that ap- And so the land was rolling in hot new courses. pears on PGA Tour broadcasts. While giving slow In fact, 4,500 courses were added between 1986 and golfers the much-needed needle, the ads also serve 2005. But these new venues were not modest, friendly up constant reminders that the average American places. What emerged was the snazzy resort course golfer—or at least the guy front of you—plays at the or the high-end daily-fee intended to provide “the speed of a three-toed sloth. Where did this on-course country club experience.” somnambulism come from? Probably from watching It appeared that the nation’s golf developers PGA Tour players who all now play with the diligence had fallen under the spell of its two most famous of surgeons. kingdoms, Augusta National and Pebble Beach. The With American courses saturated in “amenities,” excruciating beauty of Augusta, seen every spring casual fun became harder to find. Dozens and dozens during the Masters Tournament, became the tem- of spectacular and picturesque courses were built, plate for all the exclusive clubs, whose caliphs sought some loaded with more heartstopping special effects to duplicate the artful design work and pristine than a Michael Bay movie. Golfers with a bit of skill fairways framed by gleaming banks of sand. (or at least those who carried many extra sleeves of The first time I walked over Augusta National, I balls) were wildly entertained. was struck by the perfection of the turf. There was One group was left out of the fun: the newcomers. not one sprig of crabgrass. Just exquisitely flawless You know, the people who are not lining up to play greens. I wondered if the club employed armies of turf courses today. cosmetologists to tweeze out any miscreant shoots. “The golf industry has really changed since the However it was accomplished, every big-shot guest ’80s and ’90s,” says David Preisler of Houston, owner could see the perfection and want it for his own. of a consultancy and management services firm This exalted look became the ideal at resorts, called OnCourse Strategies. He’s trying to reverse and daily fees and prices rose accordingly. In the late the maximum-lux paradigm and get people playing ’80s, Pebble Beach was charging a jaw-dropping $225 again. “Golf owners and managers got comfortable a round—and getting it. So resorts recruited high- in a zone with the golfers they had. They were not profile architects like Tom Fazio, Pete Dye and Jack developing golfers for the new core. And that’s what Nicklaus to create marvelous, sweeping confections you have right now.” so grand that, say, a $150 fee wasn’t asking too much. “The men and woman involved in golf, we only In the new world of posh golf, riding in carts have ourselves to blame,” says Ron Whitten, golf became mandatory, which drastically affected the architect and historian. For years, he managed the texture of the game. Certainly carts did not speed up ranking of America’s 100 Greatest Golf Courses for play and Americans just got used to rounds dragging Golf Digest magazine and thus bore witness to the out for more than five hours. anxious clambering for prestige and beauty that infil- For contrast and inspiration, Yanks can visit any trated all ranks. “No one works the lower end of the neighborhood course in the United Kingdom (one market anymore, because there’s no money in it.” that has not been totally Americanized, anyway) and Whitten notes that even the old beloved and watch in amazement as Brits breeze through a round careworn “muny” courses have been endangered. As in less than three hours. city governments were taken over by politicians who

56 With American courses saturated in “amenities,” casual fun became harder to find. Dozens and dozens of spectacular and picturesque courses were built, some loaded with more heartstopping special effects than a Michael Bay movie. “I made Joe Titanium real mad with my miserable game and now he wants to kill me.” Is Golf in Retreat?

