Monday, October 21, 2019

Mentoring Improvement In Cyber Programs

Improvement is a great concept but can be a strange thing in reality. Improvement can be ill defined and poorly executed making it difficult for executives to understand, resource, or acknowledge. But, improvement initiatives that are well planned with agreed upon goals and solid execution towards those goals can be a beautiful tool in any cyber security practitioner’s bag of tricks. 

What is a solid process that can be used by cyber professionals to improve their improvement skills? Let's walk through one.

First you have to be able to measure or describe the current state of whatever needs improvement. Think of this as your starting measurement. It’s hard to say that things have improved without being able to describe where you started. 

Is it a time based improvement? Alert quality? Top line score against a standardized assessment? 

Something else?

Once you find the right measurement(s) to describe your starting point, you’ll need to gain buy-in on the measurement from decision makers to ensure that they agree on the measurement. If you aren’t measuring something in a way that is important to decision makers or executive, you may recognize improvement but they perhaps won’t. 

Improvements that aren't well understood by others aren't generally recognized as improvements.

Next, you’ll have to define what’s good (or acceptable) and what’s great based on those measurements. 

You are almost there. 

The hardest part is deciding what needs to change that will move your measurement to a more acceptable state. I call these “levers to pull”. 

Are there improvements to existing process?  Do you need new process? Do you need to improve engagement with an external team? Do you need to add instrumentation? Remove some obstacles?

Now that you know current state, what’s good, what’s great, and the levers to pull that will move the needle, you’ll need to establish a goal for improvement. The goal will be how you know that you’ve improved enough.   

A goal that will have the following two components:

  • The desired measurement that you want to achieve
  • The timeframe in which you plan to achieve the above desired measurement

You need to plan and decide if additional resources or cooperation from other teams are required to meet your goal. I like to also have a less ambitious goal in my back pocket that can be met without additional resources.  It’s not just a fall back, it’s also an indicator of impact if resources aren’t approved. 

Lastly, you'll need to execute and measure your progress towards execution.  

Once you've met your goal, circle back around with the execs and decision makers to remind them how the improvements now provide benefit to your cyber security program. 

Better, faster, higher quality, whatever.  

Success breeds success. This may make them more inclined to support you on your next improvement project.

As you can see, improvement just doesn’t happen. You need a plan, measurements, and perhaps extra resources.  You also can’t convince execs that something has improved if you don’t know where you started. 

Now, go out there and start improving your programs! 

Follow me on Twitter for discussion and the latest blog updates: @Opinionatedsec1. Or, start your own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read it.


No comments:

Post a Comment