Is it time to change the way we think about work - life balance? I’m not sure, but I’ve become more open-minded on this issue. Allow me to explain.

Last week, I was speaking at an ISACA Detroit meeting, and an interesting debate came up at dinner. This conversation ensued after my presentation on: Why Security Professionals Fail – And Pragmatic Solutions to Help Succeed. The fun, yet challenging, discussion revolved around strategies for dealing with career burnout.

One person at the table said something to the effect, “We’ve stopped trying to promote work-life balance at my (private sector) company. We now encourage “career-life fit.”

My response was: “Huh? What’s the difference?” Little did I know, I just opened up “Pandora’s Box.”

It turns out that there is quite a bit of difference, and the potential need for change comes from work situations such as:

-          Emergencies: when you need to work long hours for many days in a row? (For example: malware outbreaks, emergency management incidents, etc.)

-          Education: you go for that graduate degree or special certification to get ahead.

-          Career path choices: dealing with seasons in your career when you need to work long hours for extended periods (for example: doctor’s going through internship.)    

-          Promotional considerations: you “go the extra mile” in your office to gain a positive edge on the competition.

-          Seasonal changes that meet your life needs. (For example, you are very busy working long hours for part of the year like tax season, to gain fewer hours in other seasons.)

-          Job changes: your new job requires you to always carry a pager – but you like the extra ‘on call’ pay and/or overtime pay when you are called in.

There are plenty of other examples and situations that don’t reflect “balance” of time at home and work. What is fairly obvious is that all of us go through various seasons of our lives and have different needs. In addition, different employees have very different views on what gives them satisfaction and enjoyment in life. 

New Name - Or Not?

There is a formal movement to change the way we think about these topics. This article on Work-Life Balance vs. Work-Life Fitness  explains some of the questions to ask in this different work/life fitness approach.

 “To achieve work/life fitness, consider the things that you need to do and the things you want to do. What are your professional goals? Do you want to get married and have kids? Do you want to travel? If you have an important deadline coming up or are striving for a promotion, then you may find work/life fitness despite devoting more time to work. Remember, the ratio of work to life that you can take on while maintaining work-life fitness may shift as you progress into different life phases.”

This dialogue also brings up another question: What about the difference needs of men and women? An article from Forbes entitled: Real Men Don't Need Work Life Balance, addresses this question:

“In organizations, while it is acceptable for women to demand flexible work or plan their maternity leave, men seeking similar arrangements or paternity leave is still rare. When it comes to gender neutral programs, such as job sharing, men experience a higher level stigma in the use of such arrangements. Research shows that 48% of men felt that using the arrangements was not a real option. So creation of policy does not equal its utilization.”

How relevant is this topic to the 2013 workforce? Very important! In fact, this issue is often listed as more important than pay to most employees. The Glass Hammer went further with this discussion, while moving to new terms that address employee “fit” within their organizational needs for everyone.  

“Women were more likely than men to cite work life fit as their reason for staying with their employer – but both ranked it as the highest reason (72 percent of women compared with 62 percent of men). In fact, women and men prioritized similarly when it came to why they stayed in their jobs on the next most popular reasons as well: benefits (61 percent of women and 59 percent of men) and money (57 percent of women and 62 percent of men).

But, what may surprise you is that people without children were more likely than people with children to cite work life fit as a key reason for staying in their jobs (67 percent compared to 65 percent).”

What’s The Answer?

So where is this trend heading? How do we deal with unequal scales for men and women or for parents and singles? The New York Times ran this piece that recommended moving away from questions about “where you are going” and to “how will I get my work done” discussions with your boss.

I also think that most of the government employees that I know, who are in either security or technology professional fields, take this work/life issue very seriously. They value their family time and they sacrifice higher pay in the private sector for a government jobs that may better meet their personal situations and commitments.

Still, the new millennial generation is now demanding this same level of attention to work-life fit in both the public and private sectors. I expect that topic will become even more heated over time.

So What Is Work - Life Balance Called Going Forward?

Back to that dinner conversation, and I was beginning to understand the new way of thinking after about fifteen minutes of discussion. That night, I went home and did some research. I found this article which offers Work-Life Balance - By Any Other Name. Here’s an excerpt:

“When a 2008 Sloan Network poll asked readers to choose their favorite term, 46% preferred "work-life balance." Twenty-five percent picked "work-life integration," and 8% liked "work-life juggle" best.

But alternatives have sprouted up everywhere: Cali Williams Yost, author and work-life consultant, promotes "work-life fit"; Cathy Benko, former chief talent officer at Deloitte, opts for the similar term "career-life fit;" Catalyst, a research organization working for the advancement of women, advocates for "work-life effectiveness;" Jodie Benveniste, director of Parent Wellbeing and author, created the phrase "work family flow;" and Paul Nyhan, Seattle Post-Intelligencer family reporter, favors "work-family rhythm."

We each have an important set of metrics in our heads, and we are keeping score. We have an unseen (virtual) time clock that we’re punching. We want fair treatment. We want a boss and coworkers who understand. And we want the flexibility to change our minds, given different life situations and work roles.

I hope your management agrees – no matter what you call it.

Just when I thought I was turning the corner on Internet security awareness & cyber safety, along comes an eye-opening situation that hits so close to home that I am forced to rethink the road ahead - again.

