The Best Clock Builders Tell People What Time It Is -- Do You?

 

One of the greatest business books of the 20th century, Built to Last by Jim Collins, had a memorable chapter about leadership as the distinction between telling people what time it was versus building clocks. Here is the concept directly from Collins' website:

Leading as a charismatic visionary—a “genius with a thousand helpers”—is time telling; shaping a culture that can thrive far beyond any single leader is clock building. Searching for a single great idea on which to build success is time telling; building an organization that can generate many great ideas over a long period of time is clock building. Enduring greatness requires clock building.

In cybersecurity, building clocks is about you creating a cybersecurity function that is effective now and will grow with the evolution of threats. 

You were hired on Day 1 of your cybersecurity role as a problem-solver. Here is what was going through the hiring committee's collective heads (trust me, I'm a psychologist, I know these things):

We've got a potential cybersecurity liability and you are the person to lead us through our problems!

So you built a cybersecurity 'clock.' Good for you.

And there was a clock for employees, and one for the Board, and one for your team, and...oh dear...maybe you ended up with the situation as shown in the picture heading this post where there are different 'times' posted on the different clock faces.

Uh oh.

So now what time is it, hot shot?

We're going to disagree with Collins on this in terms of cybersecurity. The primary output of your & your team's cybersecurity efforts is the tangible implementation of what we at Pythia hold to be self-evident: cybersecurity is a line of business that creates value for the organization. One 'revenue stream' is "up time," which is the access to the system for authorized users and authorized purposes that cybersecurity is supposed to provide. The other revenue stream it creates is the right balance between security priorities and access that is reflected in the right level of spend for your program as it protects what leadership sees as its priorities.

Remember, cybersecurity is an expensive clock. It needs to tell the right time, every time. Both employees and customers need to know what time it is.

Ask us how you can create a cybersecurity clock that enhances your organization's ability to tell time.