Prioritizing, exercising your liberty, and even living as a whole is about saying “no”.
I am a huge fan of saying “no”, and sometimes I feel like I do not say it often enough.
There is something about saying “no” that I learned from a colleague.
He was very eager to help.
Always.
A great guy with the mythical “Can do” attitude everybody likes.
The problem was not his attitude.
The problem was his time and ability.
He was not all-powerful and he was not all-knowing.
He was just a guy who overcommitted.
When someone overcommits, that person says “no”.
Even when he says “yes”.
The problem or the aggravating factor if you prefer, is the moment when “yes” transforms into “no”.
That happened when it was clear he could not deliver as promised.
Well, sometimes it happened one minute before the deadline.
Or even worse, after the deadline, when he was asked about the commitment.
Security management is about saying “no” as soon as possible.
The typical situation of any security manager is this: too many holes, only so many fingers.
A common conversation with a security manager goes like this:
– Do you know about X? X is a huge security problem. It is critical to solve it.
+ Yes. I know about X. Yes, it is a huge security problem. About whether it is critical to solve it… I am not so sure.
– How can you say X is not critical?
More often than not, the security manager is not solving X because the resources are allocated to solving Y.
Sometimes, it is possible or feasible to talk about Y and explain why X has to wait.
Sometimes, it is not.
Even when you say “We are not fixing X because we are fixing Y” you are probably not improving the situation.
You may get back something like “I have no idea what is Y, but I am pretty sure X is more important”.
Or you may get something like “OMG! Are you telling me we have not yet solved Y? What kind of company is this?”.
As I said, little chance of success.
I help companies solve their Xs and their Ys.
I also deal with those who un in circles claiming the sky will fall on our heads because X is not being taken care of.
That is the daily routine for security managers: making decisions, prioritizing, and saying “no” as soon as possible.
If you enjoyed this content, come to the newsletter. You will enjoy it even more.