Moving complexity to the correct level: Thinking vs. Doing
Thinking vs. Doing is the application of the 75–25 rule, which means that 75% of your time should be spent in the planning phase — Thinking; and 25% of your time in execution phase — Doing. These are not firm numbers, but the point is a solid plan will lead to a shortened and more focused execution phase, and fewer iterations. Here I will walk you through applying the 75–25 rule, step by step.
The first step is to define your problem or question. Your Problem must include scope. Scope defines those things that are beyond the area of concern and what is inside the area of concern. For example, your boss says, “I don’t know what is going on in the network.”
Second step — decompose this on your own, put some though into it. What is really happening? Your boss is saying they need complexity moved to the correct level. They need a simple depiction of trends to refer to. This is an implied recurring task not a one-time look because they will want to measure improvement over time.
Third step — you need to establish a dialog to get after exactly what your boss means by this. Is it that they want information on sensor data of threat vectors? Do they want to know how many people are visiting your corporate web site? How reliable your network is, i.e. up and down time? Beware. If you can go directly to the source of the statement / question your product will more accurately reflect what is wanted. This is a fact because 1) Middle managers will put their own spin or bias on the question which could spin you off in a different direction and 2) as you have a discussion with your boss they will solidify, in their own mind, what they really want, and what they want may not be what they said at the time.
Fourth step — consider the expected outcome, the intent. This is different from the answer. You don’t want to presuppose an answer. What out come is desired from your work? Is it a report, a dashboard, are they telling you a new product is needed, or something else?
Fifth step — scope. As part of your conversation you learn the question dealt with Information on network sensor data. Go further, ask the question Why? The why will give you a lead on scope. They want the data so that they can find trends over time to improve the threat detection.
So, your scope now includes a factor of your network over time. Your answer needs to take into account, when deployment of sensors occurred, when patches and updates took place etc. These factors are part of your scope because your historical data will change over time. You will need to account for those changes because you will not be able to compare apples to apples. You can show the improvement of your sensor data or at least an increase of information that is directly related to implementation of additional products. An improvement in sensor data (more threats being detected) is not necessarily because attacks have increased. These types of relationships are a key to understanding the information you will present. Look for other relationships and how to depict them so they are easy to understand.
Sixth step— consider the cascading effects. O.K. so you have 15 products that deal with threat vectors. Wait. Let’s go back to our question. Do we want to know how many threats we are successful against? How many threats are getting through? How quickly you are identifying attacks and reacting to them? These questions go back to scope. This is not a linear process. As you go through the process your problem and scope will continue to be defined.
Once you have addressed those considerations go back to cascading effects, and try to address those. Can you identify overlaps in what your products are identifying? If you can do that, can you make recommendations about 1. products to eliminate, and 2. products that need to be optimized for your network. Remember the underlying goal of any business is to make money. As you iterate through this process, try to identify and reduce duplicative information, i.e. reduce duplicative information sources — data, and reduce duplicative products. That means if you can identify products that need to be optimized to assume the roles and functions of other products which then can be eliminated. Remember, eliminating products makes your network more simple, and cost less. In business any time you can save money for your business, is a win.
Now, you have completed your planning process, used about 75% of your time, you have a clear depiction of how to answer the original question, and specifically what your next steps are to do that. You can now start your execution phase. Additionally, because you have thoroughly scoped your question, and thought through the cascading effects, this has given you a deep analysis to present your solution. You have tackled the complexity and moved it to the correct level.