Hit the Reset button, not the Panic button
Imagine all the times in your life that you wished you had a Reset button–from tottering toddler, to whimsical teen, to the Millennials and adults of today - what would you have done differently? Resetting is the process of re-examining assumptions, reattributing noise and refocusing on change. Our ability to reset may be unique to primates such as ourselves – reset our mind, reset our approach, reset our relationships and reset our expectations. But, how often do we tap into this ability during the mayhem of our daily lives?
For Chief Security Officers, mayhem appears to be the flavor of each day. Because at the end of each day, they are responsible for answering the ubiquitous question “How secure are we?”
There are several courses of action that can be taken to answer this question:
1. Do nothing.
In the first case, astate of de-sensitivity where overwhelming amounts of information with no actionable intelligence leads to inaction. In the second, the same overwhelming amount of information with no actionable intelligence leads to paralysis by analysis. Neither outcome is preferred.
Is there a middle ground? Is there a way to distinguish between what to freak-out about and what not to? And more importantly, can this be built by design in the way we operate and embedded into our daily play books? Absolutely – and it starts by hitting the Reset button.
Reset your day by focusing on strategic outcomes. Whether it is examining roadblocks to your company’s shields being up, or building relationship with HR business partners to understand the politics, appetite and concerns of key stakeholders, drive towards outcomes that give you the ability to reset and realign your perspectives.
Reset your customer and partner relationships. Learn through your customer and partner concerns to connect to your business objectives, but also address their concern and educate them on risks they need to care about – let them know what they need to freak out about and what they don’t.
Reset your environment. Whether it is the latest threat of ransom ware that is plaguing your environment, or nation-state attacks, encourage your teams to think about how to build environments with an eye toward Reset by Design. This means identifying non-negotiable in your operations and single-points of failures, and creating environments that operate with agility. Then perhaps that threat of crypto ware can be quarantined and jettisoned, instead of negotiated with, because your environments can reset to remain operational.
Reset to re-energize your teams. From your exec teams, to operational teams, to teams under direct management, ensure that there is a sense of shared purpose and partnership so that they feel connected to the vision you have built.
Innovate. Innovation occurs at the Intersection of insight into multiple dimensions. For Cyber Security, that Intersection is risk management – the ability to identify, curate and connect threats in the environment to their impacts. When transparency in risks can be established between customer expectations and business objectives, risk-or more specifically risk management - becomes your language of choice to reset customer expectations with business objectives and vice versa.
Security threats are global, persistent, non-discriminating and lucrative. They can’t be ignored. But freaking out won’t help to minimize or eliminate them. My nine-year-old describes my job to his friends as a “simple” role making a big impact. It is very humbling to realize how he has distilled all the complexity with which I have described my job - and which he has observed at work - to a relatable definition. In his mind, he has hit the reset button. When it comes to managing cyber security, we’d all be wise to do the same.