As we approach the end of the year, and are seriously thinking that adding rum to out-of-date egg nog is a good idea, it might be good to look back and review the lessons we learned from some bad decisions. We can only hope that someone will learn from them instead of repeating them (that\u2019s my Christmas wish, by the way).\u00a0\u00a0 So let\u2019s talk about the big takeaways.\n\nHiring a CEO from a different industry with little experience will end badly\n\nFrom Carly Fiorina to Marissa Mayer, the one big lesson we should finally get is that an inexperienced CEO who doesn\u2019t even come from the same technology area doesn\u2019t magically become successful if they are a minority.\u00a0\u00a0 I get that we don\u2019t have enough women in tech, I do, but sticking a woman in a job she can\u2019t succeed at is just as stupid as sticking a man in a job he can\u2019t succeed at. You don\u2019t get a pass because you were an equal opportunity screw up.\u00a0\u00a0\n\n\nSeriously, either pick an experienced CEO or pick someone that understands the industry, don\u2019t go for the trifecta of lack of experience in both and adding diversity for that little extra degree of difficulty.\u00a0\u00a0 We go through a lot of trouble to pick qualified people for far lower-paying less critical jobs, maybe we should do the same for the top spot? Then again we\u2019d likely miss all the drama.\n\n\n[ Related: 4 attributes that make a CEO successful -- What Fiorina and Trump can learn from SWOT -- Meg Whitman\u2019s 4-step guide to killing acquisitions ]\n\nBeing a public corporation is suicidal\n\nWe saw a number of companies go private over the last few years. Pretty much all are in far better shape now than they were when public. You\u2019d think that would give folks a tad more pause when it comes to going public in the first place. I get that this seems like easy money, but the massive cost of regulatory compliance plus having to deal with \u201cactivist investors\u201d who want to spike valuation at the cost of long-term survival isn\u2019t worth that benefit.\n\n\nBeing public seems to lead to just really stupid things, like breaking a company painstakingly built over decades apart, or spending the firm\u2019s cash reserves on dividends or stock buybacks.\u00a0\u00a0 Either resist the stupid stuff, Google and Facebook were structured to avoid this kind of foolish influence, or don\u2019t go public in the first place. Trading off a firm\u2019s future for a few points in temporary stock value isn\u2019t particularly brilliant.\n\nNot closely managing permissions\n\nFrom the Sony breach to Eric Snowden, we should get that permission management is a critical survival skill. The inability to effectively manage permissions cost the Sony pictures CEO her job and set U.S. diplomacy back more than the Trump candidacy has (though that\u2019s getting close to changing).\n\n\n[ Related: Awareness lessons from the Sony hack -- Intelligence Community Works to Get Beyond Snowden Stigma ] \n\n\nGiven the goal of most attacks is to gain access to our critical customer, intellectual property, financial or personal data, and that firms large and small and governments have been hit you\u2019d think everyone and their brother would have some form of robust permission\/access management service or product in place to protect aggressively against this kind of attack. But nope, this is still more of an exception than a rule even though a breach like this could cost a CEO his or her job. There aren\u2019t a lot of CIOs who survive getting their CEO fired.\n\n\n[ Related: How to stop the security breach tsunami ]\n\nPutting data acquisition before analysis\n\nOne of the most annoying things to watch this year was the San Bernardino attack post analysis. It turned out that much of what law enforcement needed to prevent the attack was on social media and not protected. Yet instead of focusing on doing more with what it legally has access to, the U.S. government focused on collecting more information. This, unfortunately, is far from uncommon because big data as a concept got well ahead of intelligent timely analysis.\n\n\n\t\t\t\t\n\t\n\n\t\t\t\n\t\t\t\t\n\nHere\u2019s a thought, before you spend massive amounts of money collecting more data, why not spend a little analyzing better what you already have? The group that collects the most data doesn\u2019t win, the group that makes the most informed decisions wins -- this is true for business as well as government. Most firms would be far more successful if they focused more on quality results and less on capturing more data.\n\nIoT is stupid\n\nHere is why we aren\u2019t secure enough and we are in a cyberwar. If you can\u2019t adequately secure what you currently have why the heck would you connect a whole bunch of critical systems to the Web? This just seems like we are asking for an apocalyptical end. Security needs to come first and yet, and we saw this with the Chrysler hack, we are still connecting things more effectively than we are securing them.\u00a0\u00a0\n\n\nCan you imagine what would happen if say a million self-driving cars successfully received the command to suddenly turn? We\u2019d be raining cars off the Golden Gate Bridge, 9\/11 would look almost insignificant by comparison. Rather than connecting stuff directly to the network maybe consider connecting them to a secure hub instead?\n\nRethink executive compensation\n\nFrom Golden Parachutes in the tens of millions to bumping someone up 10x or more in full compensation for a promotion it shouldn\u2019t have taken Martin Shkreli (the problematic now ex-CEO of Turing Pharmaceuticals) to point out that excessive compensation leads to stupid behavior. These mammoth sums of money become huge distractions and often lead to really bad behavior.\n\n\nThe CEO needs to be focused on running the firm, not distracted by his or her own massive compensation package. Giving a new untested CEO tens of millions of dollars just seems whacked.\n\nTime to stop repeating mistakes\n\nIt just seems we can look back at the last several years and watch the same mistakes made over and over again. Granted, the vast majority of us will have no control over any of this stuff, but many of us can pick and choose the firms we work for or contract with. Simply looking to see if the board and CEO are repetitively doing stupid stuff should be a natural test before we put our careers or major projects at risk with them.\n\n\nMaybe if we make better decisions with regard to who we work for or employ then boards will get the message.\u00a0\u00a0 But given these stupid things are company killers anyway I have little real hope that will happen, but at least we can protect ourselves better.