A conversation with Graydon McKee on protecting intellectual property and "keeping secrets secret"

Catalyst Conversations showcase the work, experience, and insights of inspiring professionals working to advance the security industry and those we serve

graydon

How do you protect the intellectual property of a company -- especially in manufacturing -- as it moves from groundbreaking idea to reality?

Graydon McKee

During our conversation, it was clear that his experience also informs how we can work in our organizations to "keep our secrets secret."

Addressing the challenge of protecting secrets across multiple countries, partners, and steps in the process requires "a multi-pronged effort that embraces the typical information security discipline we all know and love with physical security and a good dash of common sense and manufacturing know-how."

Graydon joked that it would be better to call it "supply chain secrecy." Maybe he's on to something.

Joking aside, he pointed out "to get people to pay attention to what I’m doing and to garner funding I need to actually drop all 'security speak' and focus on what is important to the business."

The aha moment for Graydon came early in his career. While working for a boss who answered every request with "NO -- now, what's the question?" Graydon experienced the combative and resistant side of security. When a health issue sidelined that manager, the new boss exhibited a totally different attitude.

As Graydon recounted, a woman from 'the business' came with a request. And she came loaded for bear. She was ready for a fight. While the meeting started with some tension, the new boss listened. He acknowledged the concerns of the business. He asked questions.

"When she was done with her “demands,” my new boss smiled and said something along the lines of 'Well we can certainly help you come up with a solution. Let me see if I understand your objective. What I heard you say was...'"

Then Graydon watched him redirect the conversation -- and the approach -- to provide a solution that ensured security and benefitted the business. Everyone walked away happy, and the relationships got stronger.

With that experience, Graydon realized the importance of people. By taking time to listen and ask questions about the business, he's successes are more than "keeping secrets secret," but also allows security to provide added value.

The challenge of protecting intellectual property is that it's hard to quantify the value of a secret. That makes it even harder to quantify the value of protecting the secret.

Some questions Graydon relies on to guide the discussion include:

  • How much does an intellectual property leak cost a company?
  • What if IP leaks and you don’t know about it until a competitor quickly catches up with you in the market?
  • What if some parts leak and are used to build counterfeit copies of your product? 
  • What if information leaks and your customers decide to buy a competing product based on this incomplete information? 

"There aren’t any actuary tables for incidents like this so tying the cost of implementing security measures to these real world examples is difficult." 

As a result, Graydon approaches the situations with an eye toward improving the business while adding security.

In a previous job, Graydon needed to find a way to protect the secrecy of a project that involved multiple vendors. More, it was a non-linear, iterative process with several quality control checks. The entire process easily took several days -- if everything went smoothly. In other words, this was a "nightmare from a security perspective where we needed to protect every piece."

The solution, however, holds insight for the rest of us.

Security partnered with the business and manufacturing teams to create an approach that relied on barcodes for each component, scanned at various points in the manufacturing process. As Graydon explained, "You can’t protect what you don’t know you have or where it is so this was our means to do that."

This allowed discrete control over each piece, down to the machine and the operator. While that level of granularity isn't necessary for security, it was a huge benefit to the business. They gained remarkable insight into their process, improved estimates, provided more effective preventative maintenance, and even figured out how to train operators better.

Security paved the way to increase business value. In the process, Graydon and his team were able to protect the intellectual property and ensure a successful launch.

This factors in to Graydon's approach to measuring success: "The benefit you gain is offset by the additional burden that is placed on the manufacturing process. In this case, we increased efficiency while reducing intellectual property leaks -- and loss."

Graydon attributes much of his success to a willingness to stop using security jargon and focus on learning the processes he's asked to secure/protect. Investing the time to learn the process -- and the language -- of the business and the partners builds the trust necessary to build and implement the right solution.

The Catalyst Questions

These are five questions asked during each conversation. The responses are as shared with me. 

