One of the bigger items looming on my TODO list since we arrived back in Cape Town a few years ago was going back to the gym.
When we were here previously, I had a pretty good rhythm: I went 3 times a week, I had a personal trainer (again, it’s South Africa, so this costs less than going out to dinner twice a week in other places), and I could run 5k in about 20 minutes. No, really.
However, once we came back, things never quite settled. There was lots of things going on, deals that didn’t quite go through, an unexpected new baby on the way, and a whole lot more scrambling than even I’d imagined would be required in my worst “drop me into a pit of writhing reptiles” Indiana Jones nightmare would’ve conjured up.
So, fast-forward almost 3 years later, and I’ve finally managed to get back on the horse. Now, 3 days a week, I’m back at the gym, trying to get rid of that extra girth, forcing my muscles to remember that they can actually do something besides lift children, and slowly – and not so easily – building up my ability to run again.
While this is a major achievement, it does require some zero-dark-thirty adventures. And lately, let’s just say with a teething two-year-old, I’m not exactly one of the most rested Dads in the world.
And this brings us to yesterday morning’s gym episode—complicated somewhat by 3 days of Stage 4 load shedding (2-3x a day without power for 2.5 hours) and the afore mentioned lack of z’s.
Thanks to very little sleep, I’d forgotten to set my alarm. Meaning I woke up about 30 min later than planned, but I still managed the gym.
However, since the school run is an appointment that doesn’t really appreciate it when you’re not on time, I decided I’d cut my post-run weight circuit a bit short.
It was also Monday, so those 2 days of rest gave my body false hope that I’d somehow come to my senses and would quit subjecting it to this gym nonsense. And the complaining during the run was mighty to say the least.
So, here I am, struggling doing things I’ve been doing now again for 3 weeks, going “WTF?” to myself: “Why is this so hard?” and blaming the lack of sleep.
After managing to do the basics, I’m putting back the dumbbells, and I see this older gent just watching me put back the weights.
At first, I didn’t pay any attention to him, but then over the Drowning Pool soundtrack in my headphones, I noticed he was talking to me.
So, I killed the music so I could hear him, and still with that “what the hell are you doing, moron?” look on his face he says to me:
“Did you know you had an 8 and a 10?”
And I looked down at the weights in hand.
Sure enough. He was right. Mismatched weights.
No wonder my left arm was bitching so much!
And no wonder he was looking at me so strangely, because he was searching all over for who had the missing weight he wanted.
Putting aside the fact that I don’t have arms like Thor (yet), and I’m not swinging around heavy weights every other morning, here’s the thing:
I was on autopilot.
I walked over to the same spot, on the same weight rack that I’d seen for the previous 3 weeks, picked up the weights and proceeded to get on with the same set of exercises I’d decided were the right place to start my long awaited Return of the Gym Jedi.
And then I was stunned because things were harder than I’d expected.
“How could I be struggling this much after this long, upping the reps and slowing them down?” going around and around in my head
With my left arm about to decide it liked lying on the floor better than trying to do what I wanted it to do.
So, while this kind of “autopilot” is a really cool feature of our brains when we’re stressed and tired to take away that conscious thinking, it’s not such a cool thing if you want to guarantee you’re getting the results you expect.
For that, you need some kind of checks and balances.
You need assurance.
Assurance that gives you the safety net to keep you from doing stupid things and/or getting less-than-stellar results.
You need assurance about the way you’re doing what you’re trying to do—process assurance.
And you need to have technical assurance to warn you when things you expected to have in place and working a certain way start to go pear-shaped.
I failed the process assurance test, because I skipped the step that says “check the stupid weights actually match the labels on the shelf.”
In this case, the results were pretty minor. In fact they were kinda positive, because my arm didn’t fall off, and it proved that I probably should’ve upped the weight sooner than I did if I wanted better results faster.
However, when you’re talking about validating the state of operational security controls. Or when you’re defining the security strategy and design that’s supposed to keep your organization out of hot water…
The impact can be a whole different level of pain than a sore left arm.
It can be the kind of thing that lets in the bad guys…
Or it can be the kind of thing that lands you a $50 million fine…
Or it can even be the kind of thing that leaks 80 million customer records to the criminal underbelly of the deep, dark interwebs.
I think it’s worth taking a moment to take a peek at the way you’re doing security assurance and see how effective that safety net is for you and your organization.
Now, you might run a tight ship that lives and breathes something like NIST 800-53A. Or you might have something less…rigorous…in place.
If you want to make sure you’re doing the right levels of assurance in the right places at the right time, I’ve never seen anything better than the SABSA framework to ensure that structure and APPROPRIATE rigor is in place—every time.
So if you aren’t happy with your level of comfort that your security processes and your security controls are showing up and doing EXACTLY what they need to do, this is just one more area where I can help as part of our Security Leadership coaching program.
Assurance is a pretty critical part of the puzzle, but it’s often the one that gets accidentally kicked under the couch.
Let’s make sure this isn’t happening to you.
Go here: https://archistry.com/go/SecurityLeader
And let’s talk about your assurance program today and make a plan to get it working the way it should to give confidence to you, the executive team and the board that everything is A-O-K.
Clock is ticking down towards the end of Q1, the end of March and the end of this offer.
I know I can help you improve your program.
https://archistry.com/go/SecurityLeader talks about some of the ways we’ve done it before, and we’ll keep doing it over and over again…
But only for those people who step up, seize the reins and decide they want to be better.
Until next time,
ast
—
Andrew S. Townley
Archistry Chief Executive
