• Look for the lessons and be a leader among the COVID-19 panic

    18 Mar 2020

    “The hardest thing to explain is the glaringly evident which everybody had decided not to see.” – Ayn Rand

    Interesting how the world has changed in the past couple of weeks, huh? Here in the U.S., we went from a thriving economy and living in what might be described as the best time to be alive to what seems like an abrupt halt – doom and gloom – all within a couple of weeks. Wow, that was fast!! It’s like society hit a wall – just crashed without rhyme or reason. As with any good crisis, the politicians and, of course, the media can’t let any of it go to waste. I suspect that this whole thing has been orchestrated and is a test of things to come in the future. Either way, it’s showing us just how weak our society can be…and how dependent on government  people are…and how seemingly very few see the big picture and think about their health until there’s a perceived crisis.

    I believe it was Peter Drucker who said that the only thing inevitable in the life of the leader is the crisis… Man-made or not, we’re certainly in a pickle right now….at least economically. Not unlike people’s run on toilet paper (weird!!) as well as vitamins C and D3, it seems that many businesses are scrambling in terms of IT and security right now, especially in the context of remote working.  Standards, policies, and technical controls that quite likely should have been in place years prior…are now being addressed.

    The world is on fire and nobody can figure out why…Still, it’s a predictable story...behaviors that drive most negativity in the context of security and, really, everything around the world are coming to the surface and so many are looking to others to tell them what to do. Not a good way to be…

    This world needs more leaders right now…people setting good examples both professionally and personally….including those who don’t think they’re in a position to lead. Many, many people are in such a position! The important thing is to stay calm. Think. Look at the facts and the real risks. Keep your chin up and your shoulders back and keep moving forward. You can apply this to this coronavirus situation and you can apply it to your information security program.

    What’s also important now is the reality of: change before you have to. Whether it’s IT, security, or any aspect of business or personal life – it’s incumbent on each individual to see what needs to be addressed and then take the appropriate steps to make it happen.

    We’re witnessing a LOT of fly by the seat of your pants reaction rather than mature, measured response right now.  In the context of security, this can be proactive steps related to areas such as:

    • -documentation (standards, policies, and plans)
    • -technical controls at the endpoints and across the network
    • -setting the expectations of users via ongoing training
    • -performing (or hiring someone to perform) vulnerability and penetration testing
    • -learning about sales, goal setting and management, and time management – three things that I know very few people in IT/security have taken a course in

    There’s always more you can be doing.

    As an IT/security professional, it’s incumbent on you to do the very things you know need to be done, when they need to be done, whether you feel like it or not…That’s the definition of true self-discipline and it’s the mindset you must have to get through the tough times. Ideally, starting today…well before the next crisis hits.

    Mel Robbins said “if the problem you’re facing can be solved with action, you don’t have a problem”. Your security problems can be solved with action. Ditto for most health problems. But it takes both the willingness to do what you know needs to be done and the discipline to see it through. Now is as good a time as ever to evaluate and improve your security program, including your incident response capabilities. Here are some resources for you:

    This is a link to pieces I’ve written on security management and oversight.

    This link is for a guide I wrote for SearchSecurity.com that can help with incident response.

    I certainly don’t envy you if you’re in charge of running an IT shop or information security program right now. Lots of moving parts! You’ve got this, though! And there’s no better time to address the opportunities than right now.

    As we all try to stay afloat professionally and remain healthy personally during this interesting time, the important thing is to see this as a teachable moment…look for the lessons so that we can become more resilient human beings. Use this time to get better…to become not only a better IT/security professional but also a resilient individual.

    Many eyes are glued to CNN right now. That’s fun and entertaining, I suppose. It helps those looking for excuses to argue for their own limitations. Many eyes will be on you the IT/security professional, however, in the coming weeks. You have the choice to 1) be a part of the solution and show others what you’re made of or 2) be a part of the problem and cower to (and be distracted by) the drama and panic around the world. I know which one I’ll be focusing on and I encourage you to do the right thing as well.