Today I needed a little “pick-me-up” so I decided I’d go hunting for some of my favorite stand-up. Now, I’m old, which means, I’m kinda “old school” about this, so one of the clips I found was a classic Steven Wright quip:
“I woke up this morning, and I was folding my bed back into my couch. I almost broke both my arms, because it’s not one of those kinds of beds.”
And since right now, my brain is totally immersed in unlocking the mysteries of stakeholder interviewing so you don’t have to learn everything the hard way like I did, my brain just naturally made the connection, and this question came to me:
How many times is this what we feel like?
…I mean the “breaking both your arms” kinda thing because you’re desperately trying to do something at the wrong time…
…in the wrong way
…or at the wrong time.
And one of the other things I’ve been doing over the last couple of weeks was scouring the Interwebs for people talking about problems getting security requirements.
What I learned was that apparently, I’m the only person on the planet who ever had this problem. Everyone else seems to have it figured out.
I mean, yeah, you just get NIST 800-53, or the CSF, or ISO 270000000002…or 1…or whatever, and then you just use that. It’s like a checklist, and the more the merrier.
What could possibly go wrong?
But…
…after considering it a bit more, I figured, hell…I already have the thing half-written, so I might as well finish it. So there you go.
Back to breaking arms, though…
One of the things that’s pretty clear when you have the luxury to step back and really think about what you’re trying to do when you’re interviewing stakeholders is that you see pretty clearly that not all security stakeholders are the same.
Shocking, right?
But then…if this is so obvious, then why do we only have a pack of the same 10 questions that any kid working behind the counter at McDrive-Thru would ask. Seriously…
“Um…ok, that’ll be 10,000,000 widgets, $30 billion in revenue – hold the lawsuits – and a share price of $1,275 by Q3…
…you want security with that?”
Hence the pick-list approach.
But that’s not good enough—and it’s surely not good enough to get you the respect of your no-security peers, colleagues and customers.
It’s like Principle #2 of The Agile Security System™ we officially launched last month says: understand the customer’s world.
And each of our different customers has their own world—even though we all have the same logo on our ID badges. So we need to ask them different questions…
…and we need to be prepared to speak to them in different terms
…and, most importantly, we need to be prepared to give them the priority they deserve of the most precious thing we have…
Our time.
So, if you want to figure out how to unlock the interstellar gateway to better, more effective and more valuable stakeholder interviews, then you might want to go ahead and head on over to this link and subscribe before the September issue comes out:
Or…you can just keep breaking those arms. They do heal, but after a while, they’re gonna stop kinda looking like arms…
Stay safe,
ast
—
Andrew S. Townley
Archistry Chief Executive
