As with anything else, there is a science, skill, and methodology to manipulating a vehicle into speeds faster than the norm, and the failure of not understanding that typically has a devastating effect. For example, not understanding at what point of a curve to accelerate or brake can cause you to roll your vehicle, not understanding the dynamic force of an object in motion will cause you to lose control, and not understanding acceleration inertia delay will cause you to lose your race.
In cybersecurity, the same is true of a leader managing the objective of being effective in the face of speed. There are tools, skills, and a science to creating an effective approach to enable organizations to move fast and defend against an ever-changing opponent. Many elements can assist you in delivering against that objective, but the following are practical skills that you can start using today.
ELEMENTS OF FORCE MULTIPLICATION
The military has been using the term force multiplication since the beginning of organized military doctrine hundreds of years ago. The concept is relatively straightforward: Apply additional assets to your common core operating capability (people), and it accelerates and expands their effectiveness. For example, give an army the asset of intelligence, and its operating impact will be greater than it was before it had that information. Give ground forces the capability of GPS location, and they will be faster and more accurate than they were with the same amount of core resources prior to that technology.
As a practitioner in digital infrastructure leadership, you can enable your organization to strategically focus on the need for speed through the same use of force multiplication. By aligning to the elements of speed that most affect your mission scope, you can add levers that will multiply the abilities of your resources. Perhaps it's intelligence, automation, or new technology. In some cases, it may be the use of a third party or the ability to have access to data. Whatever it is, you have an opportunity to manipulate and accelerate your current capabilities to meet the need for speed through the simple application of resource elements, resource combinations, and resource alignment.
Inertia
Books have been written on the laws of motion, and great strides in science have been gained through the study of motion and speed. The fundamental laws of motion still apply, and the truth of the principle that “things in motion stay in motion” is undeniable. In the context of speed, cybersecurity, leadership, and your job, the ability to act fast starts with the basic ability to act. In this arena, inertia is counter to growing in capability and speed over time. Often, we wait too long to enable our organizations with capabilities because of limited funding, resources, or just wanting a plan that is 100 percent complete every time. This approach is not helpful, nor is it necessary, because it will inevitably result in being too late to begin to create a necessary capability at the time it is most needed.
A simple tool in the development of operational effectiveness in the face of speed is to create supporting services, resources, and capabilities aligned with the scope of your mission that will be most applicable in the core areas of prevention, detection, response, and recovery. The idea is not to create these capabilities at 100 percent, but rather to have a baseline operating framework, knowledge, and understanding that can be refined and used over time. By maintaining this aggregate line-level capability, ensuring you and your organization understand it, adding it to your concept of operations, and knowing not only how it is applied but how to grow it, you can implement resources faster than if you were starting from scratch. Even though they may be minimal in normal operations, your ability to grow them fast and apply them faster will be significantly greater than if you had to start from the beginning.
Prioritization
A key capability often missing in an organization's ability to execute at speed is its ability to prioritize. Although in our world, many if not most things seem to be equally critical, the reality is that there is always a pecking order and prioritization of action and attention, and recognizing that is crucial to making smart, informed, and rational decisions that enable speed. As an operational leader, you should always have these three priority lists on hand, updated, and ready to use in your decision-making process:
Critical Asset Protection Priorities. These are the assets, systems, processes, or functions that run your business. If you had only $100.00 to spend, what would you spend it on? This discussion should be inclusive of your business to ensure you understand what it takes to go to market, what enables your business to operate, and what key assets hold the most value to your company.
Risk Prioritization. This list is all about your focus. What projects are most critical to resolve your value-at-risk? Where can you deprioritize to affect other priorities, and where can you move resources to scale faster?
Urgent Action Defense Protocols. These are pre-negotiated/decided actions for when things go wrong. In layman's terms, which part of the body can I cut off to save the head? When catastrophic issues occur, timely decisions are necessary to prevent further catastrophe. Who can order the shutdown of a business line, and when? What thresholds require automatic action, such as turning a data center dark? Who has the authority to call law enforcement if needed? The most critical part is to get these hard-to-make decisions on paper, including what would trigger them, and ensure agreement across the entirety of the business on how to execute them.
GETTING ON THE HIGHWAY AND GETTING UP TO SPEED
In an era in which digital enablement means digital impact at breakneck speeds, it is hard to forget that the bad guys only need to get it right once, and we are responsible for getting it right every time. The education, innovation, planning, convincing, implementation, and management of “all of these things” that enable us to protect our businesses or agencies (especially at scale) don't lend themselves to the term speed. But that is exactly how we must retool our thinking and operations to ensure the digital success of a very digital economy. Through the five-step methodology of Learn, Test, Accelerate, Validate, and Repeat, we can continue to inch ourselves toward a more progressive capability that includes speed as a binding strategy to success.
Learn
Understand your organization's ability to adapt to and operate within strategies that incorporate speed as a fundamental requirement, and work those job functions and requirements into every job description. Create opportunities for education, practice, and innovation for speed in delivery, change, response, and, just as importantly, decision making.
Test
Test your processes to ensure that they meet the speed requirements your mission prioritizes and your operating environment requires. Until they are put to the test, theories are just theories. Unless you test, stretch, and ensure your ability to adapt and respond at speed, you will be operating on false expectations, which never has a good outcome.
Accelerate
Incrementally add capabilities to drive acceleration. Perhaps it's the use of automation in data collecting, or the use of automated analytics to churn through that data. Maybe it's shedding old technologies, programs, or services that are not part of your priority list that enables you to act faster. Whatever it is, first understand why you are making the change and then create a measure to ensure that the change is meaningful and effective. Finally, hold yourself and your organization