Leadership, Security Strategy, Plan, Budget

Security success means not solving every problem

Share
Supporting your colleagues and learning from their experience can free you up to engage in other ways, says leadership columnist Michael Santarcangelo. (ALotOfPeople/iStock via Getty Images)
Supporting your colleagues and learning from their experience can free you up to engage in other ways, says leadership columnist Michael Santarcangelo. (ALotOfPeople/iStock via Getty Images)

Growth and delivering value are both driven by solving problems. The key is solving the right problems, which means you don’t have to solve every problem.

Yet, we struggle through an endless series of distractions presented as problems or potential problems. It might even seem sensible to get involved early to solve minor problems before they get bigger.

Trying to solve all the problems — even when we convince ourselves it makes sense — prevents us from completing the priority efforts needed to deliver value.

All problems are not equal (or yours to solve)

Sometimes our perception of a situation creates the appearance of a problem that doesn’t exist and might not be a problem at all. Perhaps the problem doesn’t need a solution yet — and you need to focus on higher priorities. Often a different team is better suited to solve the problem, with the added benefit of allowing us to focus on solving our priority problems.

Naturally, this raises the challenge of what to do when our experience suggests a minor issue today is likely to develop into a big problem tomorrow. That’s where we figure out how to engage early enough to know when to take action.

Not all problems need a solution today

For example, a few months ago, a CIO I was working with asked the security team how they were handling IoT in their environment. The security leader’s response was entirely … forgettable.

That’s when the CIO explained he didn’t expect the security team to solve anything because the situation was too new and fluid. He clarified that he just wanted security to get the right people engaged, set some guardrails, and learn now to prevent future surprises.

Engage today to avoid future problems

Once you recognize you don’t have to solve every problem, you can get engaged in the right efforts with a light touch to support your colleagues and learn from their experience.

This also frees you up to focus more on building the relationships and gaining insights you’ll rely on in the future — regardless of who needs to solve the problem.

This is a smart way to avoid legacy debt, wasted work, and the resulting friction that erodes value, destroys trust, and burns people out.

Don’t let fear prevent you from delivering value

Too often, fear impedes problem solving and delivering value. Afraid of telling people “no” and getting labeled obstructionist, I’ve seen a lot of security teams take on too many of the wrong problems at the expense of priority problems.

Success in security comes when we solve the right problems, figure out where to get engaged before a problem arises, and know when another team is better suited to tackle a challenge. In the meantime, keep your head down to solve your priority problems and deliver value.

Michael Santarcangelo

Michael Santacangelo is the founder of SecurityCatalyst.com, author of Into the Breach, and creator of the leadership-driven Straight Talk Framework – with our favorite question, “What problem are you trying to solve?”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.