wanted to run things like a business, golf courses By making his courses affordable, Preisler is were “privatized” and put into the hands of for-profit crushing it. agents. Result: higher rates, fewer customers. It’s critical, he says, for course owners to open their “The courses are so service-oriented,” Whitten links to junior golfers and women, and to sponsor says with a laugh, “that the old golf experience of put- every player-development program going. For the ting on your sneakers in the parking lot and slipping after-work crowd, he offers a $12 twilight rate. “Bubba out to play golf has been replaced by something akin golfers got to have a place to play, too,” he says. “The to going to a restaurant where you have a maître d’ six-pack probably costs more than the round.” and ‘servers.’ ” “You gotta make it fun for them, whether it’s an The shift was somewhat similar to recent changes individual, a couple or a family. Once they get in the movie business. A certain audience was targeted serious, they can move to the next level and play (in Hollywood’s case, teenagers) and all the energy was 18 holes.” fixated on that one market, abandoning the rest. Which brings us to the major golf organizations. Whitten saw it happen to a course he designed Are the initiatives and strategies going to fire up a with Michael Hurdzan and Dana Fry. “We were new generation of golfers? If they really want new- trying to do the best $50 green-fee course in comers, they should figure out ways to help establish America,” he recalls of Erin Hills, about 30 miles west the most obvious starting point, the par-3 course. of Milwaukee. The naturalistic course was such a hit, These humble courses occupy but small parcels of it was named the venue for the 2017 U.S. Open. Then land, but they are places where kids and newcomers everything changed. “The owner got U.S. Open fever, can learn the game in comfort, among pals, contem- and now they charge over 200 bucks.” poraries or with ol’ Uncle Charlie. If you go just down the road, though, to Whistling The U.S.G.A., for instance, just signed a stunning Straits, now famous as a P.G.A. Championship venue, 12-year deal with Fox that will pay nearly $100 mil- you have to pay $400. Pinehurst No. 2 in North Caro- lion a year for television rights to the U.S. Open. The lina, where this year’s U.S. Open takes place, charges U.S.G.A. could work with the P.G.A. of America and the same. And Pebble Beach is $495. any other golf group that wants a future and provide The surest way to make a newcomer hate golf resources (turfgrass, designs, irrigation, business in- forever is to take him or her to one of these exclusive frastructure) to investors or cities who want to build resort courses for a taste of “the good life.” The intro- a par-3 course. duction backfires when the novice realizes: “I made Even if you have to hit off a mat, even if errant Joe Titanium real mad with my miserable game and now balls whiz by your head, you’re still having a lark. For he wants to kill me.” the time it takes to go on lunch break, you are deeply Golf needs more entry points, says Preisler, who involved in a game that has enthralled millions. It’s argues that the lower-price market is an underserved not disc golf or Hack whatever. It’s real golf. and overlooked opportunity. “If you’re in the high- The grandees of golf, safe at their private clubs, end public course, you’re not doing too good. If you’re are far removed from the modest realm of entry- in the midrange, you’re doing O.K. And if you’re in level play. But that is the world where people start the lower range—what I call the Bubba golfer—you’re swinging, and that’s where the golf aristocrats should doing great.” put their unblinkered attention. 

59 GETTING READY FOR WORLD CUP BY VICTORIA GRIFFITH

60 HEN THE FIRST MATCH of the World Cup kicks off June 12 in Sao Paulo, the international spotlight will shine brightly on Latin America’s largest economy. Hoping to make a favorable impression, Brazil has poured an estimated $18 billion into the games amid hopes that the event will boost foreign investment, tourism and exports. But the toughest audience to please—and the one whose opinion matters most when it comes to GDP growth—is Brazilians themselves. What happens leading up to and during the month of the World Cup games is a wild card that will substantially impact the country’s economic performance, perhaps for Wyears to come. The uncertainty is putting citizens and investors on edge.

61 61 ocial unrest is a big concern. Brazilians’ frustration Swith social services has mixed with anger surrounding spending on the World Cup. In early February, a protest against bus fare hikes in Rio de Janeiro turned violent when police tried to disperse crowds with tear gas. A local cameraman was seriously injured in the confrontation and subsequently died. The incident came on the heels of last year’s mass protests in the urban centers of Sao Paulo and Rio de Janeiro, during which residents of the two cities rallied to the cry of “Não vai ter Copa!” (“There will be no World Cup!”)