1. What is your why?

I enjoy watching people get the “Aha” moment. When engaging in an exchange of ideas it is gratifying to see when people really connect. This is especially true when crossing cultural and language barriers.

At that point I know that I’ve truly engaged with someone and we can then begin to work on identifying a mutual solution to a shared problem.

2. What still requires translation to be successful?

As much as people try to say that they don’t use Fear, Uncertainly, and Doubt (FUD) to sell security they do so every day. They tend to try and convince their colleagues on the business side of the house that they need to pay attention to the issues we uncover because there is a risk that something bad could happen.

While bad things may happen, what we're actually doing is demanding our busy colleagues learn the language of security.

Now as much as we all think that is a good thing the fact of the matter is that the business we work for is in business to make money and I’ve yet to find a company that gets paid just because it is secure. This means that trying to communicate in any language other than the one used to make money for our company is not wise.

When talking with my business partners I often use the word secrecy. To many of our business colleagues the word “security” comes with baggage and often is associated with a hindrance they have experienced in the past.

We need to relearn security from the point of view of our business colleagues. We need to know the business as well or better. We have an advantage here because our scope is wider than that of your typical business component.

We can bring context to a situation and in doing so tie the issues we uncover back to the business. Not only that we need to show an added benefit that enhances the business – makes them move faster, be more flexible, be more knowledgeable.

3. What was your biggest failure? How did you recover? What did you learn from it?

My biggest failures come when I forget to communicate effectively. When I talked but didn’t listen. I didn’t exchange information but rather engaged in a one-way transmission of ideas that had everything to do with me and not my business partners.

The lesson that I learn from these failures is that no matter how much I know, no mater how much knowledge, experience, and wisdom I amass, I can always learn more. In order to do this I need to exchange ideas and most importantly listen and learn about the processes I’m asked to secure.

We need to understand the drivers and more importantly the challenges of business so that we help devise solutions that are not only more secure but that enable and push the business to move faster to react to ever changing markets. You don’t always get a second chance to recover from your mistakes. 

4. How do you prioritize and justify your efforts?

I ask questions and do my best to understand the manufacturing process and start from there. Then I figure out what provides the greatest impact with an eye on the big picture. Focus on anything that is new and different and potentially a game breaker.

Sometimes I find a key ally in the PR and Marketing departments. They are tasked with responding to the leaks in IP that occur as well as marketing products to customers. Getting an understanding of what would make their lives a nightmare helps to focus you when the scope is so broad that you need to prioritize.

5. Best piece of advice you ever got… and offer to others

Ask open-ended questions – listen and don’t analyze right away. Let people tell you their story. Don’t pretend to be the smartest guy in the room. And don’t jump the answer…

Connecting with Graydon McKee

Who are you, how do you describe what you do?

My name is Graydon McKee and I am in a bit of a unique role. My job is to “keep the secrets secret” as I like to put it.

Every year companies spend billions creating intellectual property to differentiate them in the marketplace. I help protect that intellectual property as it moves from creation on through its realization as a market differentiator.

I currently work in the consumer electronics space however the concepts and approaches I use can be used in any number of industries to accomplish the same goal – to keep the secrets secret.

Where and how do you work?

My typical day is much like anyone else’s. I battle emails and meetings but my aim is twofold. First I try to get a working understanding of the processes involved in the creation of intellectual property (currently a piece of consumer electronics) and then I engage the product teams on how we “keep the secrets secret.” 

These discussions end up with visits to the production factories to evaluate the physical, logical and functional protection mechanisms. In this capacity I’ve been fortunate enough to travel the world. From design studios in London, to tool manufacturers deep in the Black Forest of Germany, to factories located throughout Asia and finally to component suppliers located in the Brazilian Rain forest.   

Where can we connect with you?

The best way to reach me is via LinkedIn.http://www.linkedin.com/in/graydonmckee  

Copyright © 2013 IDG Communications, Inc.

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!