How $3,500 and a Box of Donuts Sparked AI Innovation on My Team

cybersecurityleadership
Written By Steven Asifo

A few months ago, I gave my team a cash bonus. Not to deploy AI, not to write a policy about it, but to play around with AI and see what problems it could actually solve.

It cost me about $3,500.
It was the best $3,500 I’ve ever spent as a people leader.

Because here’s what I learned:
If you want your team to innovate, reward curiosity. Not compliance.

Illustration of colorful donuts surrounding smartphones displaying AI dashboards, representing creativity and collaboration during the “Donuts & Demos” event.

The image represents the “Donuts & Demos” event. A team innovation event encouraging employees to experiment with AI solutions in a fun, collaborative way. The composition combines sweetness and technology to symbolize curiosity, creativity, and hands-on learning.

The Challenge: Cybersecurity Meets the AI Gold Rush

Like most organizations right now, ours is moving fast to test and deploy AI tools that improve how we work and serve our customers.

And as a cybersecurity team, we’re a key player in that journey. We help evaluate tools, assess risks, and make sure user data stays protected.

But that also means we’re often the ones slowing things down.
The business says, “Let’s use this new AI thing!”
And we say, “Cool… but do they meet our data protection standards?”

That tension is natural. It’s our job. But over time, I realized something uncomfortable:
We sometimes tend to act as gatekeepers of innovation rather than participants in it.

So I asked myself a question:

“Do we, as a cybersecurity team, have any skin in the AI game?”

Were we experimenting with these tools ourselves?

Were we going through the same AI security reviews?
Or were we just reviewing other people’s ideas from a safe distance?

The Idea: Donuts, Demos, and a Little Bit of Cash

I wanted to flip the script. Make AI learning something people wanted to do, not had to do. I borrowed an idea from PromptOrGTFO, a platform that focuses on AI practical security conversations centered on sharing actual stuff.

So I launched a two-week experiment called Donuts & Demos. A virtual event.
Here was the deal:

  • Everyone on the team had two weeks to use our company’s approved AI tools to solve a personal or team pain point.

  • Each person got $30 to expense food from their restaurant of choice.

  • Then we’d all come together to demo what we built over a meal.

And to make it interesting, I added one more twist:

A peer-voted cash bonus for the top demos!

$1,000 for first place, smaller awards for second and third.

Now, $1,000 may not sound like much, but let’s be real…
When’s the last time someone paid you a grand to learn something new?

The Result: From Skepticism to Spark

Over those two weeks, I was nervous. Would people actually take it seriously?
Or would this be one of those “cute idea, boss” experiments that fades away quietly?

What happened blew me away.

Every single person on the team built something.
Not only that, but each demo was unique. Some automated reports. Others built agents to help manage workflows. One person built a small chatbot that answered risk assessment questions.

The $1000 best demo was awarded to an idea that would potentially give the time back ~18 to 30 hours per year. This would be time no longer spent on repetitive error-prone tasks, and allow the team to focus on deeper strategic work.

We laughed. We learned. We traded tips.

And somewhere between the donuts and the demos, something important happened:
We stopped being spectators of AI and started becoming participants.

The Cybersecurity GRC AI/Agent Solutions Presented

Grid of nine AI agent solutions created by a cybersecurity GRC team, each addressing a specific workflow challenge like vendor analysis, ticket summarization, and policy tracking.

Some of the creative AI agents our team built during Donuts & Demos.

The Payoff: Skin in the Game

For $3,500, here’s what we gained:

  • A team of cybersecurity professionals with hands-on experience building with AI. Not just reviewing it.

  • A list of real, actionable AI ideas to improve our team’s work.

  • A culture of learning that felt fun, not forced.

In short: we got skin in the game.

Because if cybersecurity wants to stay relevant in the AI era, we can’t just guard the gates.
We have to walk through them.

The Lesson

I think about this experiment as proof of a larger truth:
Curiosity and positive reinforcement builds innovation. Fear builds compliance.

When teams learn out of curiosity, they’re engaged.
When they learn out of fear, they’re just checking boxes.

And if there’s one thing AI has taught me so far, it’s this:
The future doesn’t belong to the people who build the best firewalls.
It belongs to the people willing to ask, “What if?”

Key Takeaway

Curiosity over compliance. Rewards over consequences. That’s the mindset shift I want to see more of. Not just in cybersecurity, but in every corner of work where learning feels more like a mandate than an adventure.

If you want the short version of this story, check out my LinkedIn post here.
And if you’ve read this far, maybe grab yourself a donut. (I’d offer to cover it, but I’m out of budget for this year. haha. Working on the next low-budget high-impact experiment.)




Steven Asifo
Next

Why Saying ‘GRC Isn’t Technical’ Is Wrong