This year, politicians were caught off guard by a “One concern is that the demonstrations have series of protest “walks” through Sao Paulo’s shop- been specifically tied to the cost of the World Cup, ping malls, convening thousands of adolescents in which means they are likely to ramp up as we get venues wealthy Brazilians have long viewed as a safe closer to the event,” says James Lockhart Smith, refuge from the streets. Sepp Blatter, the president head of Latin America for the research firm Ma- of FIFA, the football association that oversees the plecroft, which specializes in analyzing global risk. games, said he expects the number of rallies to spike “There’s no doubt in my mind that certain groups in June and July, as Brazilians condemn the govern- will stage protests once the games get under way.” ment for pumping money into the World Cup while Although the protests are likely to continue, it’s underfunded public services languish. One cartoon too early to predict how much disruption they will making the rounds on Facebook in Brazil shows cause. Also unknown is how the unrest will affect workers laying out a green football field on top of President Dilma Rousseff’s bid for re-election this schools, hospitals, buses and politicians in a bid to year; if Rousseff’s Labor Party maintains power, pave over Brazil’s underlying problems. it will please a business community that prefers

62 62 Commuters wait for the train at a subway station in downtown Sao Paulo.

63 Percent of Brazilian population that expects to watch at least one World Cup game on television. 96 %

stability to surprises. And any violence could quickly says Maria Sampaio, who lives in the U.S. and just re- sour the mood of an electorate already unnerved by turned from a trip visiting family in Brazil. “Coming the country’s notorious safety concerns. back, our flight was delayed for several hours for no Another potential headache is transportation reason other than the fact that the airport was just problems. “Just getting visitors from the airport into unable to process the number of travelers that were the city centers of Sao Paulo, Rio and Salvador could there. I can’t even imagine what it will be like during be a nightmare,” says Irene Mia, Latin American the World Cup.” analyst with the Economist Intelligence Unit. Politi- Traffic jams in the country’s largest cities, Sao cians have acknowledged that many of the planned Paulo and Rio de Janeiro, could inflame residents and improvements in public transit will not be ready tourists alike. In this case, Brazilians’ pessimism may before the games. In Salvador and Natal, officials are help keep the games running smoothly by pushing toying with the idea of setting up temporary airport motorists off the road or even out of town. “Global facilities that would be dismantled after the World competition, whether it’s football and the World Cup, Cup. “Even under normal conditions Guarulhos (Sao or the Olympics, always raises problems concerning Paulo’s international airport) is complete chaos,” costs, infrastructure, transportation and the success

Rendering of the refurbished Maracaña Stadium.

64 64 Percent of Brazilian population that will spend money on home decorations to support the Brazilian team. 13 % of the venues,” says Jed Hughes, Vice Chairman, on the country’s infrastructure, it would also mean Global Sector Leader, Sports, at Korn Ferry in New fewer customers for retail stores and restaurants. York. “The challenges Brazil faces in the World Cup Paulo Motta, head of a retailers union in Salvador, and Summer Olympics will be the same. If they do says the revenues of big stores plummeted by it well, it will shine a bright, positive light on the 40 percent when the city hosted the Confederations country and its people.” Cup last year. While consumer demand could ac- “Most people I know are looking for a way to get celerate once the games are over, it’s unclear whether out of Sao Paulo during the time of the World Cup,” that will entirely make up for lost business. said Paula Astiz, a graphic designer and small business The World Cup’s impact on domestic productivity owner in the city. A study of 20 leading corporations, is also a concern. Worker training received a boost as led by the business school Fundação Dom Cabral, many Brazilians took it upon themselves to improve found that all planned to suspend business travel their language skills—particularly in English—in from mid-June to mid-July. Cautious sentiments like preparation for the games. However, productivity is these are a mixed bag, however, for the economy. Al- expected to suffer during the games. It is unlikely though the absence of Brazilians would ease pressure that much business will get done while Brazilians

It’s too early to predict how unrest will affect President Dilma Rousseff ’s bid for re-election this year.

