Set goals, diagnose challenges, and build your cybersecurity strategy with heavy contemplation of 1st, 2nd, and 3rd order consequences (such as exponential cost curves on team members and $$)
Building a cybersecurity strategy requires a full appreciation of the business direction, current technical assets, and the technology being developed and supported. Many organizations began with a strategy — a basic one built on fundamental elements, such as have good availability and ensure our operations execute as expected. Simple.
Today though, we as leaders are now sought in a strategy around our digital assets, technology solutions, and customer experience. These require a rebirth of your strategy and is an awesome opportunity for everyone involved. My experiences here have seen great and bad. Great where teams collaborate, innovate, and customer feedback is fantastic. Bad, well, usually they are just false starts — where isolated ideas never become operational realties or in other cases when textbook ideas don’t fit reality of a business.
Having been in the center of reboots and uniquely blessed to build such programs (generally around digital products, IOT, and currently serverless / Lambda), I found a principle that has benefited me repeatedly. A first principle of sorts, on how to approach a strategy development and activation (the initiation of a new strategy within an operating organization whether 10 teams or 5,000 teams), and it is best approached by asking how your strategy answers this question:
How much do you respond to 1st order consequences at the expense of 2nd and 3rd order consequences?
Your strategy analysis can be accomplished with this question answered, and in my experience, when you structure that approach in the following process. A process that creates laser focus on achieving your goals, but not rushing into activities without the above 2nd and 3rd order consequences considered!
To achieve your goals:
- Set Goals (high level, specific, prioritize)
- Identify and mitigate problems (resources, buy-in)
- Diagnose of root problems (Get to the nerve of the issue)
- Design plan (be practical and creative, not all things need to be fixed)
- Task and complete (tasks aren’t the goals, but require diligence to achieve goal)
Greater expansion on this idea is developed and articulated within the Management Principles of Ray Dalio of Bridgewater Capital, one of the most successful management companies in the world.