If there’s nothing otherwise blocking something meaningful being done, prioritization
or procrastination could be reasons why.
Procrastination is always lurking even in the best cyber security
teams. Some teams more so than others. Weighing down the program. Inhibiting forward
progress. Hiding in disruptive work as an excuse.
I think of security commits as key to prioritization and kryptonite
for procrastination. With a laser sharp focus on sacrosanct delivery of
something meaningful and achievable on a regular basis across each team member,
you’ll create a drumbeat within your security program. And define some predictable
forward motion during that time period.
Each team member accountable for a single commit related to
their role and geared for their level. Each commit filling a key program gap. Something
that matters. Capabilities, governance, friction reduction.
A rhythm of continuous improvement.
A drumbeat that limits procrastination.
I like commits on a quarterly basis. But those take thought and
planning on the part of each security leader.
Each team member with three quarterly goals, one of which is
a commit. Never with accountability spread across multiple team members. Each
commit with two negotiations: the commit and the scope. Never a mandate because
the work needs to be both achievable and significant to the program. A mutual
agreement. An agreement by each employee on some important cyber security
outcome representing at least 6-10 weeks worth of meaty work. Capability building that allows for achievement
with unforeseen disruptive work.
Milestones of 25%, 50%, 75%, and “done” negotiated and defined
by the first week of the quarter. An agreement that a quarter is unsuccessful
if the commit is not done.
In the face of disruptive activities or unplanned work, goals
can be pared back. The commit stays as is.
There is no question where the priority
is, the commit.
Commits scaled by the number of team members and progress on
each reported upwards to the executive team weekly means a lot of forward
progress for the program, not a lot of time or wiggle room for procrastination.
With time, unplanned work can be prioritized against commits giving your
program some predictability. And unplanned work potentially minimized into future planned
work.
Then commits can become a habit.
And once commits become a habit, the program chugs forward
each quarter. With the other goals, perhaps faster than just the collective commits,
but never slower. Always forward.
Leaving that procrastination behind.
Follow me on Twitter for discussion and the latest blog
updates: @Opinionatedsec1. Or, start your own discussion using
#crazygoodcyberteams on twitter or Linkedin and I'll read it.
SEE ALSO
No comments:
Post a Comment