65 65 SOCCER BY THE NUMBERS IN BRAZIL, WHERE FOOTBALL IS A RELIGION, STADIUMS ARE THE CHURCH

5 number of times Brazil has won the World Cup

$18 billion amount of money Brazil is expected to spend on the World Cup

900,000 Brazilian flags expected to be sold during the World Cup games

6.5 million new television sets Brazilians will buy to watch the World Cup

2.5 million tickets to games at 12 different stadiums

500,000 foreign visitors are expected for the World Cup in Brazil SOURCE: Global marketing research firm IPSOS

crowd around television screens to root for their on GDP. According to an analysis by Fidelity Invest- home team. On top of this, a late Carnival season, ments, GDP growth tends to accelerate a couple of coupled with Brazilians’ tendency to emendar, or years before a country hosts a global sporting event, lengthen, holiday downtime, is setting many busi- but “tapers off considerably afterward.” In the case of nesses up for a slow year. Sao Paulo-based investment Brazil, the acceleration proved especially short-lived. bank Gradual Investimentos forecasts World Cup GDP growth peaked early at 7.5 percent in 2010, but distractions could take as much as 0.3 percent off since then has dipped to just above 2 percent annually. GDP growth this year. Some observers worry that the additional debt Brazil The long-term value of infrastructure improve- has taken on to finance preparations for the two mega ments is also in question. FIFA has voiced frustration sporting events may be a burden for the country going that half of the stadiums slated to serve as venues for forward. The picture is further muddled by spending the games were not ready by the end of 2013. Even if for the 2016 Olympics in Rio de Janeiro, which will they are completed in time—as is likely—some fear cost the government an additional $15 billion. Prepa- that they will quickly turn into white elephants that rations for that Olympics will add economic stimulus, serve little post-Cup purpose. The stadium in Manaus, but will also increase the country’s debt. in particular, has been singled out as ill-advised in- The fear that a traffic jam or violence during the vestment, since the city has little football tradition. World Cup games could have a disproportionate A key question is the impact of the World Cup effect on the country’s GDP has unnerved many

66 66 observers. But not everyone is pessimistic. Brazilians irritant for the fans of the “beautiful game” was the have a reputation for pulling things together at the low number of World Cup tickets reserved for the last minute, and many people expect the country to domestic audience—450,000 out of more than live up to that reputation. David Sonter, mergers and 3 million. But nearly all Brazilians will be able to acquisitions partner and head of the Brazil group watch the games on television, and once the country’s at the international law firm Freshfields Bruckhaus team starts scoring goals, any previous disappoint- Deringer, witnessed the pessimism surrounding ment may be forgotten. the London Olympics yield to enthusiasm and suc- A World Cup win for Brazil would add a welcome cess once the event got under way. “Everyone said spark of energy to the economy. If the Brazilian team that London transportation would be a mess, and makes it to the finals, or defeats longtime rival Ar- Londoners would be too grumpy, but a couple weeks gentina, it could lift the nation’s spirits. The country’s ahead everyone got excited and it turned out to be a team is expected to perform well; Brazil has won the big success,” he said. “When the World Cup begins in competition five times, more than any other nation. Brazil, there will be sporting superstars, dancers and Yet as football fans know, anything can happen once music, and the sun will be shining and people will see the games begin. In the end, the impact of an event it as a positive thing for the country.” seven years in the making could turn on the ability of Brazilians’ enthusiasm for football may also go a individual players. The final economic tally may come long way toward mitigating any negativity. One early down to the penalty kicks of the final game. 

67 67 Responding to a need, Korn Ferry launches new Cyber and Information Security Practice.

