I was attending a virtual gathering earlier this evening (my time) by someone I really respect who was talking about ways people react and can weather a crisis like we’re facing now. In it, he proposed a somewhat simpler, 3-stage model people tend to go though, and, like the others I shared last week, I think this one’s useful too.
Stage 1 – “Hair on fire” where the world shifts out from under you and you’re trying to figure out what it means to you and what you do. This one lasts from 1-3 weeks after each major shift.
Stage 2 – “Normal for now” where you settle into a new, temporary routine that lasts until the next shift may plunk you back to Stage 1.
And Stage 3 – “New normal” where things have finally settled enough that the stages between shifts are long enough that you can start to really work with the new reality with some level of confidence that it’s gonna stay that way.
However, the thing I want you to notice about those 3 stages is that there’s not one that’s called “the way things were before the crisis.” That’s not how it works. You can’t go back. You’re not Tony Stark who can figure out how to bend time without screwing things up—and neither am I.
All we can do is move forward.
The thing about what we’re facing right now is that, depending on where you are, you’re going to be in different stages than your peers…and possibly even your colleagues and your internal and external customers are based on our globally connected world and highly distributed teams and markets.
And you’re probably in a different stage than me…because our jobs are different, our markets are different, and our organizations are different.
One of the highlights to me of the call I was just on was 4 tips for the coming week—no matter what stage you’re in that will help you make sense of where you are, help you see clearly, and help you find a sensible way forward from where you are. They were:
- Breathe and connect – you need to be calm to think clearly, and clear thinking is what’s required right now more than ever. Leverage you network to really, genuinely connect with other people as humans to remember who we are and that we’re all in this together.
- Serve and lead – do the job you need to do for the people who count on you, both at home and in the office. While it isn’t clear we’re in a marathon yet, we’re certainly gonna have to carry the baton for more than 100m. It’s time to start thinking about what that will look like
- Give yourself time to learn and create – kinda difficult, I know, with multiple offices – and possibly schools, daycare and a pet hotel – now operating in the same space. However, this is time to grow into what you need to be tomorrow, because we’re never going back to where we were yesterday
- Conserve intelligently – hack and slash decisions will end up killing you. Sure, triage may be necessary—but it should be at least done with a nod to a new strategic direction…even if that’s a personal rather than a professional one
So why am I telling you all of this?
Well, a couple of things I’ve been reading over the last few days says that the tide is shifting in the C-suite from tactical to strategic based on the findings of a new bi-weekly CFO survey from PwC spawned by COVID-19. What they’re saying is that the contingency plans people have either enacted or are trying to frantically create are unlikely to survive as long as the immediate impact of the pandemic we’re all facing.
The summary I saw indicated that many of the CFOs surveyed are either already updating or in the process of thinking about updating their organizational strategies and shifting investments to address where they think the new normal may be in terms of both their markets and their business models.
This also aligns with a Fast Company piece I saw recently talking bout the necessity of investments in remote working technology to allow organizations to survive the pandemic might finally put in place the infrastructure required to make WFH and the global team much more viable across the organization—not just for selected people in IT and management positions.
All I know is that while the new normal is likely to be quite different than the old normal, if we as security aren’t ready to adapt the way we operate, the assumptions we hold today and the thinking we use to keep the organization safe, we’re going to drop the ball.
If you’re not ready to breathe because your hair’s still on fire, that’s fine. However, if you’re ready to challenge some of your assumptions about how security should work, what’s possible in your organization and where your focus should be, especially in relation to the way you use, secure and monitor your existing and future cloud services…
…that’s why I’m focusing the upcoming April issue of the paid Security Sanity™ newsletter on looking carefully at cloud security architecture and what that architecture means to enabling and protecting the organization overall. And this is just one of the topics I think need to be addressed to help you build a more effective security program in your organization, which is why I tackle a new one every month. If you’re subscribed, you’ll get your very own printed copy delivered to your door within the first couple of weeks of the month, and you don’t need to do anything new.
However, if you’re not already subscribed, and you’re ready to think differently about cloud security than you already do based on knowledge of the architecture guidance and reference models from the likes of CSA, Microsoft and NIST, then you’d better head on over to this link and ensure you subscribe before the end of the month:
Right now, I’m writing this from Cape Town, and as of 11:59pm on Thursday the 26th, we’re to be all locked down except to go to the hospital, the grocery store, buy fuel or visit the pharmacy for the next 21 days—and we can only do that if we’re wearing a mask. Since all other businesses requiring physical presences will be closed here, and potentially elsewhere in the world, I’m not quite sure yet about the logistics and whether my current printing supply chain is going to be available in the countries I print the newsletters.
If I need to make a new plan, you can be sure I’ll adapt accordingly, so I don’t want you to use that as an excuse for procrastinating if you’re thinking of subscribing. The other reason to make sure you don’t miss this issue is that I currently don’t offer back issues, so if you miss it, you’ve really missed it.
As always, whether it’s right for you depends on a lot of things. And if you’re not prepared to rip open the fancy white envelope, devour the contents and put it immediately to use in what you do, then it’s probably a waste of your money.
However, if you’re overwhelmed with the existing models, unsure of how to link them to the business in a meaningful way or integrate your enterprise security policies with your DevOps infrastructure-as-code, it might be just the thing to escape from the endless news cycle of anxiety about what could happen so you can make some intelligent decisions about what will happen in the areas you control.
It’s up to you.
Please stay as safe and healthy as you possibly can.
Andrew S. Townley
Archistry Chief Executive