Eliminate distractions. Create Energy. Fear Nothing. Attack Everything.
The presenter who spoke before me this week at the Rackspace kickoff was Coach Dan McCarney, a former Division 1 US college football coach, and he talked about the lessons he learned while leading winning teams in the challenging (and always changing) world of college football. It was a solid presentation, and there was one area that stuck with me as particularly relevant to our challenges in security.
Coach McCarney was talking about how he instilled the right approach in his coaches and players as they look forward to the next opponent, the next game, even the next play. He told them to focus on four things: Eliminate distractions, create energy, fear nothing, attack everything. As I stepped up on stage as he finished, I was thinking about how this could apply to our daily security battles. Here’s my take:
1. Eliminate Distraction
Security is nothing if not noisy, contentious, and occasionally chaotic. Create your plans, establish your feedback loops, watch for changes, but don’t be distracted by random events or shiny new products. Stay focused!
2. Create Energy
There is too much defeatism in security, the result of years of investment and effort that never seems to be enough. Apathy follows. We know we can be better, and when we map our goals to the goals of the business, positive results and energy follow. Create the narratives and the objectives that engage and energize your teams and partners.
3. Fear Nothing
Security teams are too often an afterthought, a second-tier player at the strategy table. We change that when we arrive at discussions armed with recommendations and rationales that speak in the same language as other business priorities: risk management, cost savings, and growth. Don’t be afraid to learn the business and make your voice heard at the adults’ table.
4. Attack Everything
Ok, so in security there are far more targets than we can productively address, but we should consider security from all perspectives before we make our plans. Think beyond the usual security controls and implementations to innovative ways that you can apply your own creativity and knowledge of security to create a secure environment that is tailored and meaningful just for you.
It’s an aggressive approach that’s a contrast to our traditional defensive security mindsets, but I think these are ideas that can help us to be more proactive, more dynamic, and better defenders of the companies we’re looking to protect.