Managing in the Third Wave

In my experience, security managers aren't slow to catch on to a new term – in particular one that may help them to improve their career prospects. As such, I've asked several managers to explain their reasons behind asking the question of candidates at interview: "What is your application of management in the Third Wave?"

I was delighted to hear that there is indeed a consensus here – not always the case with many aspects of 'management speak' – for what is in effect a very real phenomena. Or, as one manager described it: "In today's mobile and connected world the Third Wave is more of a Tsunami than an ordinary wave". Apparently, a Tsunami is a tidal or 'killer' wave...

What is meant by the Third Wave?
My understanding of the term Third Wave is 'the revolution in how business competes on the basis of knowledge management through the use of technology'. And, from this rather simplified explanation, it can be seen that there are three themes that an interviewer will expect to be covered: knowledge management, technology and competition.

If you think back to the last time you surfed the World Wide Web, when you were maybe looking to book a holiday, you might well have stumbled across a slow or poorly constructed site that so enraged there's little or no chance of it ever receiving your attentions again.

Equally, anyone who has used a menu-driven telephone answering service, or telephoned a call centre with a bill query, will be familiar with the battle of consumer-versus-technology.

It's the drive to improve – or at least lessen the consumer rage – that best illustrates one of the technology aspects associated with the Third Wave. Do you tailor your services to meet the needs of your clients, or do you make the client fit in with your portfolio?

Another common example is to be found on company Intranets (or Extranets). These places are often loaded with useful information and procedural guidance, but finding exactly what you want is sometimes best achieved by opening the paper manual and looking it up on the index. However, managers are expected to know how to quantify a loss, or at the very least measure, evaluate and improve upon the technological issues.

Of more relevance to the practising security manager is the presence of many security breaches that have occurred over the Internet, resulting – in some cases, at least – in customers turning away from some companies (ie those who promote doubt about the security or privacy of the information the consumer supplies). This last point was amply demonstrated during the May Day riots, where the rights of individuals not to be filmed by CCTV cameras received more attention than the loss or damages suffered by firms left in the wake of the protestors' actions.

Every security manager knows full well to check the supply chain, but with increasing levels of data flow Third Wave managers now have such issues placed much nearer the top of their security agenda.

The birth of 'e-workers'
The security manager's knowledge of emerging technology is not confined to office-based workers and their concomitant issues.

Not only must security managers perform and improve the function of their own department through the use of technology (demonstrated by a knowledge of public verification testing and so on), so too they must understand and consider the risk and security a

According to a recent survey by the Institute of Employment Studies, by 2010 there will be 27 million home-based 'e-workers' engaged within the European Union. Loosely, these e-workers are classified as: telehomeworkers (those mainly based at home but linked to work via the telephone), multi-colocation e-workers (the office nomads who have no permanent base and represent the highest growing sector), e-lancers (self-employed workers who supply business services) and the e-enabled self-employed (those who supply services other than business services).

Each of these categories has its own attendant set of security or loss prevention issues. Ultimately, this can mean only one thing ... Not only must security managers perform and improve upon the function of their own department through the use of technology (demonstrated by a knowledge of public verification testing and so on), so too they must understand and consider the risk and security aspects of e-worker groups. Some SMT readers may notice that, historically, these technical issues have always been the bread and butter of the IT security department and not the domain of any other specialist. The key decider here is found in the expression "knowledge management" (used in my original description of the Third Wave, you'll note).

To the majority of employees, knowledge management only comes to their attention when someone leaves the company and the new face asks: "How many sugars do you take?" Most security managers will have experienced this when trying to gain access to a file secured or locked by a previous employee. However, supporters of the Third Wave are more concerned about using technology to pool and share their knowledge.

Instant access to data by those who need it (in particular clients) is crucial as technology is used to share knowledge in an attempt to woo and retain customers. As such, those security managers used to working in a veil of secrecy will face the challenge of opening up some of their data and working practices to the wider "communities of practice" (the term often used for those sharing knowledge).

Others may well view this as an opportunity to factor into the shared technology a model that will predict or reduce losses.

Renewal rather than change
While much of this change may appear to be simple, many managers who survived the change culture of the 1990s will know that significant change is a painful process made fraught by the unexpected. Theorists of Third Wave recognise this and refer to the transformation as renewal, rather than change or retrenchment. As such, project planning skills – ie concept through to divestment – become an essential rather than desirable trait.