Building a Winning Security Program is a Process and It Takes Time to Implement All The Pieces.
We’ve kicked off the 2014 NFL season. As a New Englander, I’m one of the lucky ones who has experienced the type of winning streaks most other cities can only dream of. Sure, we didn’t beat the Dolphins on Sunday, but I’m not worried. We’ve reached double digit victories for the past dozen years.
How are they able to consistently succeed while others may grapple with up and down years? Every team has good players. In fact, the league is designed to ensure the teams with the worst records get the top picks the annual draft. I would argue that in professional football, consistency is the critical differentiator.
According to a report on NFL.com, the average time in job for the current 32 head coaches in the NFL is slightly less than four years. It’s hard to build continuity under inconsistent leadership. Luckily for the Patriots, Bill Belichick has been at the reins since 2000.
I’m sure by this point you are wondering what the heck this has to do with security. According to the Poneman Institute, the average employment duration for a chief information security officer (CISO) is 2.1 years. It’s also really hard to beat the hackers when the person responsible for keeping them at bay has less job security than an NFL coach with a losing record.
Building a winning security program is a process and it takes time to implement all the pieces. New priorities, new terminology and a new boss are not a quick fix.
We need to remember that in security, incidents happen. We must resist the urge to scapegoat the CISO whenever something goes wrong. This has become our version of firing the coach after a .500 season even though half the starters were out with injuries. Of course, like in any job, there may be times when a CISO simply isn’t a good fit for an organization. Otherwise, by staying the course, we can build stronger security teams who are familiar with the layout of the organization, have the experience to make the tough calls and the ability to identify the critical assets of the enterprise.
So, while I can’t guarantee that the Patriots will be the last team standing this season, I will assure you that they aren’t going 2 – 14 either. Continuity is a winning formula.
To read the complete article, please visit SecurityWeek at: