Tuesday, October 29, 2019

Busy As Misplaced Power In Cyber Programs


Cyber security programs have a strong dependency on other teams for execution to meet the cyber goals of the organization. Other teams also have dependencies on the cyber security team. A common response to requests from either side is “we are too busy.”




On the surface, the answer is clear that they can’t help because the measure of the current level of activity on the team exceeds their bandwidth for additional considerations. 


But, there has become a certain power in the response of always being too busy.

Perhaps, a misplaced application of power, but power nonetheless. 

So, in the absence of clearly defined priorities or a specific timelframe of high priority work, what other things might a team (even the cyber team) actually be saying? 


“We don’t want to arbitrarily say no, but, no”

“We don’t know how to do what you want”

“We don’t know how to prioritize”

“Our value is defined by our level of busy”


The last one is likely the most interesting because constant busy activity leads to constant firefighting which presents many opportunities for heroic actions.  Strange, but all too commonly true. 


So, when a team says no, whether a partner team or your own, it’s important as a cyber leader to engage and understand the clarity and communication of priorities, training, resourcing, and capabilities.


Lastly, a quick gut check may be in order to see if the team is finding too much value in their level of activity. So much value that they aren't doing the things they need to do to continually improve.


Being busy as a team is only valuable to a point. 


Follow me on Twitter for discussion and the latest blog updates: @Opinionatedsec1. Or, start your own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read it.


SEE ALSO







No comments:

Post a Comment