4 minute read
Transposing consumer partnerships from the bedside to the client meeting
DANIELLE ROSENFELD-LOVELL
TRANSPOSING CONSUMER PARTNERSHIP FROM THE BEDSIDE TO THE CLIENT MEETING
by Danielle Rosenfeld-Lovell, Consultant Security Testing and Assurance at CyberCX
Long before the idea of a career in information security or technology occurred to me, I trained to be a nurse. I knew that the better informed I was, the safer and more effective would be the standard of care I could provide. So I took to intensely studying anatomy, pathophysiology and pharmacology.
I thought my understanding of diagnoses and of how various drugs should be used for best effect would be the most valuable things I could offer. So, when I began to practice, it came as something of a surprise to me that much of my time at work was consumed by learning the context of the patient and their family.
I started to routinely grapple with questions such as “What sort of social support does the patient have?” “Will my patient reasonably be able to commit to the treatment we are suggesting when they go home?” and “Am I speaking using words that my patient understands?” Increasingly, these questions became less speculation and more an essential part of the job if I wanted to deliver effective healthcare. Consideration of people’s preferences, needs, culture and the context of their lives underpins the philosophy of patient/family-centred care in nursing. So, I would like to share a few lessons learnt from the bedside that I think could be usefully adapted to consulting with stakeholders, especially our clients.
LESSON 1: THE FINE AND FINICKY ART OF ESTABLISHING RAPPORT QUICKLY
Very early in my nursing career I realised spending a little time at the beginning of each shift getting to know my patients and their family could contribute substantially to making the shift go more smoothly. Committing time to creating a meaningful relationship with patients (or consumers) can be challenging when you have a backlog of tasks to plough through. Nonetheless, I found it took very little time to ask a couple of questions about things I could observe in the room when I first introduced myself, like a favourite toy or a book a patient or family member was reading.
Depending on the situation, I might ask whether anything notable had happened that day (people find amazing ways to manage the boredom of being in hospital!) Whatever topic I chose, demonstrating genuine curiosity and buy-in, even if I had only a few minutes, could go a long way to establishing good rapport.
In a security context, making the effort to get to know a little more about a client and their business puts you in a much stronger position to work effectively with that client. Being curious might also give you access to important clues that can enable you to deliver more tailored and valuable security services.
LESSON 2: MAKING SURE EVERYONE IS ON THE SAME PAGE
A notable aspect of providing clinical care is that consumers might have an understanding of an intervention that is inconsistent with the clinician’s intent. For example, a patient might think I am giving them an antibiotic when I am, in fact, introducing a small amount of saline into their vein through a drip to make sure the drip can be used safely. If I am not explicit about what I am doing and do not provide an opportunity for questions and information-sharing, trust and consumer engagement with treatment can suffer.
In cybersecurity, you might assume that clients and stakeholders know why a security assessment of some kind is underway, but if you neglect to verify their goals you introduce the risk of delivering services that do not meet client expectations.
Any seasoned professional working in a complex and dynamic field will know there is tremendous variation in individuals’ literacy in a specialist domain. For cyber security professionals, we recognise that this extends to the immense differences in the maturity of the security posture of organisations we provide services to. Probing questions such as, “What’s your understanding of this issue?” or “What are you hoping to get out of this?” can help you get an accurate understanding of the client’s needs. You are then much more likely to identify any knowledge gaps that might be making communication more challenging.
LESSON 3: MANAGING EXPECTATIONS
PARTING THOUGHTS
While there are as many approaches to client-facing roles as people in them, I feel strongly there are some valuable takeaways from the healthcare industry that could be applied to information security consulting roles. Hopefully I have offered one or two ideas that might be useful for you. Finally, a crucial thing I took from my early career experience is that the people we serve stand to be our greatest allies, helping us produce something that has real merit. We are better off working together.
The term “managing expectations” has been done to death in corporate settings, but for good reason. Providing people with crucial information about what to expect and when to expect it can help them maintain a sense of control and limit the need for follow-up questions that could have been addressed at the outset. At the bedside this will often mean making a plan in direct discussion with the patient or their family which enables them to make choices such as when to see visitors or when to go for a short walk, if they are well enough.
In the information security context, managing expectations is more likely to mean giving an indicative timeframe for the delivery of a report, or establishing an agreed frequency for the delivery of progress reports on a project. In both situations, frontloading some of these discussions into your initial interactions with a client can save everyone time and avoid uncertainty.
www.linkedin.com/in/danielle-rosenfeld-lovell
