A very Happy Easter to you! I’m sure it’s quite different than your last one. So, for something to think about when either:
- your small children are bouncing off the walls more than usual thanks to the OD on Easter candy, or
- you’re able to just sit in your solitude and let yourself reflect on where you are in your security career and where you want to go next,
In today’s email, I want to talk about what I think is probably one of the most important, but which is, unfortunately, the most isolating skill successful security professionals have:
Staying out of the way.
Yesterday afternoon, I was listening to Ken McCarthy talk about breathing and how most people tend to do it all wrong. He also talked about the relationship between our breathing and our mental and physical states, and how this is one of the best ways we can get ourselves under control when the proverbial shite hits the fan and our fight-or-flight response has kicked into double-overdrive, making it difficult to focus, to think and to make decisions.
Now, I have to say that I knew a lot of it already, because in the dim and distant past, I used to sing…a lot. And, for a while, I even got paid for it, so, by the rules of the Olympic Committee, I’m a “professional”. Or, at least, I was. And the truth is, if you can’t breathe properly, you can’t sing properly either. It’s just impossible.
What Ken was explaining was that our breathing is actually most effective when we’re not thinking about it. Far too often, we’re told – and we tell ourselves to:
“Take a deep breath.”
And we make this huge, noisy effort of sucking air into our bodies, generally puffing out our lungs, and then, when it feels like we just can’t take any more, we relax and let the air blast out through our mouths.
The thing is…that’s not it. It’s not what we need to do.
We’re forcing it.
Now, sometimes this is necessary—like when we just can’t get our breath, or we’ve just run a marathon or something.
But, if we were to just get out of the way and let our breathing system do what it was designed to do, we ultimately get a lot more oxygen….
Not to mention, it’s a whole lot more efficient.
The principle to remember in this case is that air will rush in to fill a vacuum. If we do a good job building the vacuum, all we have to do is open the valve, and the physics will do the rest. We don’t have to do anything ourselves.
That’s why babies, puppies…and professional singers…all breathe from “their belly”, making their bellies puff out as they exhale…
…instead of forcing their lungs to puff out as we inhale.
Sure, it’s still work either way. But one way is integrated into the way the system works, and the other way is trying to make the system actually work in reverse.
It’s no wonder that the first one works better than the second.
Oh, and I should also point out that babies and puppies don’t think about their breathing, they just do it, and they do it right. The rest of us have “learned” how to breathe, but we’ve actually learned the wrong technique, and it ends up tripping us up when we really need it the most.
So, that critical security skill of staying out of the way ends up being very similar.
The ultimate way security can “stay out of the way” is by being as integrated and aligned with the organization you’re trying to protect as you possibly can. You literally “know it like the back of your hand,” and that’s why the 2nd Principle of The Agile Security System™ is “understand your customer’s world.”
And it’s only the 2nd one because the first one says: “Every decision we make, every day, is intended to deliver the mission and purpose of security,” where the mission and purpose of security is to keep the organization as safe as possible while we enable it to do whatever it’s trying to do.
It’s a lot more words than “staying out of the way”…
…but it ultimately means the same thing.
Because if we’ve done our job right…if we establish trusting and credible relationships with our security customers…if we intimately understand their world and what they’re truly trying to accomplish at a deep level…
…they really don’t have to tell us much.
All they need to say is where they want to go, and we’re there, dressed up in the butler suit, handing them their keys, and saying…
“Enjoy your trip, Madam.”
But…that’s not normally how we tend to approach the problem. The more standard approach to security kinda resembles crashing in the middle of the jungle with our security customer, hearing the growls and shrieks of the animals around us, adjusting our safari hat, tightly gripping the handle of our razor-sharp machete, and saying:
“Wait here, sir. I’ll cut us a path outta here.”
Only to leave them on their own, wondering where the hell we’ve gone as they get more and more anxious the louder the growls around them tend to get…
…sometimes never to return and actually deliver on our promises.
Now, as someone who’s been “doing security” for a very long time, and applying SABSA for almost 15 years now, I still work every day on learning more about the organizations, businesses and people I need to support…
…so I can help them the most…
…by staying out of their way.
Because when I do that, they’re able to focus on what they’re trying to accomplish—not the things I’m doing – or worse yet, asking them to do – to help them get there.
While it’s certainly possible to learn this skill and end up being “business aware” so you can ultimately deliver “business driven” security programs, it’s not generally very easy—nor is it something that “the experts” do much but tell you is important, and then tend to leave the “implementation details” for you to figure out on your own.
This sorry state of affairs is one of the main reasons I developed The Agile Security System in the first place, and then figured out how to teach you to use it – quickly and easily – in just 7 weeks, working 5-10 hours each week along with a live cohort of your peers, wherever in the world that they happen to be.
Maybe it sounds far-fetched, or maybe you don’t agree that what I’m talking about is the “killer, lifetime success skill” for security professionals. If that’s the case, it’s probably better if you give this one a miss, because I’ll surely only end up pissing you off when I tell you – over and over again – how important this is…
…and when we dedicate a good portion of the program to things you’re probably going to feel have nothing to do with “security” because I’m trying to teach you how to become hyper-aware of what you read and how to get inside the minds of your business customers.
It’s all stuff that’s a long way from social engineering, exploiting systems or configuring technical security controls. I mean, after all, that’s what cybersecurity’s all about, right?
However, if you’d like to start learning how to build and practice the “secret” security success skill of protecting and enabling the business by staying out of the way – in plain, practical terms – then I’d urge you to consider joining the next cohort that’ll kick off on July 6th, because there’s no time like the present…
…and there’s a good chance that a lot of what you thought you knew about your organizations and the businesses they were in may have changed by the time this crisis is over. So you’re not going to have a lot of time to figure out where security really needs to go next if you don’t want to slow down not only the recovery of your organization, but whatever their contribution will be to the recovery of the global economy.
To see if it makes sense for you, go here:
And, to make things easier for anyone ready to act or who’s seen their income as an individual contractor contract over the last couple of months and needs a bit of a break, if you register in the next 7 days, prior to 11:59pm US/Eastern on the 19th of April, you’ll get an extra $2,000 in your (or your organization’s) pocket vs. those that wait around, going back and forth and who are unable to make a definite decision, one way or another.
Either way works for me. I just want you to make the decision.
May the Easter Bunny deliver you smiles and happiness this year, because God knows, we need as many of those right now as we can get.
Stay safe,
ast
—
Andrew S. Townley
Archistry Chief Executive
