A little-known fact: Ray-Bans are safety goggles. You wouldn’t know it today. You can pay a couple hundred to buy these as sunglasses from Luxottica. How Ray-Bans went from practical to luxury is a story with a lesson for developing implementation plans.
Let’s start in 1929. Flying was so new that the US Air Force didn’t even exist yet. Planes were rough, flying was dangerous, and pilots were the heroes. Whether you could see clearly was a matter of life or death. US Army Air Corps Colonel John A. Macready worked with Bausch & Lomb to make a better pair of safety goggles. The resulting Ray-Bans protected against glare and wouldn’t fog up, saving lives, and were quickly adopted by the pilots when they reached production in the 1930s.
That might be the end of the story. But a curious thing happened. Pilots were cool. Pilots wore Ray-Bans. Movie stars wanted to also be the cool hero. Next thing you know? James Dean and Audrey Hepburn are wearing Ray-Bans in movies like Rebel Without a Cause (1955) and Breakfast at Tiffany’s (1961). The glamorous pilot and the glamorous celebrity came together in Top Gun (1986). Ray-Bans had entered the public consciousness as the fashionable look. When the luxury brand Luxottica bought them in 1999, strangely, not a single headline read: “Luxottica Buys Seventy-Year-Old Safety Goggles.”
When we design a security capability, the final step is planning the implementation and migration. Buried in that process is stakeholder management. Dusty and forgotten, stakeholder management doesn’t get a lot of attention. We design the safety goggles and we hand them out. Done. But to do so is to waste a powerful force for adoption. Who are the James Deans and Audrey Hepburns of our organization? Can we reach these influencers? They are crucial to getting our new security capability adopted. Get them on-board is good. Even better and even rarer, get them to use what we’re building as a status symbol.
I’ll leave you with a personal example. This story happened back when I was responsible for security at a money management firm. These were early days. Expensive stock trading applications had two-factor authentication. The vendor would ship a physical 2FA token as part of enrollment. Because it was expensive, only the top traders had accounts with these applications. James and Audrey carrying tokens conveyed their access, privilege, and social status. Sounds strange, but back in the day? 2FA tokens were cool.
Consider your stakeholder management and adoption plan. How involved and excited are James and Audrey? It spells the difference between passing out safety goggles and sharing Ray-Ban Aviators.
This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.