My son is on a bit of a dinosaur kick over the last few days. First it was the Lego version of Jurassic World on Netflix, and tonight, the book he picked was an amusing story called Tyrannosaurus Drip, where a reed-eating little guy who looks somewhat like a Parasaurolophus accidentally gets raised by a family of T-rex, and who, of course, saves the day and prevents his adopted family from feasting on his fellow hadrosaurs.
But it got me thinking about the one line in Jurassic World where they’re talking about the DNA splicing they did to bring the “normal” dinosaurs back to life on the island. Now, I don’t think I’m going to give away any spoilers here, but there was some scientific jiggery-pokery involved even before they genetically engineered the “suprasaurus” that nearly ate Manhattan.
What did they do?
Well, when you don’t know, you guess—or you find something “close”…
…and in this case, I think it was frog DNA they used to “fill in the gaps” for the missing patterns.
So why was I thinking about dino DNA?
Well…it’s not really a hyperspace leap to go from ancient animals to ancient organizations and outdated-security practices where it’s pretty clear in some cases there aren’t just “gaps” but rather large fissures in the way the security program actually plays out.
And, at least with the people I’ve been talking to recently, they know, and they’re spending quite a lot of time and effort into fixing it.
…but it’s just not quite gotten there. Because there’s something missing.
What’s that, you ask?
Well, it’s obviously the ability to discover the real DNA of the elusive organizatiosaurus that holds the true secrets to what security needs to do. And where are those secrets?
They’re in the minds of the “managers of managers” so often derided by technology people as not “getting it” and who naturally want nothing more than to have a flash-sale on the PII managed by the organization for the latest, business-driven pyramid scheme designed to weave the golden parachutes of the eternally disconnected and disinterested executive management team.
No?
Ok…well, maybe we’ll agree on “don’t get it” or “don’t care” and “don’t call me when it breaks” at least.
Unfortunately for us, our aptitude for discovering that elusive organizational DNA is really what will make or break any security program.
But it can be seen as a royal PITA or easily get tossed into the “too much work” or “no time today” piles, which is a pity.
Sure, you might need to step out of our comfort zone a bit to actually figure out how to connect with your business customers and ask them questions that don’t involve the words “cyber” or “threat” or “vulnerability” or anything of the sort.
And that does take a new vocabulary of sorts, and it also takes more than a few new concepts to get your head wrapped around.
But it isn’t the end of the world—especially when you have a system at your back doing its best to help you focus in the right places, and ask the right questions to the right people – the right “managers of managers” – that will eventually reveal…
…the organizational DNA you’re looking for.
Because if you have that, you can ask the right questions…
…and you understand how everything supports everything else…
…and once you do, you can connect the entirety of your world to the overriding concepts of time and money in the worlds of your customers…
…by only asking the right questions at the right times to the right people.
Sound too simple to be worth covering in the September issue of the print Security Sanity™ newsletter?
Maybe.
But the challenge so far this month hasn’t been trying to find stuff to put in…
…the challenge has been trying to figure out what I had to leave out.
All the powerful tools seem simple on the surface,
but they’re full of subtle nuance—and yes, I realize that’s a “very very” in disguise, which is precisely why I used it.
So if your organizational DNA decoder-ring needs a tune up, or your particular box of Cracker-Jacks was the one without the toy,
this is a skill you need to master if you want to become a true leader in security—whether that means you run the show or just a part. It’s a mandatory thing you need to be able to do.
You MUST be able to understand the worlds of your customers. And the September issue is all about ways you can do that, but the clock is ticking, since at the end of the month (only 3 more days), it goes to the printer, and if you miss it…
…it’s gone.
To make sure you get that snazzy envelope in your postbox in a week or so, depending on where you choose to send it,
go here: https://securitysanity.com
And mind “the gaps.”
Stay safe,
ast
—
Andrew S. Townley
Archistry Chief Executive
