The Economist Executive Education Navigator, Author at Real Leaders

It’s been a winding road from anthropology undergraduate studies to leading a sales and marketing team for one of the world’s most recognized brands. Yet it’s a journey that Lourdes (“Lou”) Ebra Grill has savoured every step of the way. Grill, Vice President for Strategic Partnership Marketing at The Coca-Cola Company, has invested the past 20 years building a career that weaves together her expertise in anthropology, marketing and finance.

Educational roots

While pursuing an undergraduate degree in anthropology at Duke University, Grill also had an opportunity to take a graduate marketing course through the Fuqua School of Business, and it was there that a second passion was ignited: Grill pursued her MBA in Marketing and Finance from the University of Georgia.

Career path

After graduation, Grill’s journey led to Federal Express where she spent eight years, ultimately climbing to the position of Financial Advisor. Opportunities were better for her in the finance field at the time, but Grill calls marketing her “first love”. She had a dream of working in marketing for Coca-Cola in their Atlanta headquarters. So when the opportunity to join the company in a finance role came, she seized it. Over the next 10 years, Grill enjoyed a series of ever-increasing responsibilities in a variety of roles: financial, legal, marketing and sales. In 2008 she moved into the role of Director of Business Affairs, which Grill calls a combination of “finance and legal in support of brands” that reconnected her back to marketing.

In 2012, Grill became the Vice President of Strategic Partnership Marketing. In her current role, she leads a team of sales and marketing professionals who have strategic partnerships with organizations in realms such as cinema, lodging, theme park and airline business. The move was a perfect next step on her journey. Her current role, says Grill, is “where I saw a place at Coke that would let me combine my love of marketing, team leadership, customer relationships, and have this foundation of financial acumen that I worked on all of these years of my career.”

Pursuing executive education as a leader

Now her journey of leadership growth continues. Coca-Cola has a long history of providing professional development both internally through training programmes and job rotation assignments, as well as encouraging executives to seek education outside of the company walls. Last December, Grill attended Notre Dame’s Executive Integral Leadership programme through the University’s Mendoza College of Business. She chose the programme because of its emphasis on providing education for the “whole” leader—with topics that range from creating vision, leading authentically, developing business acumen and promoting a healthy mind, body and spirit. “If I am going to deliver value to Coca‑Cola and our customers,” says Grill, “then I have to bring my whole self to this role.” She believes that is precisely what the EIL executive-education programme delivered.

Grill found the week-long programme rewarding and counts herself as a “resounding advocate” of the wide variety of teaching methods used, listing a detailed 360-degree feedback process and private feedback session with an executive coach as highlights. In-depth discussion with fellow participants was another plus. As part of the course pre-work, participants were asked to bring a business challenge with them for discussion. These conversations gave Grill “a yardstick for how I was looking at my own leadership and my own business challenge. It was very powerful.” The course facilitators gave participants “a framework that allowed us to safely challenge each other on underlying issues or fundamentals of our business challenges.”

Grill came away from her off-site executive-education experience with a renewed focus on how to tackle the challenges of her current role. She also credits the programme with helping her articulate her leadership vision—with her team, peers and customers. And what’s the payoff for Coca-Cola as an organization? Grill sees definite benefits for her employer. “Coca-Cola has a clear mission and vision. It’s critical that we [as leaders] have an ability to bring our team along on that vision and have clarity of purpose.” Even more important, says Grill, is to do so with authenticity, “because that’s what resonates with teams and with the people you interact with.” Moreover, the Executive Integrated Leader programme prepared Grill for the next step on her journey. “Spending time [away from work] helped me think about how I can uniquely help bring the vision to fruition for Coke in roles of increasing responsibility and accountability. In that way, [the EIL programme] has prepared me to lead at a more strategic level.”

Jennifer V. Miller is a freelance writer covering leadership in the workplace. She writes the award-winning blog The People Equation.

