Think that you have a hard time of managing cyber security
expectations and change? Compare your change to the change that became Patch
Tuesday.
Love Patch Tuesday or hate it, I worked at Big Software Company™ before Patch Tuesday was a
“thing”. Prior to Patch Tuesday, patches had to be released as quickly as
possible. Large customers that paid large support had thi expectation and,
worse yet, there was a great deal of internal pressure to release.
The result was a whiplash of patches released on any night
of the week including Friday and Saturday and patching teams having to work
whatever hours were required to patch systems. Change was needed and no one recognized the need for change. It was just what it was.
I ran a high profile product
team for four years and, the Sunday before thanksgiving, we generally had an egregious
security defect reported. We’d spin up the team to release a patch before
Thanksgiving so the team could get some time off. After the first year, it
became clear that the reporter wa generally holding a second defect in their
back pocket to report just after the release of the Wednesday patch. That would
require calling the team back in.
And then came Patch Tuesday. Our customers didn’t think that
it would. Heck, I didn’t think it would
work.
But, now, the industry and executives would be hard to imagine a different cadence.That’s
managing change effectively.
So, if you think that any change is too big, compare it to
Patch Tuesday.
I’d guess that your change pales in comparison.
Follow me on Twitter
for discussion and the latest blog updates: @Opinionatedsec1. Or, start your
own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read
it.
SEE ALSO
No comments:
Post a Comment