It doesn’t happen too often, but it happens enough to be something I want to mention today. The thing about problems – and especially problems we’re trying to solve as security professionals – is that it’s very easy to hide behind the veil of confidentiality as an excuse to avoid solving the problem. Because, if you’re facing the problem, and you’re annoyed enough about it to start talking about it…
…then you’re not really very happy with either your solution, or you’re not very happy with your approach to the problem.
Over the years, I’ve developed a bit of a litmus test that I use when talking to people, and this is independently of whether I think I can help them or not. But if, during the conversation, they say “I can’t talk about that,” or “I can’t discuss that here,” and you haven’t really gone into much more than saying, “I have a problem with X,” my suspicion is that you’re not really ready to solve it.
Because if you can’t describe the problem in a way that doesn’t require you dredging up the gory, proprietary or confidential aspects of the issue, then you clearly don’t know enough about the problem you have to come even close to solving it.
I have to chuckle at this with more junior security architects too. You say something like, “Oh, so you’re a security architect. What approach are you using?”
And they say, “I can’t tell you about it. It’s confidential.”
So, sure, there are these extremely rare – and extremely specific – areas where that may well be true. But as the typical security professional, I’m betting you’re not really working in those areas. And I know enough people who work with highly secret things to know what being politely told, “I can’t talk about it,” when it’s really true sounds like.
So there’s really two things here. The first thing is that most things aren’t as confidential and secret as you think. And if you don’t know the difference, or how to really make that call, then I don’t think you should be in any position with an “architect” after it. So, if you see people on your team who do this, you might want to edu-ma-cate them just a bit as to why whether you start with your left foot or your right…or whether you socks are green, blue or don’t match, probably isn’t something worth hiding from others you might be able to learn from—I suppose, unless you have some really dirty socks.
The second thing is that if you’re truly stuck on how to solve something, and you can’t explain it to your wife, dog, husband, guy, girl or bartender without fear of being thrown in prison…
…you haven’t yet thought about the problem enough to try to do anything.
Because if you start flailing around, taking action…
…or worse, confusing activity with actual progress…
…then you’re actually going to make it much harder to pull yourself outta the tar pit you’re in once you do finally understand how to think about a problem.
Most interesting problems – and most of the problems you’re going to face in your day-to-day security activities – don’t really have obvious and easy solutions—at least for you. You’re often too close to it. That’s why they’re “problems” and not “accomplishments.”
And sometimes thinking through those problems requires an outside perspective. Sometimes it doesn’t even need to be a security perspective if the person knows what they’re doing and is good at facilitating problem-solving analysis. But, when you can have both in the same package, it does tend to make it go faster.
So, whether you’re stuck trying to figure out where to go when you face a brick wall, you’re struggling to get a clear view of where you’re really falling short…
…or even if you’ve already done all that, but you just can’t come up with a good set of potential solutions that aren’t going to feel like you’re just spinning your wheels…
…it might be something I can help you with. Because really digging in to the kinds of problems you have with your security program or your security architecture efforts, uncovering the root causes, and helping you find and explore your options to decide the best way forward is exactly the essence of what we do when we work together as part of the Effective Security Leadership Coaching program.
If that’s you, and we haven’t talked about what you’re facing, maybe it’s time to schedule that call and see if working with me as part of the program is a good fit or not. Maybe it isn’t, and if that’s the case, we’ll figure it out pretty quickly on the call.
But if it is, then how much more time do you really have to be stuck on this problem when you could be putting it in the rear-view mirror and moving on to the next one?
If you aren’t tired of being stuck, then this link won’t do you any good. If you are, it could be the rope you’ve been missing that pulls you outta that tar pit. However, it’s not going to click itself, so if you’re ready, you’re gonna need to decide to do something about it.
Andrew S. Townley
Archistry Chief Executive