Capability building is not for the faint of heart.
There are plenty of distractions to building capabilities
within a cyber security program,. Wrong handholds. Places to fall. Almost too many.
Disruptive incidents that need response.
Operational tickets.
Security friction.
The big bet in capability building is that you are saying where you’ll be at the end of the effort. You’ll be “all in” until you conquer the project and reach the top. Hanging on the edge of a cliff without a safety rope.
All in that the cyber security program will advance a predictable distance. in a describable way. within a measurable time. With the quality that you need and the expectations that you initially set.
The chance of failure is high. It’s easier to stay with the capabilities
that you have. And just stay on the practice wall. With an entire cyber security on belay.
But, that's not you. At all.
Capability building means betting your reputation. But,
while the stakes are substantial, the payoff is high as well. Execs understand
capability building. Checklists. Timelines. Programs.
You’ll finally be speaking the same language as the execs.
So if you can reduce the disruptive incidents. And the
tickets. And the friction. For long enough to build new capabilities. Within
some reasonable timeframe. And hold to promises to the executive team.
You'll have new quarters with new capabilities. On plan. That move the cyber program forward.
Better yet, you’ll have new tools that further reduce the disruptive incidents.
And the tickets. And the friction.Those that let you build even more capabilities.
….and that alone is worth summoning the courage.
Follow me on Twitter for discussion and the latest blog
updates: @Opinionatedsec1. Start your own discussion using #crazygoodcyberteams
on twitter or Linkedin and I'll read it.
SEE ALSO
No comments:
Post a Comment