Security leaders have a bold vision. Leaders have a grand strategy. Leaders excite and engage people to get things done. Along the way, leaders make decisions.
This blog series is about making better decisions. IT security is a new discipline. But creativity and ingenuity are as old as humanity. Week by week, we’ll look to artisans, to architects, and to designers. We’ll uncover principles we can apply to lead and to design security capabilities.
Latest Design Article
Pilot with chaos. Cyber security is complex. The proverbial butterfly flapping its wings in Brazil producing tornado in the United States. Thankfully, we have chaos theory and security chaos engineering.
Cyber Security Design Principles:
- Set the vision
- Protect the organization
- Start with empathy: empathy is the heartbeat
- Explore complexity: premature simplification is bad security
- Define the security capability
- Develop the technology architecture
- Determine the security controls
- Don’t listen to all the music
- Find your own way without brainstorming or crowdsourcing
- Be ahead of the curve and ahead of the criminals
- Balance depth with economy of mechanism
- Shape the conversation with careful choices
- Start with minimum viable security
- Add details to make end-users happy: add some nice rims
- Identify improvements as security matures
- Good security has the aesthetics of a good coffee pot
- Plan the implementation and transition
- Take it one metaphor at a time
- Hand out Ray-Bans not safety goggles
- Plan to wear in, not wear out
- Plan to get lucky
- Execute a series of playful pilots to refine the plan
- Pilot with chaos
Finally: Here are some of my folksy sayings on cybersecurity leadership and design.