Organisational leaders have a growing stack of priorities on their desks. Now among them is information security, which until relatively recently, was a responsibility delegated to IT departments.

That began to change in May 2014 when Target’s CEO Gregg Steinhafel resigned in the aftermath of a data breach that exposed the credit card and personal details of 110 million customers of the mega-retailer. The scale of the breach was unprecedented and cost the company at least $252 million. It was the first time a high-profile corporate leader had been ousted for failing to act promptly after a cyberattack. “Suddenly, business people took notice,” says Dr. Dale Meyerrose, president of The MeyerRose Group and lecturer at Carnegie Mellon University’s Institute for Software Research, where he directs the Cybersecurity Leadership (CSL) Certificate programme.

The number of breaches is actually declining each year in many industries, according to Meyerrose, but the number of records compromised in each attack is growing, mainly because hackers are becoming more selective in their targets. The threat of significant damage to an organisation’s brand and its finances is forcing cybersecurity onto the C-suite agenda. Executives stepping up to lead on this issue should start by following these five steps:

1. Realise it’s not a technical problem

Most organisations approach information security from a technical perspective. But this is the wrong strategy, argues Meyerrose. The primary threat is human behavior – the vast majority of data breaches originate with employees, former employees or service providers giving access to hackers, wittingly or unwittingly. In the case of the Sony breach in 2014, for instance, employees allegedly let hackers into the building where they stole the system password. Target’s system was penetrated via a multi-step campaign that started with hackers gaining access to a Target vendor’s account by way of a deceptive email.

Companies need to conduct employee training regularly and meaningfully, addressing topics like social engineering and how behavior can leave the door open to infiltration.

2. Hire the right experts at the right level

Although the number of Chief Information Security Officers (CISO) is growing, many of them still report to the CIO or a chief security officer. They are usually technical experts who are hired for these skills, explains Meyerrose. But organisation leaders and boards are slowly realizing that the ideal CISO also needs to understand the business in order to assess risk factors and explain data in a compelling, understandable way to a non-tech audience. Moreover, they need to be positioned at the right level, ideally that of a senior business manager who has direct access to the C-suite and can affect enterprise-wide changes.

3. Pick an architecture and apply it well

Research shows that over 90 percent of businesses have an information security risk framework in place, but compliance with minimum criteria does not necessarily mean secure. There are numerous standards, many of which are industry-specific. Meyerrose stresses, however, that the type of architecture is not as important as picking one and applying it in a systematic way: “any framework gives you structure, runs you through processes and forces you to answer questions.” Security rests on the architecture being implemented completely and being built on logic and economic principles.

4. View cybersecurity as insurance

Since most companies still consider information security a technical risk to be managed as an IT function, they view it as a cost centre. Yet a good cybersecurity programme insures an organisation against the enormous losses that a hack attack can cause, says Meyerrose. As such, it deserves adequate investment and prioritisation. Cybersecurity insurance is a fast-growing area of the insurance market, and many organisations now purchase coverage. Still, building strong security safeguards remains the best policy, adds Meyerrose.

5. Prioritise threat assessment

Big data analytics are increasingly used to identify information security threats. Meyerrose believes the emphasis should be on profiling the company’s own activity since most breaches originate on the inside. This means each company needs to do data analysis on itself and its “eco-environment”, including partners, customers and vendors. When an organisation carefully profiles its activities and authorised users, it can more easily detect anomalies that red-flag intrusions. It’s also useful to do analyses on the industry and global trends to predict risks.

Meyerrose’s cybersecurity courses at Carnegie Mellon cover three areas: leadership of cyber-enabled organisations, understanding the fundamentals of cybersecurity (e.g., insider threats, cloud computing, big data analytics), and examining cybersecurity from a management standpoint versus a technical one. This kind of training might become standard for all leaders who want to guide their organisations well in the 21st century.

By Kate Rodriguez. The original story appeared on The Economist Executive Education Navigator