Complexity is the Killer of Achievement

Information Security is a daunting task.  With information and data flowing across countless systems, networks, and devices, protecting it from seemingly unending threats approaches the untenable.  

Along with the rapid evolution of the threat landscape is a flurried array of defense solutions.  Organizations are caught in a “more is better” approach, yielding a complex security stack that is not well integrated or utilized.   Emotional peace dwindles in the stress of value.  The lack of integration, attention, utilization, and understanding creates more vulnerable surface area as time elapses.  In the end, the inevitable questions begin: What are we getting from our stack? , Is this working? , Do we have the right solutions? , Are they implemented correctly? , Do we have the right people? … the list goes on, and the cycle continues…

The Cost is High

Multiple solutions, multiple dollars – this goes without saying, but what is often overlooked and at a minimum underestimated, is the cost of talent.  No matter how “NextGen”, “AI”, “ML”, or “Managed” something is, you must have engaged individuals to interact, utilize, and maintain it.

Just as much as buying isn’t a strategy, assigning isn’t a tactic when it comes to security operations.  It takes a multifaceted alignment.  Flooding an individual with data isn’t better, it’s demoralizing.  Generating alerts for a team isn’t visibility, it’s fatigue.

Simplify to Mature

It takes somewhere around 280 days for an organization to become aware of data loss. This number hasn’t significantly changed in proportion to the spend of defense solutions.  Is the fix, “just one more?”  The stack is tall and deep, but is it made of stone or sand?  We must stop the cycle of more is better, we must get lean and mean.  We must value high function over high capability.  To get there we start from the top and ask the right questions early and often. We must have a clear mission and clear assignments -- that are within our means.  The organization may have a different idea than what the investment will allow – you must level set.  Realistic expectations result in real results.  Competent management starts with realistic expectations and leadership to realistic results.  InfoSec is not a space to overpromise, delivery is hard!  In the end, this proper strategic alignment influences our buying and tasking decisions, all of which will benefit the organization and its employees.  Even though it’s not the “moon shot”, it is a solid foundation from which to mature. Focus on creating a high functioning team, supported by the right tools, not all the tools.

 

OCTELLIENT - Our mission: simplify information security. With a Business First approach, we want to help you and your organization get to your core priorities and make the most of your infosec investments.  Our goal is to be your side-by-side partner, working together to navigate a tailored infosec strategy and bring expert advice to your toughest challenges.

Ask us about Propulsion, Deepwater, and the 8-point Dossier

info@octellient.com

www.octellient.com

Previous
Previous

Pay Now, Pay Later

Next
Next

Are You Pickin’ up What I’m Puttin’ Down?