This issue of Korn Ferry’s Briefings on Talent & Leadership is focused on cybersecurity. It coincides with the launch of our newest specialty practice—Cyber and Information Security. This practice brings together a team of advisers with expertise in national security and professional services to meet our clients’ unique cyber and information security talent needs.

ews about cyberattacks organizational capabilities. systems and the global and data breaches has Because of this need, economy. Nbecome part of the daily Korn Ferry created a Cyber We offer a full portfolio of headlines. No organization is Security Center of Expertise. talent solutions that include immune from attack regardless The goal of the new center is recruiting top talent, such as a of its size, industry or geography. to bring together advisers and new Chief Information Security Because of these threats, consultants with experience in Officer (CISO), and building a a secure cyberspace infra- security, information technology cybersecurity workforce. We structure is critical to business. and professional services. can help companies expand Protecting your intellectual The center will meet the their own advisory practices property, your markets and your talent needs of our clients and security solutions reputation is not an option. It is with respect to Internet and businesses. And, we can help a requirement. information security. Our C-suite and Boards of Directors New technology alone consultants understand the align their organizations’ is not enough to address threats and vulnerabilities capabilities and cultures to these challenges. Companies posed by today’s increasingly defend against emerging need to invest in talent and interconnected information cyberthreats.

www.kornferry.com/cybersecurity

68 WORD TRAVELS FAST KRYPTALL™ TECHNOLOGY STOPS IT

Cannot be intercepted

Cannot be traced

No record of calls

Secure global network

Use anywhere in the world

Only one device required

Global coverage satellite option

Cellular and desktop models available

Can you afford to make your private business public?

WHAT IF every word of your conversations,

© 2012 KryptAll™ All Rights Reserved. Some restrictions to hardware and service apply. Not responsible for errors and ommissions. your text messages, emails and even your physical location was accessed by anyone or any organization with a need to know your business? Cybersecurity is no longer just a concern of government and military operations; it is a critical issue for corporations and individuals who have valuable information that must be kept confidential… at all costs.

The most serious threat to your security could actually be your cellphone and hard-wired landline. Privacy is easily breached through the weakest link in your security chain, using advanced espionage by competitors, agencies and even individuals to leverage your vulnerability. Only KryptAll Secure Communications guarantees privacy.

TM KryptAll K iPhone and service shown. KryptAll is available with other mobile devices. mobile other with KryptAll available is

Explore. www.KryptAll.com Ask. 877.291.1900 / [email protected]

69 Cybersecurity IN REVIEW and Cyberwar

What Everyone Needs To Know

2006, a senior official in the Syrian government had a serious lapse in judgment. On a visit to London, he left his laptop computer in his hotel room and when he was out, Israeli Mossad agents snuck in and installed a Trojan horse program. This bit of cyberespionage quite IN possibly changed the course of events in the roiling Middle East. Now able to monitor his communications and scan Syrian air defense operators with false information, the data on the Syrian’s laptop, the Israelis scoured thus foiling any radar detection of their jets. What the hard drive and discovered a photograph of two well might have provoked a war in the region was met men, one Asian, one Arab, standing in the Syrian with silence by both sides. Rather than condemn the desert. The Mossad was able to identify the men action, the Syrians hurriedly cleaned up the rubble clearly: one was Chon Chibu, leader of the North and constructed another building to cover up what- Korean nuclear program, and the other was Ibrahim ever they had been doing. Othman, director of the Syrian atomic energy agency. According to a new book called Cybersecurity With that photo and other documents on the laptop and Cyberwar: What Everyone Needs to Know by that revealed construction plans and photos of a pipe P.W. SINGER and ALLAN FRIEDMAN, directors used for work on fissile material, the Israelis had clear at the Brookings Institution, Operation Orchard is evidence that the Syrians were secretly constructing a one example of the face of cyberwar in a world where facility at al Kibar to process plutonium, a key step in technology has changed nearly all the rules the development of a nuclear bomb. of engagement. Armed with this information, the Israelis launched The authors point out that this new type of war- “Operation Orchard.” On Sept. 6, 2007, seven Israeli fare “has much in common with war as it has always F-15I fighter jets flew into Syrian airspace in the been conducted. The computer used as a military dead of night. The jets dropped several bombs and weapon is just a tool.” But there is a major difference destroyed the Kibar nuclear reactor site and flew home between current cyberespionage and past intelligence to Israel without a shot being fired at the planes. The collection programs. Now, “computer network opera- Israelis, it turned out, had penetrated the Syrian mili- tions also allow aggressive actions inside the enemy’s tary’s computer networks and were able to “spoof” the communications once the shooting has begun. It’s the