The key questions that I’m reassessing as we head into 2013: Am I saying the right things about cybersecurity? Are the most important messages getting through? Are people (even the ones who know and like us) hearing what we say? Am I genuinely listening to them – first? Allow me to explain with a personal story.   

My daughter Katherine and my wife Priscilla received new smartphones as gifts over the past few months. Without a doubt, they both love their new white, light-weight iPhone 5s. They had seemingly never-ending holiday conversations about their new devices - with Katherine showing her mom all of the wonderful features, functions and helpful apps. But that conversation is for another day.

This tale is about mobile device security – or lack thereof.

It all started when Katherine was in our kitchen trying to help her friend Carli with her new iPhone 5 that she also got for Christmas. Carli’s WiFi was not working properly.

(Note: Katherine has unofficially become the resident “expert” because she received her while iPhone 5 back in November as a birthday present.) She now knows everything there is to know about smartphones - kinda.

Katherine to Carli: “You turned off the 4-digit security PIN that I configured for you!”

(Dad, who was in an adjacent room, suddenly became interested in this unexpected security conversation and puts the magazine down.)

Carli to Katherine:  “The screen lock is such a pain. And if I lose my iPhone, whoever finds it won’t be able to call me and return it.”

Katherine to Carli: “Yes, they can. There’s an app to find it. I showed you….”

Carli to Katherine: “But…, Mrs. Lohrmann, help – you told me you haven’t enabled a PIN for your iPhone either…. ”

Priscilla to Carli and Katherine: “You’re right. I haven’t enabled the PIN…. Yet. I’m not sure if it’s really needed or not. But don’t tell your dad, I’m still deciding….”

(Dad – who is listening in the other room – now enters the kitchen….)

Dad to all: “What did you just say?”

I’ll stop the rewind of this conversation at this point. I can tell you that, although everyone was in a good mood, laughing and polite, the “passionate discussion” continued for the next 10-minutes before Katherine and Carli were late and headed out the door. We all decided to continue the dialogue “later.”

But over the past week, I’ve been thinking quite a bit about that holiday interaction. My guess is that most readers can probably relate to a similar situation in their lives at either home or work.

After that conversation, I’ve started to reconsidered the effectiveness of what I personally say to family members about personal online security as well as what our enterprise messages are working (or not) for state employees.

Not that we haven’t been through this discussion before. Priscilla and I talk about online safety quite often as it relates to our children. We agree on the vast majority of steps we take with security on PCs, Internet access controls and filtering. It’s just that the conversation and examples keeps changing as technology evolves and the kids get older.  

And my thoughts often move towards work, where the same concerns and questions apply. Yes, we’ve already reinvented awareness training for employees in the past year to focus on the new online challenges and mobile situations. We did listen to employees and heard that the old training was out of date, boring and irrelevant. But now I’m worried that we’re still not doing enough. Or, perhaps, we’re falling behind in our messaging – again.

Christmas Presents Showing Up at Work

It’s that time of year when technology Christmas presents start showing up at the office. With the advent of BYOD, telework, and mobile computing, our enterprises must once again pass the test of new “stuff” show showing up all over the place. This means our infrastructure and security teams rebuild architectures to ensure enough available Internet bandwidth and having hotspots to handle the load.

Meanwhile, we must think through, again, how staff will access data, keep personal information private and a host of other topics. Once we figure out what the IT organization will do and what the employees will do, we communicate with staff.

What Do We Do – and Say?

In response, we offer revised policies, compliance regulations, new awareness training and new approaches like testing whether employees click on bad links. Every little bit helps, but can we do more?

Stacy Collett, a writer for Computerworld, recently wrote an excellent piece with five techniques on: How to talk security so people will listen (and comply!) Here’s an excerpt:

“To be sure, employees are not involved in every type of corporate security breach (see Top 10 threat action types), but user behavior and non-compliance are implicated in many, including mobile malware, social network schemes and advanced target attacks. These are increasingly aimed not at CEOs and senior staffers, but at people in other job functions such as sales, HR, administration and media/public relations, as criminals try for ‘lower-hanging fruit,’ the Symantec report says.

 Against such an onslaught, the stereotypical wall poster of security tips hanging in the breakroom is useless, says Julie Peeler, foundation director at the International Information Systems Security Certification Consortium -- also known as (ISC)² -- a global, non-profit organization that educates and certifies information security professionals. ‘Security training is not a one-time event. It has to be integrated throughout the entire organization, and it has to come from the top,’ she says.”

Veteran security pros will, of course, agree with Julie Peeler. For decades, we’ve been saying that good security encompasses everyone, everywhere, all the time. You never know where the next threat or incident or major attack is coming from.

So how do I plan to address this - today? My gut tells me that I need to start by looking in the mirror. Lead by my example. So what are my 2013 security resolutions?

-          To keep watching and analyzing our state government culture

-          To learn the new ways our people are using technology

-          To listen to the business more

-          To keep refining the security and privacy messages we are delivering to employees

-          To help people understand the impact of their actions

-          To offer enabling security that truly helps

Back at home, my daughter Katherine has enabled complex security on her smartphone. She’s become an ambassador to her friends and an ally in marketing key personal security messages.

Meanwhile, my wife Priscilla has agreed to hear again what Apple recommends for security, to discuss available options for her iPhone 5 and to do what’s best.

 And I’ve agreed to listen - first.