All too often, the world of cybersecurity, and for that matter, the entire world of technology in most companies mirrors the business world concerning the organizational structure and especially in creating those coveted silos.
Why is this important for those in the cyber profession? All too often the corporate world of silos, hierarchical structures where management is more concerned about what the CEO thinks, versus what is the greater good of the customer, and the entire organization which includes the CEO.
We create environments “keep off the grass” signs, and focus a good percentage of energy looking to whom to blame when things go wrong versus finding the root cause of the problem. No secret here, every problem has a cause. Our challenge today, especially in the world of cyber, is we are continually seeking out culpability. We need to focus on the cause.
You can’t fix a problem, remove a problem, or manage a problem unless you know its cause and its effect. Now we all have tried to improve the symptoms we find to no avail, and you can’t remove a problem by itself by merely addressing its effects. When your car is burning oil, just pouring STP into it will not fix the problem. As in cyber, you can’t set or remove the problem by merely addressing the effects you are experiencing.
When I was a CISO, my cyber guru would always say, ‘my problems would just go away if we didn’t have people.‘ If you want to manage better cyber, you will realize that firewalls, insurance policies, detection tools, net scalers, threat grids, etc., won’t help you in the long run. They do help in the immediate reality, but you soon realize they are no guarantee for prevention. It’s all about people, get it?
But you can reduce the risk of the problem by trying to eliminate the cause of the problem. But when we enter the blame game, and you know you are heading in that direction when you start hearing people say “We can’t solve these problems because you know the people in marketing and sales won’t pay attention, they will just say it is too complicated.” And how often have you heard “if George and Meredith are in the meeting all they will do is ask stupid questions, and we will get nowhere.” or my favorite “you know those EVP’s and SVP’s are too old and set in their ways to learn something new.”
We surrender the solution to accept the blame game, and we know we will eventually become victims of the game. We create real solutions when we rise above the fray, and work towards innovation, education, and collaboration with others to find the cause or prevent cause instead of symptoms.
Stop heaping ‘guilt’ on people because all that does is make them feel guilty, and then there is no motivation to become part of the solution. Think of all those errors we all create as people, think of them as an investment in those people if we focus on the role education plays in our world of technology, especially cyber. Stop putting labels on the problem; for example, the climate change world is a significant issue for us all. But we will call those who don’t believe “deniers.” What does that get us? A solution? Focus on innovation, education, and collaboration. Think about to what end are your energy and talent directed?
So the next time you hear the blame game becoming a litany stop and say, “let’s find the cause of the problem/issue together, and not go looking for scapegoats.”
You, as a leader in technology, especially in the area of cyber, want to be the one who sets the stage for examining cause and not culpability.