I’ve been having some conversations lately about safety. In this case, it’s about personal safety, but it really doesn’t matter, because it applies generally.
Oddly, just last night I was thinking about it again.
It was rather hot here, the family was asleep, but it was cool outside. I ended up sitting in the garden, watching the moon, and I remembered something from my childhood.
As you may know, I grew up on a farm in Illinois, 5 miles away from the nearest town in either direction. We had one “pole light” that was situated between the house, the machine shed and an old milk house that in my day served mostly as a collecting place for discarded parts. It also was where the switch was to turn on the water to the closest cows.
Naturally, it was called a “pole light” because it was a big light at the top of a tall pole. But the thing about it was that because it was the only light around, if you were outside the circle it covered, it was dark.
Very dark.
The kind of inky black dark that naturally – if you were outside as a small child, 5 miles from nowhere and about 500 feet from the glowing warmth and safety of the house – was home to all manner of monsters and things that would jump out at you and calmly eat you for breakfast, lunch or dinner.
Anyway, on a regular basis, I had to go out at night and turn off the water pump otherwise a) the well would run dry or b) the water tank would overflow, and the well would still run dry. In either case, my dad wouldn’t be very happy because it might burn up the pump.
So one particular night, as I was exiting the circle of light, again stepping into the inky blackness between me and the switch for the pump, my child brain came to a decision:
“It’s really stupid to be afraid. My dad does this all the time. I’ve done it a lot. It’s our farm, there’s nobody around, and it’s perfectly safe.”
And in the early ‘70s, all the above were 100% true.
So, I made a conscious decision that I wouldn’t be afraid of the dark anymore.
Last night, thinking about some recent conversations, I was reminded of that decision when I was a kid and the conscious decision I made then.
This morning, the famous John, A. Shedd quote sprang into my mind:
“A ship in the harbor is safe. But that’s not what ships are for.”
With that quote in mind, let’s talk about fear, purpose and making decisions.
As you already know, fear exists as a result of our ancient origins and to keep us from getting eaten by things. Now, we know it kicks in quite often when we don’t need it to. You’re not going to make fear go away.
But you can understand it, and you can think about why sometimes it keeps us from doing things.
Fear gets in our way because at some level, we don’t believe the value of what we’re doing, the environment we’re in or what we’re trying to achieve is worth the discomfort it takes to make a conscious decision to say, “Yes, I’m afraid. And I’m going to do this anyway.”
I don’t care whether it’s standing in front of a crowd, deciding the fate of an organization or turning off a water pump for some thirsty cows.
Fear stops us because we aren’t willing to make the conscious, informed decision to understand what we’re really afraid of, assess it rationally, and then decide whether something is really worth doing or not.
When you move this dynamic from an individual perspective to an organizational perspective, it automatically becomes much, much harder to manage. It’s harder because you’ve now physically separated the parts that feel “the fear” from the parts that want something.
If you think about it, isn’t that exactly the dynamic in most organizations today when you look at the relationship between “security” and “the business”?
FUD is a common tactic not only because it works (for a while), but also because it’s the gut reaction from the people with the awareness of the fear to try and convey their understanding of the fear they see and feel to those that don’t. They try and do it as quickly and dramatically as possible, because, after all, if it doesn’t work, you might get eaten by a lion or something.
But the real problem comes back to the hard disconnect between the people who want something and the people who are aware and “afraid” of all the things that might happen if you try and do it.
My dad wanted a) the cows to have water and b) to keep the pump in working order. So he occasionally gave me the nighttime task of going and shutting it off.
From my perspective, there were potentially a lot of things that might go bump in that inky blackness, and, if it wasn’t my dad, and someone else had asked me to do it, I might’ve actually said, “No. I’m not doing it.”
But it was my dad, I knew it had to be done, and I knew why.
So I did it. I did the immediate task so that my dad’s objectives could be met.
And I did it because I understood (and eventually consciously decided), that my fears were manageable, and that I was the one in control of doing that.
Without a strong connection between “the business” and security, and establishing a reliable and credible way to understand both the objectives, the fears, and make a conscious decision about the best way to proceed, it’ll always turn into an argument of:
“Those damn security people are useless! They’re always slowing things down because they’re worried about things that could go wrong.”
vs.
“Those stupid business people just don’t get it! These threats are real. I have the stats to prove it, and we need to do X, Y and Z to keep the organization safe—even if that means we can’t do someone’s pet project!”
Impasse.
And one that MUST be solved because like ships, businesses weren’t built to sit around and be safe. They exist for some purpose, even if you think some of them are just about nothing but perpetuating “the evils capitalism” on the world.
Either way, they’re not going to be able to fulfill that purpose without taking risks that make us as security professionals “afraid” that we won’t be able to keep them safe.
Given the modern world, it’s impossible to be safe. Instead, we need to be prepared.
We need to be prepared in a way that we can communicate effectively to those we’re trying to support. And that message needs to inspire confidence that we can take the ship out of the dock and fulfill it’s purpose—and make it safely back again.
What did you do yesterday and today to inspire that confidence in your customers (“the business”), your team and yourself?
What are you going to do tomorrow?
If you aren’t sure, or you want some support along the way, let me know. I know I can help.
Here’s the link to get started: https://archistry.com/go/SecurityLeader
Happy Saturday,
ast
—
Andrew S. Townley
Archistry Chief Executive
