Author: Rex

Hi Folks,

One of our biggest challenges in the security field is proving our value.  This is the nature of a counterfactual – it’s really difficult to prove that something we did prevented something that didn’t happen.

The diagram below shows multiple precursors flowing along a timeline, eventually leading to a negative impact (i.e. a harm).  Interrupting those precursors stops the harm.  But interrupt the precursor too far in advance – before that squiggly line – and you’re not likely to get credit for saving the day.

Of course, before that squiggly line is exactly where you want to be preventing harm.  Waiting until the last minute to prevent a harm is risky.  There’s a whole host of security activities that are performed well in advance of the squiggly line – training, policy development, vulnerability scanning.  None of that is a last minute save, so none of those activities are likely to get direct credit for stopping the bad guys.

But we know better.  And, thankfully, many of our more astute colleagues and senior executives do, too.  They know that without all the effort we put in well before the squiggly line – all the controls, all the procedures, all the reporting and planning and assessments – any organization would be in a world of hurt.

So if you’re not on the “front lines” of security and you feel a bit disconnected from a heroic, last minute saving the day, that’s by design.  Because by doing what you do early enough, we’re stopping the bad guys before they even hit our radar screen.  Thanks for everything you do.

Rex

 

Thanks to Malcolm Sparrow for use of the above diagram from his book The Character of Harms.

Hi folks,

I’ve recently been exposed to behavioral economics – the intersection of economics and psychology.  It’s a huge and complex field of study, but one of the big take-aways for me is the need for simplification.  Two items for your consideration:

• The impact of complexity on customers:  The Free Application for Federal Student Aid form is 6 pages and over 100 questions – longer than the IRS Form 1040EZ (1 page, 37 questions).  Studies have shown that the complexity of the form dissuades people from applying for aid – disproportionately dissuading those in the most need.  And while other studies have shown that the form could be reduced the length of the form by 80% without eliminating any critical information, the form remains complex and customers continue to be poorly served.
• The impact of complexity on organizations:  Colin Chapman was the founder of Lotus, the legendary line of race and performance cars.  He’s perhaps best known for directing his engineers and designers to “simplify, then add lightness.”  Why?  “Adding power makes you faster on the straights. Subtracting weight makes you faster everywhere.”  This philosophy can easily be applied to us.  As we simplify ourselves – our processes, our teams, our approaches – the faster we’re able to complete/change/integrate them.

The simpler we keep things – our communications, our policies, ourselves – the better we serve our customers and the more agile we become.

Rex

Hi Folks,

U.S. President Eisenhower is known for a great many things – leading the Allies to victory over Germany in WWII, launching the interstate highway system, creating NASA and DARPA, fighting segregation and McCarthyism…   But one of his lesser-known impacts was the inspiration he provided to author Stephen Covey.

In 1954, quoting a university president, Eisenhower said “I have two kinds of problems: the urgent and the important. The urgent are not important, and the important are never urgent.”  At a high level, this described what became known as the Eisenhower Decision Principle – a means of organizing and prioritizing activities by the intersection of importance and urgency.

Covey, author of the business super-book 7 Habits of Highly Successful People, adopted this for the time management matrix he outlined in his book First Things First:

You want to handle each quadrant differently.

• Quadrant 1 needs immediate attention.  These are worthy of your attention and need to be addressed now.
• Quadrant 2 is for long-term strategizing.  This is where you want to focus most of your attention.  Like quadrant 1, these are worthy of your attention, but you have more time to address them in a considered manner.  Delay too long, however, and they’ll migrate towards quadrant 1.
• Quadrant 3 is for things that aren’t important, but for whatever reason you need to handle it right now.  Think TPS reports.
• Quadrant 4 is the Angry Birds quadrant.  There’s no real value other than taking a break from the other quadrants.  Don’t spend too much time here or you risk the other quadrants getting out of control.

I think one of the better visualizations I’ve seen for the grid is the following:

But perhaps the biggest challenge is accurately assessing the categorization of a task.  If everything is urgent, nothing is.

Hopefully this is familiar to all of you.  If not, it’s is a pretty useful tool for prioritizing your time.  We all have more on our plate than we can handle – things are going to drop off.  We just want to make sure we don’t drop the wrong things.

Rex