Wanna find a blueprint for a truly effective cybersecurity team? You could do a lot worse than watching the original Avengers movie a few (dozen) times.
Over the weekend, my kids (5 and 3) were on a bit of superhero kick, and I realized again how brilliant the first Avengers movie was—not just in the pacing, the character development and all the “normal” things, but about generally what it takes to be successful—even if you’re not one of the world’s mightiest superheroes.
And you too can take some of these lessons and apply them directly to your security program. Now, if you’re not the official leader of the whole thing, then I realize this might be a little trickier to implement. But, as you’ll see, if you want something bad enough, you’re always going to find a way. And it only takes making one decision to start.
In case you’ve been under a rock since 2011 or something, the Avengers tells the story of how the team by the same name came together to save the planet from an alien invasion of armored, flying slugs and pretty scary dudes wearing armor, toting laser rifles and riding sky chariots. The powers that be (PTB) didn’t really have much faith in the Avengers Initiative, so they were planning on using some alien technology to build some weapons of planetary destruction as a deterrent to anyone wanting to mess with the Earth.
Our heroes included:
Tony Stark, a.k.a., Iron Man – a hyper-narcissistic, egotistical and highly-arrogant yet brilliant inventor, engineer and scientist.
Steve Rodgers, a.k.a., Captain America – a “clean cut”, follow-the-rules super-solider raised in the pre-WWII idea of an America that clearly doesn’t exist at the moment in 2020.
Thor, son of Odin – space alien from Asgard worshiped as gods of the Nordics, who’s damn-near indestructible, able to command lightning and, despite falling for the smart, feisty Earth-girl, still has a chip on his shoulder the size of the Moon.
Bruce Banner – gamma-infused, gargantuan “Green Guy” who’s trying very hard to just play his part and keep from getting out of control so he doesn’t accidentally kill everyone.
Natasha Romanoff, a.k.a., The Black Widow – deadly smart, quick-witted, head-turning former assassin who’s perfectly comfortable conducting an effective interrogation while she’s the one tied to a chair in her stocking feet and a cocktail dress.
Now, if this is review for you, bear with me, because it all fits together. Because “the man” with the idea of the whole thing believes one thing enough to not only risk his career, his team and the fate of the entire world to get it done:
“The idea that you could bring together a group of remarkable people to see if they could be something more. To see if they could work together when we needed them to…to fight the battles that we never could.”
Maybe it’s just me, but that’s a pretty good description of the job our organizations expect us to deliver as security.
And, until about halfway through the movie, the idea was but the smallest drip in a pipe dream. Each individually excellent, yet determined to take their own approach. Bickering, sniping, in-fighting (verbally and, well…Hulk does kinda throw an airplane at Thor at one stage).
But, maybe the above description doesn’t sound anything like security teams you’ve ever met. Maybe I’m the only one to have seen this enough to make it a pattern. Either way, the problem was…
Something was missing.
Something essential to get these individuals to focus as a team and actually deliver that “something more” so critical to the idea behind the Avengers Initiative in the first place.
In the movie [spoilers ahead], that “something” was the death of one of the team, Agent Coulter, prior to the rousing speech above by Nick Fury.
In the dying words of Agent Coulter lay the problem: “We knew this was never gonna work if they didn’t have something.”
So, what’s your “something”? What is it that ties your security team together and unites them as an integral part of delivering the overall objectives of the organization you protect?
Because even if you don’t know what it is, then I’m guessing that you know it’s missing. You can feel it – maybe only subconsciously – but you still realize that something’s just not quite right. Something’s holding you back from becoming the individual and the team you can be.
When I sat down to figure out what made me tick after 14 years of doing security architecture and helping security teams transform their approach to truly align with the business, once I thought about it, it was obvious: it was what I call the mission and purpose of the effective security program:
“To enable the organization to deliver its own mission as quickly and safely as possible.”
And the rest of the 7 principles, 14 practices and 3 Baseline Perspectives™ of The Agile Security System™ all fell out of that one idea. It truly was almost effortless at that point. Once I’d focused my brain, then it became crystal clear how everything I’d done for 14 years of security architecture in my 25+ year career in Quality Assurance, Software Development, Solution and Enterprise Architecture, Management Consultant, Business Owner, Strategy Consultant, Chief Executive, Marketer—all of it.
It was clear how everything just fell into place.
Do you have that kind of clarity with what your security program really needs to do to enable and protect your organization beyond adopting frameworks, best practice and industry maturity models?
If you don’t, do you know how you’re going to get it?
And the second lesson from the Avengers is really about the kind of team you have and you’re trying to create. Do you have a team of “remarkable people”?
Mind you, by “remarkable” I don’t mean “certified” or “experienced” people. Those both are just labels that take time, and anyone can get them. They don’t say anything about whether they’re going to be actually relevant to you and your own mission.
I mean truly remarkable people who possess unique and powerful talents that they may or may not realize they have. People who are going to be the exact ingredients that, when shaken, not stirred, are set to become your own team of security superheroes?
If you don’t know what you’re looking for, then might I suggest you go have a quick review of the free sample issue of the Security Sanity™ newsletter you got when you joined this list. That tells you the kind of things they need to do, and armed with that knowledge, you can go find the people with the right mindset to fill those roles and align around a common vision…
…your vision…
…of what you want your security program to be.
Because, let’s face it, the challenges we face are many and often huge. Fights over budget. Small teams. Falling for the fallacy of the security talent shortage. Building credibility with our business customers. Understanding what our organizations truly do.
It’s tough.
And it’s even tougher if you don’t feel you have any support.
Maybe you already have a plan, and maybe you’re already executing that plan consistently…every day…and building that credibility…building your own personal skills and capabilities…and becoming the security professional and security leader you strive to be.
Or, maybe you’re finding it tough going. Maybe you’re feeing stuck here and there. And maybe, none of the “standard” and “approved” sources of insight and support are really doing it for you.
Potentially, I might be able to help you over some of those humps. Or, I might not…or you might not really be ready to tackle the kinds of problems the way my experience working with global organizations with revenues from $20+ billion tells me is actually what works…
…what needs to be in place to build an effective team that fights the unique security battles your organization faces every day.
The thing is, neither of us will know until we have a chat about it. And, if I can help, there’s a program I’ve found is the best way to do it called the Effective Security Leadership program. To find out more about it, the kinds of problems I’ve helped security teams tackle in the past, and to book the chat where we decide if it’s a good fit, you’ll want to visit this link:
https://securityleadershipcoaching.com
But, it won’t actually do anything to change your situation…to solve any of the problems you face…or make a decision about what may or may not work…
…if you don’t actually book that call.
Stay safe,
ast
