Since Cape Town’s weather has finally decided that summer’s really here, there’s less rain, more sunshine…
…and more flies.
One of the things I enjoy about both Cape Town (and Brazil, in fact) is that most of the time, during the day at least, you leave the house pretty open. The doors are all open and so are the windows. There’s great flows of breeze through the house, lots of light, and it’s a whole lot different than where I grew up in Illinois with screens on the doors, windows and sometimes even the whole porch.
Perhaps the reason this is possible is that there’s generally not as many flies as there was when I was growing up. Perhaps it has something to do with not raising all the livestock, but hey…it could be something else… 😉
But lately, there’s been a horde of buzzing black visitors around the house at most mealtimes, and it’s getting rather annoying. I guess they like the food.
However…that’s when it occurred to me that a lot of what security teams do is like that old English proverb:
“You can catch a lot more flies with honey than with vinegar.”
And as security professionals, let’s face it: there’s a lot more vinegar in what we do than honey. It’s kinda baked in to the way we have to think—or at least the way we’ve been told we need to think.
Words like “no”…”don’t”…”can’t”…and ”stop” are well-used and top of mind in our vocabulary.
This makes sense if we’re doing security for security’s sake. After all, if nobody can do anything, then we’re 100% secure.
But everybody knows that’s not really the goal…
…which is where the problem’s start.
As the “experts” we tend to think that we know best, because, well…we’re the extensively trained security professionals.
Which we often do. I mean, a lot of what we know is the equivalent of “look both ways before you cross the street” kinds of stuff—at least to us.
And so when we come across all “Security Police” and “Department of No”, we’re effectively drowning our real security customers in gallons of vinegar.
Needless to say…they don’t like that too much, and they tend to “run away” by either ignoring our advice and trying to work around us, or by being “unavailable” when we do try and manage to talk to them about what they’re trying to do.
To be effective, we need to take a different approach. The “honey” path (not to be confused with “honey traps,” mind you).
If we want to attract our customers to us, then we need to change not only the language we use when we talk to them, we also need to change how we think. Because if we don’t place any relevance, value or merit in what they’re trying to do…
…dismissing it as “reckless”…
…then they’re going to sense it, and we’re going to fail.
Because security fails when we stop the business and prevent the people we’re supporting from accomplishing what they want to do that will generate value for both the business and our ultimate external customers.
Of course, there are limits to this—when something they’re trying to do might well truly endanger the fate of the organization. But most of the time, we tend to overreact, and this just isn’t the case in reality.
If we change our attitude and demonstrate the we really are there to help – and that by projecting the right value of “security” into the minds of our ultimate customers we might actually give them a competitive advantage – then we’ll have more customer “flies” buzzing around us than we’ll be able to manage.
That’s the difference. And that’s ultimately the question I’m asking you: which bait are you using for your security customers…and how’s that working out for you?
If you’re not happy with your engagement and relationships with your internal security customers and want to really understand more about how they think and how to relate what we do to what they’re trying to achieve, then this is exactly what we’ll be covering in the two weeks of Module 2 from March 16th to March 29th in the next cohort of our flagship Building Effective Security Architectures learning experience.
Basically, the focus of this module is to give you a primer on business, customer value and how we can relate what we do better to what’s important to the organization and the individuals who we support every day.
Maybe you’re ok with how things work, and maybe you don’t think you can allocate the budget or the time it’ll take to join the course. That’s cool if you are.
But…if you’d like to be able to better relate what we do to actually generating revenue and customer loyalty for your organization, then I cover everything I’ve learned in 25 years about being customer focused – including as the founder of 5 startups – in a way that relates to building effective security architectures that support a truly effective security program that delivers the mission and purpose of security as part of the course.
It’s a serious time commitment that you’ll need to manage with your existing obligations and workload, and it’s not necessarily cheap either. However, if you want to make an investment in yourself and your security architecture skills to set you above most of your peers and be recognized as a leader in your team,
Here’s the link to join the next cohort: https://archistry.com/besa
Andrew S. Townley
Archistry Chief Executive