THE KORN FERRY MARKET CAP 100 Despite the surge in interest, not all corporate boards have INSIGHT FROM a “digital director.” In our 2013 THE KORN FERRY study, 24% of the 100 largest U.S. INSTITUTE companies had no technology expert on their board.  www.kornferryinstitute.com

70 BRIEFINGS difference between reading the enemy’s radio signals read, and lucky for all of us, it is a good read, a well- and being able to seize control of the radio itself.” written and frighteningly clear primer that ought to Given the steady march of technology over the be required reading in every boardroom and military past three decades, among the most glaring ironies situation room. of this digitized world is the continued misun- Unfortunately, the digitization of society has left derstanding of cyberspace and cybersecurity. The a blind spot: we are nearly totally dependent on cy- authors quote Gen. Michael Hayden, a former CIA berspace for work, play, communications, safety and director, who said, “Rarely has something been so knowledge. But any mention of cybersecurity causes important and so talked about with most users’ eyes to glaze over. less and less clarity and less ap- How many of us bother to change parent understanding.” our passwords as often as the According to Singer and security experts recommend? Friedman, the Pentagon, for Everyone has experienced a example, has “issued at least 12 technology meltdown at some different definitions of what it point in their lives and most of thinks of as cyberspace.” Need- us have been attacked by nasty less to say, such confusion sets and confounding viruses that off alarm bells for a global en- spread like swine flu around vironment in which computers the world at super speed. At are so integral to every aspect those moments, we get a brief of the lives of every inhabitant and chilling idea of what a of the planet. Starting with the major, orchestrated cyberat- rash of hackers that emerged tack might mean. over the past 30 years to What Singer and wreak havoc with random, Friedman do so well is put targeted invasions of corpo- clarity around “the fog of rate, military and govern- war” that is cybersecurity ment computer systems, and cyberwar. Those bracing cybersecurity has long been a for a cyber-9/11 or cyber- major concern. Pearl Harbor are waiting for the wrong kind of attack. Yet despite this anxiety, the authors point out, The true nature of digital vulnerability in our world is there has been a growing lack of understanding of the far more subtle and sustained, “death by a thousand specific implications of cybersecurity and cyberwar, cuts” rather than a vast invasion that will knock out a dearth of knowledge and ideas that bodes ill for a an entire nation’s technology infrastructure. The world where technology is now the “critical infra- authors quote Dmitri Alperovitch, a threat researcher structure” of our lives. Putting up an effective battle at the antivirus software vendor McAfee. “I divide against those who see the invasion and corruption of the entire set of Fortune Globe 2000 firms into two these systems as their means to do widespread harm categories,” Alperovitch said, “those that know they’ve requires a strong, working knowledge of cyberspace. been compromised and those that don’t yet know.”  To this end, Singer and Friedman’s book is a must  www.cybersecuritybook.com

TEN COMMANDMENTS FOR CIOs LESSONS LEARNED FROM Korn Ferry spoke with 23 senior FIRST-TIME TECH CEOs IT executives from multiple sectors to find out what skills and Industry speed, media scrutiny and approaches their roles demand small margins for error ratchet up today. All agreed on two things: the intensity of leading a technology the job is changing quickly, and company. More than 20 tech CEOs few industries are doing a good share their insights for taking on the job developing IT talent. top job for the first time.

71 / 1900 Avenue of the Stars, Suite 2600 Suite AvenueStars, 1900 the / of Briefings Additional copies:Additional JOEL KURTZMAN [email protected] The Web’s Deeper Nature 90067 CA Angeles, Los

E’VE ALL HAD THIS HAPPEN. You’re searching the Internet

PARTING THOUGHTS PARTING for an important fact or news, when you inadvertently wander and W look at, say, a pair of designer shoes. Then, for the next several days,

every time you go online some digital device tries to sell you those shoes. It repeats its pitch—images and all—until those shoes are the last footwear on earth Circulation Customer Service: Service:CustomerCirculation Reprints: Advertising:LevynStacy you would ever buy. Then it repeats it again. Wherever you browse, you leave a set of telltale footprints deep enough for anyone with the interest to follow. TiffanySledzianowski Being pestered by shoe “sales bots” is and drugs and even hire hit men, mercenaries nothing compared to the breaches of privacy and enforcers. Fortunately, Silk Road was or assaults on security we hear so much shut down. Unfortunately, it has been re- about. Those lapses have real consequences. ported that other sites just like it, but better +1 (310) 556-8502 (310) +1 Early Internet developers and enthusiasts hidden, have sprung up. The same is true

were fond of referring to the Web as a “virtual with regard to sites that recruit terrorists and 556-8585 (310) +1 +1 (310) 226-6336 (310) +1 town hall,” “electronic commons” or “infor- share weapons-making techniques. There is a mation superhighway.” But the Web—like ev- whole other side to the Web, called the “deep erything human—is much more complicated. Web,” that you can only find by downloading It is a marketplace, a communica- special software, such as Tor, an anonymous In some ways, tions platform, an entertainment browser you can get for no charge. the Web destination, a place to get educated In some ways, the Web resembles one of resembles one and informed. It is a vast library those exotic, crime-ridden “casbahs” in old of those exotic, of knowledge and a hub where Hollywood movies. For most of us, the extent crime-ridden people can connect in a social way, of the Web’s naughtiness is pretty tame. But “casbahs” in and where they can connect in an for others the Internet is like Rick’s Cafe in old Hollywood antisocial way. It’s high technology Casablanca, where the “usual suspects” sell FSC PRINTED IN THE U.S.A. THE IN PRINTED movies. mixed with mayhem. forged “letters of transit,” launder money, manner.responsible environmentally and sustainable ® -

By adding those capabilities gamble, snitch on their “friends,” compul- fully a in inks soy-based and paper certified to our desktops, our homes, our tablets and sively eavesdrop, make off with the occasional phones, we have created a long list of poten- diamond ring and are once in a while moved tial conflicts and temptations. Some of those by the spirit of self-sacrifice and heroism. temptations are individual, others are com- The truth is, the Web is simply an mercial, and some are governmental. Some electronic extension of us, complex as we of those conflicts involve individual rights, are, with our hopes, fears, follies, diversions especially the right to remain anonymous. and darker excursions. Given that it is a

So far, it’s pretty clear many individuals, reflection of our nature—something we’re power, solar with organizations and governmental bodies have not about to change anytime soon—can we failed miserably at keeping these tempta- at least do away with all those constantly tions and conflicts in check. While the repeating ads that try to sell us whatever we

Web is filled with volumes of high-minded looked at last? They’re far too annoying.  discourse, philosophy and even religion, not © Copyright 2014, KornFerry Copyright2014, © ISSN to mention social criticism and insight, it is Joel Kurtzman 1 949 also rife with elements of humanity’s darker is author of the new nature. There is no zone of human behavior book Unleashing - 8365 that has not migrated into cyberspace. the Second American Century Silk Road was allegedly a site where visi-  kurtzmangroup.com tors could buy credit card numbers, weapons

72 BRIEFINGS KORN FERRY BRIEFINGS ON TALENT + LEADERSHIP